Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

How to configure secure DB password

(Based on the information from http://wiki.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords)

  1. Create encrypted password
    From command line in the JBoss installation location: 
    [Windows]
$ java -cp "lib/jboss-jmx.jar;lib/jboss-common.jar;server/default/lib/jboss-jca.jar;server/default/lib/jbosssx.jar"
org.jboss.resource.security.SecureIdentityLoginModule <required_db_password>
Encoded password: 234a8537d08918bbe8baca2bdb0ac31dc3bc376bef610c0a

[Unix-like]
$ java -cp "lib/jboss-jmx.jar:lib/jboss-common.jar:server/default/lib/jboss-jca.jar:server/default/lib/jbosssx.jar"
org.jboss.resource.security.SecureIdentityLoginModule <required_db_password>
Encoded password: 234a8537d08918bbe8baca2bdb0ac31dc3bc376bef610c0a
    (info) Note: <required_db_password> = your database password.
  2. Modify pacs-mysql-ds.xml for the database, and can be found in your dcm4chee installation directory under server/default/deploy/pacs-mysql-ds.xml. Note that if you're using a different database, the naming will be slightly different, e.g. pacs-psql-ds.xml. 
    <datasources>
 <local-tx-datasource>
  <jndi-name>pacsDS</jndi-name>
  <connection-url>jdbc:mysql://localhost:3306/pacsdb</connection-url>
  <driver-class>com.mysql.jdbc.Driver</driver-class>

  <!-- Remove/comment out the username/password information from here -->
  <!-- "PART TO BE COMMENTED / REMOVED"
    <user-name>username</user-name>
    <password>pw</password>
  -->

  <!-- "NEWLY INCLUDED PART" -->
  <!-- Use the security domain defined in conf/login-config.xml -->
  <security-domain>EncryptDBPassword</security-domain>

  <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
 </local-tx-datasource>
</datasources>
  3. Modify login-config.xml (server/default/conf/login-config.xml) 
    <policy>
  <!-- Example usage of the SecureIdentityLoginModule -->
  <application-policy name="EncryptDBPassword">
    <authentication>
      <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
        <module-option name="username">admin</module-option>
        <module-option name="password">234a8537d08918bbe8baca2bdb0ac31dc3bc376bef610c0a</module-option>
        <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=pacsDS</module-option>
      </login-module>
    </authentication>
  </application-policy>
</policy>

(info) NOTE: The above configuration is for MySQL server. For all other databases, the proper name of the DB's jndi name has to be specified in the name parameter of the managedConnectionFactoryName. Ex: for MS SQL Server, substitute 'MySqlDS' with 'MSSQLDS'.

(info) NOTE: You will need to make the same modifications to your ARR datasource file.

Contributors: Vladimir Kleper and Pat Mongkolwat

  • No labels