How to encrypt plaintext passwords in JBoss

By default, database connections for the JBoss A8 are defined in *-ds.xml, and include clear text passwords. You can, however, replace it with encrypted passwords.

There is no need to change your source code. The class org.jboss.resource.security.SecureIdentityLoginModule can be used to both encrypt database passwords and to provide a decrypted version of the password when the data source configuration is required by the server.

Step 1: Encrypt a datasource password

Open cmd.exe, change directory to the JBoss directory and execute the following command:

java -cp client\jboss-logging.jar;lib\jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule MyPLaintextPASSWDRD
This command will return an encrypted password like this:

Encoded password: ia744dc3700000125ff73cfb98e94f3e3


Step 2: Create an application authentication policy with the encrypted password

Open conf/login-config.xm1 file, add a new <app1ication-policy> element to the <policy> element, put the encoded password generated in step 1 into the <module-option name="password"> element

    <policy>
    <app1ication-policy name="EncryptDBPassword">
    <!- An arbitrary name
    <authentication>
    <1ogin-module code="org.jboss.resource.security.SecureldentityLoginModule" flag="required">
    <module-option name="username">dbUser</module-option>
    <module-option name="password">SdchZbSlbd35553364dSdc275fdfe9b</module-option>
    <module-option name:"managedConnectionFactoryName">jboss.jca:namezpostgresDS,servicezLocalTxCM
    </module-option>
    </login-module>
    </authentication>
    </app1ication-policy>
    </policy>

Step 3: Configure the data source to use the application authentication policy:

Open your data source configuration file: '-ds.xm1 and replace <user-name><password> element with a (security-domaim element. It will contain the application authentication policy name specified in Step 2.

<datasources>
<connection-ur1>jdbc:sqlserver://1oca1host;databaseName=abcde
</connection-ur1>REPLACED WITH security-domain BELOW
    (user-name>dbUser</user-name>
    <password>MyPlaintextPassword</password>
<security-domain>EncryptDBPassword</security-domain>
</datasources>
Location: Eagan, MN, USA

Comments

Post a Comment

Popular posts from this blog

Simple Invoice Creation With Jasper Report

Image
<?xml version="1.0" encoding="UTF-8"?> <jasperReport xmlns="http://jasperreports.sourceforge.net/jasperreports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jasperreports.sourceforge.net/jasperreports http://jasperreports.sourceforge.net/xsd/jasperreport.xsd" name="invoicePdf" pageWidth="595" pageHeight="842" columnWidth="535" leftMargin="30" rightMargin="30" topMargin="30" bottomMargin="50">     <property name="ireport.zoom" value="1.5"/>     <property name="ireport.x" value="0"/>     <property name="ireport.y" value="140"/>     <property name="ireport.callouts" value="##Fri Mar 30 16:17:30 NPT 2012"/>     <style name="table">         <box>             <pen li
Read more

Dynamic Image in Jasper Report

jrxml content <image>                 <reportElement x="5" y="5" width="200" height="90"/>                 <imageExpression class=" java.awt.Image "><![CDATA[$P{logo}]]></imageExpression>             </image> Java Code to convert image from URL into BufferedImage        URL url = new URL("http://localhost/image/image.jpg");         // Read the image ...         InputStream inputStream = url.openStream();         ByteArrayOutputStream baos = new ByteArrayOutputStream();         byte[] buffer = new byte[1024];         int n = 0;         while (-1 != (n = inputStream.read(buffer))) {             baos.write(buffer, 0, n);         }                 baos.flush();         byte[] imageInByte = baos.toByteArray();         baos.close();         // convert byte array back to BufferedImage         InputStream in = new ByteArrayInputStream(imageInByte);         BufferedImage
Read more

Auto Increment Oracle Table Id Mapping With JPA Entity

When you create entities file of the mysql table with JPA, auto increment field 'id' is mapped as follows.     @Id        @GeneratedValue(strategy = GenerationType.IDENTITY)     @Basic(optional = false)     @NotNull     @Column(name = "id")     private Long id; However, Oracle doesn't support auto increment. Hence sequence generator is set up for the field id of table. The respective entity mapping for 'id' should be changed as below.     @Id        @GeneratedValue(strategy = GenerationType.IDENTITY)     @Basic(optional = false)     @NotNull     @Column(name = "id")     private Long id;     @SequenceGenerator(initialValue=1, sequenceName="INVOICE_SEQ",allocationSize=1,name="invoice_seq_name")     @GeneratedValue(generator="invoice_seq_name")
Read more