How to encrypt plaintext passwords in JBoss
By default, database connections for the JBoss A8 are defined in *-ds.xml, and include clear text passwords. You can, however, replace it with encrypted passwords.
There is no need to change your source code. The class org.jboss.resource.security.SecureIdentityLoginModule can be used to both encrypt database passwords and to provide a decrypted version of the password when the data source configuration is required by the server.
Step 1: Encrypt a datasource password
Open cmd.exe, change directory to the JBoss directory and execute the following command:
java -cp client\jboss-logging.jar;lib\jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule MyPLaintextPASSWDRD
This command will return an encrypted password like this:
Encoded password: ia744dc3700000125ff73cfb98e94f3e3
Step 2: Create an application authentication policy with the encrypted password
Open conf/login-config.xm1 file, add a new <app1ication-policy> element to the <policy> element, put the encoded password generated in step 1 into the <module-option name="password"> element
<policy>
<app1ication-policy name="EncryptDBPassword">
<!- An arbitrary name
<authentication>
<1ogin-module code="org.jboss.resource.security.SecureldentityLoginModule" flag="required">
<module-option name="username">dbUser</module-option>
<module-option name="password">SdchZbSlbd35553364dSdc275fdfe9b</module-option>
<module-option name:"managedConnectionFactoryName">jboss.jca:namezpostgresDS,servicezLocalTxCM
</module-option>
</login-module>
</authentication>
</app1ication-policy>
</policy>
Step 3: Configure the data source to use the application authentication policy:
Open your data source configuration file: '-ds.xm1 and replace <user-name><password> element with a (security-domaim element. It will contain the application authentication policy name specified in Step 2.
<datasources>
<connection-ur1>jdbc:sqlserver://1oca1host;databaseName=abcde
</connection-ur1>REPLACED WITH security-domain BELOW
(user-name>dbUser</user-name>
<password>MyPlaintextPassword</password>
<security-domain>EncryptDBPassword</security-domain>
</datasources>
There is no need to change your source code. The class org.jboss.resource.security.SecureIdentityLoginModule can be used to both encrypt database passwords and to provide a decrypted version of the password when the data source configuration is required by the server.
Step 1: Encrypt a datasource password
Open cmd.exe, change directory to the JBoss directory and execute the following command:
java -cp client\jboss-logging.jar;lib\jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule MyPLaintextPASSWDRD
This command will return an encrypted password like this:
Encoded password: ia744dc3700000125ff73cfb98e94f3e3
Step 2: Create an application authentication policy with the encrypted password
Open conf/login-config.xm1 file, add a new <app1ication-policy> element to the <policy> element, put the encoded password generated in step 1 into the <module-option name="password"> element
<policy>
<app1ication-policy name="EncryptDBPassword">
<!- An arbitrary name
<authentication>
<1ogin-module code="org.jboss.resource.security.SecureldentityLoginModule" flag="required">
<module-option name="username">dbUser</module-option>
<module-option name="password">SdchZbSlbd35553364dSdc275fdfe9b</module-option>
<module-option name:"managedConnectionFactoryName">jboss.jca:namezpostgresDS,servicezLocalTxCM
</module-option>
</login-module>
</authentication>
</app1ication-policy>
</policy>
Step 3: Configure the data source to use the application authentication policy:
Open your data source configuration file: '-ds.xm1 and replace <user-name><password> element with a (security-domaim element. It will contain the application authentication policy name specified in Step 2.
<datasources>
<connection-ur1>jdbc:sqlserver://1oca1host;databaseName=abcde
</connection-ur1>REPLACED WITH security-domain BELOW
(user-name>dbUser</user-name>
<password>MyPlaintextPassword</password>
<security-domain>EncryptDBPassword</security-domain>
</datasources>
Comments
Post a Comment