Como criptografar senha de Datasource no JBoss 4.3 EAP.

Nesse post ensinarei como configurar um datasource com senha criptografada no JBoss 4.3 EAP.

Dados utilizados no exemplo.

Diretório de instalação do JBoss: /opt/middle/jboss-eap-4.3/jboss-as
Instancia: JB01
Senha do banco de dados: password
JNDI do datasource: ExampleDS
Application Policy: EncryptExampleDS

  1. Exportando as variáveis de ambiente.

    export JBOSS_HOME=/app/jboss/jboss-4.3.0.GA_CP10/jboss-as
    export JBOSS_INSTANCE=JB01
    export DS_PASS=password

  2. Gerando senha criptografada.

    $ java -cp $JBOSS_HOME/lib/jboss-common.jar:$JBOSS_HOME/lib/jboss-jmx.jar:$JBOSS_HOME/server/$JBOSS_INSTANCE/lib/jbosssx.jar:$JBOSS_HOME/server/$JBOSS_INSTANCE/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule $DS_PASS

Resultado esperado:

$ java -cp $JBOSS_HOME/lib/jboss-common.jar:$JBOSS_HOME/lib/jboss-jmx.jar:$JBOSS_HOME/server/$JBOSS_INSTANCE/lib/jbosssx.jar:$JBOSS_HOME/server/$JBOSS_INSTANCE/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule $DS_PASS
Encoded password: 5dfc52b51bd35553df8592078de921bc
  1. Criando Application Policy.

Insira o usuário e password criptografado.

Arquivo: login-config.xml

<policy>
<application-policy name="EncryptExampleDS">
    <authentication>
        <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
            <module-option name="username">oracle</module-option>
            <module-option name="password">5dfc52b51bd35553df8592078de921bc</module-option>
            <!-- Use this managedConnectionFactoryName for non-XA datasource -->
            <module-option name="managedConnectionFactoryName">jboss.jca:name=ExampleDS,service=LocalTxCM</module-option>                
			<!-- Use this managedConnectionFactoryName for XA datasource --> 
            <!-- <module-option name="managedConnectionFactoryName">jboss.jca:name=ExampleDS,service=XATxCM</module-option> -->
        </login-module>
    </authentication>
</application-policy>

Datasource:

Arquivo: oracleds.xml

<?xml version="1.0" encoding="UTF-8"?>
<datasources>
<local-tx-datasource>
  <jndi-name>ExampleDS</jndi-name>
  <connection-url>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=10.0.0.1)(PORT=1521))(CONNECT_DATA=(SID=ORACLEDB)))</connection-url>
  <driver-class>oracle.jdbc.OracleDriver</driver-class>
  <security-domain>EncryptExampleDS</security-domain>
  <min-pool-size>5</min-pool-size>
  <max-pool-size>40</max-pool-size>
  <idle-timeout-minutes>1</idle-timeout-minutes>
</local-tx-datasource>
</datasources>

Repare que o datasource acima, nao contem as tags de username e password.

Existe apenas um Security Domain apontando para o Application Policy criado no passo anterior.

  1. Faca um restart do JBoss e valide o Datasource.

Abraços.

Show Comments