Monday, March 17, 2008

xell-ds.xml encrypted

A solution to having the DB credentials in cleartext for OIM on jboss in the xell-ds.xml file.

Here is how to encrypt the password.

execute the following to get the encrypted data for the password:

cd to your jboss home directory (example: /opt/jboss-4.0.3SP1) and execute the following (replacing <password> with the actual password)

java -cp lib/jboss-jmx.jar:lib/jboss-common.jar:server/default/lib/jbosssx.jar:server/default/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule <password>


repace the contents of your xell-ds.xml file with the following (modify the connection-url to reflect your environment)
replace it with the following file contents
<?xml version="1.0" encoding="UTF-8"?>
<datasources>
<local-tx-datasource>
<jndi-name>jdbc/xlDS</jndi-name>
<connection-url>jdbc:oracle:thin:@some.corpdev1.bhatia.com:1575:dbidm</connection-url>
<driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
<!--new below in red -->
<security-domain>EncryptDBPassword</security-domain>
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
<check-valid-connection-sql>select 1 from USR where 1=2 </check-valid-connection-sql>
</local-tx-datasource>
<xa-datasource>
<jndi-name>jdbc/xlXADS</jndi-name>
<track-connection-by-tx>true</track-connection-by-tx>
<isSameRM-override-value>false</isSameRM-override-value>
<xa-datasource-class>oracle.jdbc.xa.client.OracleXADataSource</xa-datasource-class>
<xa-datasource-property name="URL">jdbc:oracle:thin:@some.corpdev1.bhatia.com:1575:dbidm</xa-datasource-property>
<!--new below-->
<security-domain>EncryptDBPasswordXA</security-domain>
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
<no-tx-separate-pools/>
<valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleValidConnectionChecker</valid-connection-checker-class-name>
</xa-datasource>
<mbean code="org.jboss.resource.adapter.jdbc.vendor.OracleXAExceptionFormatter"
name="jboss.jca:service=OracleXAExceptionFormatter">
<depends optional-attribute-name="TransactionManagerService">jboss:service=TransactionManager</depends>
</mbean>
</datasources>

Add the following to the login-config.xml file....
================================================================
<application-policy name="EncryptDBPassword">
<authentication>
<login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username">oim</module-option>
<module-option name="password">-34a58ed26f8d8263e0f4fadaae6c7657</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:name=jdbc/xlDS,service=LocalTxCM</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name="EncryptDBPasswordXA">
<authentication>
<login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username">oim</module-option>
<module-option name="password">-34a58ed26f8d8263e0f4fadaae6c7657</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:name=jdbc/xlXADS,service=XATxCM</module-option>
</login-module>
</authentication>
</application-policy>

courtesy:Patrick Dooley

Posted by Rajnish Bhatia at 12:17 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)