화요일, 2월 04, 2020

How to encrypt datasource password in JBoss EAP 7.x Case 2

How to encrypt datasource password in JBoss EAP 7.x Case 2

Test Environment

  • Test Version : JBoss EAP 7.2

Set Up a Password Vault

Case 2

Encrypt the data source password.
use below command to encrypt database password,

Case1

#!/bin/sh
echo "####################################"
echo database password changes Encoded
echo -e        " password : \c "
read PASSWORD
echo "####################################"

/SW/was/java1.8/bin/java -cp $JBOSS_HOME/modules/system/layers/base/org/picketbox/main/picketbox-5.0.3.Final-redhat-3.jar:$JBOSS_HOME/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.3.2.Final-redhat-00001.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule $PASSWORD
  • Run View

    password1

Case2

#!/bin/sh

# config setting
export JAVA_HOME="/SW/was/java1.8"
export PATH="/SW/was/java1.8/bin":$PATH
JBOSS_HOME="/SW/was/JBoss7.2"
OVERLAY_DIRECTORY="$JBOSS_HOME/modules/system/layers/base/.overlays"

# password 
echo ""
read -p " password : " PASSWORD
echo ""

if [ -d "$OVERLAY_DIRECTORY" ]; then
    PATCH_SUBDIRECTORY=$(ls -dt $OVERLAY_DIRECTORY/* | grep "CP" | head -n 1)   
    echo patch subdirectory is: "$PATCH_SUBDIRECTORY"
    SEARCH_DIRECTORY="$PATCH_SUBDIRECTORY/org/picketbox/main"
else
    SEARCH_DIRECTORY="$JBOSS_HOME/modules/system/layers/base/org/picketbox/main"
fi

export CLASSPATH=$(find $(cd "$SEARCH_DIRECTORY"; pwd) -name "*.jar" -print | tr '\n' ':')$CLASSPATH

echo "####################################################"
java org.picketbox.datasource.security.SecureIdentityLoginModule "$PASSWORD"
echo "####################################################"
echo ""
  • Run View

    password2

Security Doamin

  • Add Security Doamin

    Secutity1
  • Add Authernticatgion Module

    Secutity2
  • Module Option(key=value)

    Secutity3

    Secutity4
  • Add Datasource > Security > Security Domain

    Secutity5
  • Test Connecation

    Secutity6
  • Standalone.xml or domain.xml 에서 직접 수정시 아래 내용 참고.
               <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
                    <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
                    <driver>h2</driver>
                    <security>
                        <security-domain>encryptedSecurityDB</security-domain>
                    </security>
                </datasource>
.
.
.
                <security-domain name="encryptedSecurityDB" cache-type="default">
                    <authentication>
                        <login-module name="encryptedSecurityDB" code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                            <module-option name="username" value="sa"/>
                            <module-option name="password" value="9fdd42c2a7390d3"/>
                            <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM"/>
                        </login-module>
                    </authentication>
                </security-domain>

0

0 Comments:

댓글 쓰기