Reference: https://community.jboss.org/wiki/JBossAS7SecuringPasswords
What we need?
- JDK installation
- Setting of JAVA_HOME Environment Variable
- Creation a KeyStore
- JBoss AS 7.1.x installation
Step 1 JDK Installation
Please go to http://java.com and download JDK installation for Windows. (Remember you need JDK installation and not JRE).
I tested this on Windows 7. I downloaded and installed JDK 1.6.0_31 from http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u31-download-1501634.html
I installed JDK6 in c:\Java directory.
Step 2 Setting of JAVA_HOME Environment Variable
I tested this on Windows 7. So your mileage may vary depending on whether you are on XP, Vista, Win7 etc. Please google and you will find instructions for your version of windows. They are pretty close.
- I went to Control Panel.
- Searched for "Environment".
- Chose the "Edit the system environment variables"
- I went into Advanced -> Environment Variables
- I created a new environment variable called JAVA_HOME and set the value to c:\Java\jdk1.6.0_31
- In the PATH environment variable, I appended %JAVA_HOME%\bin; (remember to add ; at the end)
- Run -> cmd
- Type java and you should see a bunch of options rather than "Java is not recognized"
Step 3 Create a Keystore
I created a directory called keystores in c:\
C:\>md keystores C:\>cd keystores C:\keystores>keytool -alias vault -keyalg RSA -keysize 1024 -keystore vault.keys tore Usage error: no command provided Try keytool -help C:\keystores>keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore va ult.keystore Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: PicketBox Vault What is the name of your organizational unit? [Unknown]: PicketBox What is the name of your organization? [Unknown]: JBoss What is the name of your City or Locality? [Unknown]: Chicago What is the name of your State or Province? [Unknown]: IL What is the two-letter country code for this unit? [Unknown]: US Is CN=PicketBox Vault, OU=PicketBox, O=JBoss, L=Chicago, ST=IL, C=US correct? [no]: yes Enter key password for <vault> (RETURN if same as keystore password): C:\keystores> C:\keystores>dir Volume in drive C is Directory of C:\keystores 03/26/2012 11:58 AM <DIR> . 03/26/2012 11:58 AM <DIR> .. 03/26/2012 11:58 AM 1,359 vault.keystore
That is it.
Step 4: JBoss AS 7.1.x Installation and Vault Interaction
I downloaded JBoss AS 7.1.1.Final.zip and extracted it into c:\jboss-as-7.1.1.Final
We will use the vault.bat script in the bin directory of JBoss AS.
c:\jboss-as-7.1.1.Final\bin>vault.bat not defined java ========================================================================= JBoss Vault JBOSS_HOME: c:\jboss-as-7.1.1.Final\bin\\.. JAVA: C:\Java\jdk1.6.0_31\bin\java VAULT Classpath: c:\jboss-as-7.1.1.Final\bin\\..\modules\org\picketbox\main\*; c:\jboss-as-7.1.1.Final\bin\\..\modules\org\jboss\logging\main\*;c:\jboss-as-7.1 .1.Final\bin\\..\modules\org\jboss\common-core\main\*;c:\jboss-as-7.1.1.Final\bi n\\..\modules\org\jboss\as\security\main\* ========================================================================= ********************************** **** JBoss Vault ******** ********************************** Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Ses sion 2: Exit 0 Starting an interactive session Enter directory to store encrypted files (end with either / or \ based on Unix o r Windows:c:\vault\ Enter Keystore URL:c:\keystores\vault.keystore Enter Keystore password: Enter Keystore password again: Values match Enter 8 character salt:12345678 Enter iteration count as a number (Eg: 44):50 Please make note of the following: ******************************************** Masked Password:MASK-5WNXs8oEbrs salt:12345678 Iteration Count:50 ******************************************** Enter Keystore Alias:vault Mar 26, 2012 12:59:55 PM org.jboss.security.vault.SecurityVaultFactory get INFO: Getting Security Vault with implementation of org.picketbox.plugins.vault. PicketBoxSecurityVault Obtained Vault Initializing Vault Mar 26, 2012 12:59:56 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init INFO: Default Security Vault Implementation Initialized and Ready Vault is initialized and ready for use Handshake with Vault complete Please enter a Digit:: 0: Store a password 1: Check whether password exists 2: Exit 0 Task: Store a password Please enter attribute value: Please enter attribute value again: Values match Enter Vault Block:ds_ExampleDS Enter Attribute Name:password Attribute Value for (ds_ExampleDS, password) saved Please make note of the following: ******************************************** Vault Block:ds_ExampleDS Attribute Name:password Shared Key:YzU5MDJiMjUtNjJiMy00NTBlLThkYTgtNTUxZDA0ZmI2M2IzTElORV9CUkVBS3ZhdWx0 Configuration should be done as follows: VAULT::ds_ExampleDS::password::YzU5MDJiMjUtNjJiMy00NTBlLThkYTgtNTUxZDA0ZmI2M2IzT ElORV9CUkVBS3ZhdWx0 ******************************************** Please enter a Digit:: 0: Store a password 1: Check whether password exists 2: Exit 1 Task: Verify whether a password exists Enter Vault Block:ds_ExampleDS Enter Attribute Name:password A value exists for (ds_ExampleDS, password) Please enter a Digit:: 0: Store a password 1: Check whether password exists 2: Exit 2 c:\jboss-as-7.1.1.Final\bin>
As you can see, we have used the vault.bat script successfully to interact with the vault.
Please refer to https://community.jboss.org/wiki/JBossAS7SecuringPasswords to configure the domain model (standalone.xml or domain.xml) for the attributes that are masked.
Comments