7 Replies Latest reply on Oct 24, 2012 11:48 AM by ctomc

    Password Masking

    acid66

      Hello,  I am very new to jboss and I am attempting to mask a plaintext password.  I have followed the steps in http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Masking_Passwords.html but I don't know how to actually replace the plaintext password with the mask.

       

      The password I'm trying to replace shows up like this:

       

      <Connector protocol="HTTP/1.1" SSLEnabled="true"

                 port="${jboss.web.https.port}" address="${jboss.bind.address}"

                 scheme="https" secure="true" clientAuth="false"

                 keystoreFile="keyStoreFile.keystore"

                 keystorePass="plaintextPassword" slProtocol="TLS" />

       

      From what I gather I need to add something like:

       

      <annotation>@org.jboss.security.integration.password.Password(securityDomain=JBOSS_PASS_MASK,methodName=setKeystorePass)</annotation>

       

      but I do not understand where to add that/what to change.

       

      Any help would be appreciated, thanks!

        • 1. Re: Password Masking
          ctomc

          Hi,

           

          you are looking at wrong docs, that is for AS6 not AS7

           

          what you need is described

          https://community.jboss.org/wiki/AS7UtilisingMaskedPasswordsViaTheVault

          and https://community.jboss.org/wiki/JBossAS7SecuringPasswords

           

           

          --

          tomaz

          1 of 1 people found this helpful
          • 2. Re: Password Masking
            acid66

            Thank you...I actually need the info for JBoss AS6 so I am going to post in a different forum.  Sorry for the mis-post.

            • 3. Re: Password Masking
              rareddy

              Hi,

               

              Does "valult" mechanism for masking the password work for "resource-adaptor" too? if, so is there an example?

               

              We use "resource-adaptors" extensively in Teiid project would like have this feature if this is not already supported.

               

              Thanks.

               

              Ramesh..

              • 4. Re: Password Masking
                ctomc

                Hi Ramesh,

                 

                it works for any attribute that supports expressions.

                 

                to my knowledge most of the attributes in RA subsystem support this.

                 

                but if you have any specific attribute in mind i can check

                 

                if it doesn't let me know i will make sure it will in future

                 

                 

                --

                tomaz

                • 5. Re: Password Masking
                  rareddy

                  Tomaz,

                   

                  Can you elaborate on the "attribute that supports expressions"? I am not sure what it means. How can I provide the metadata on "config-property" such that it checks for vault specifics?

                   

                  Thank you.

                   

                  Ramesh..

                  • 6. Re: Password Masking
                    rareddy

                    Tomaz,

                     

                    I found "expression"  on the OperationContext.resolveExpressions, I get it now.

                     

                    Thanks

                     

                    Ramesh..

                    • 7. Re: Password Masking
                      ctomc

                      Hi,

                       

                      yes OperationContext.resolveExpressions is low level method that provides that.

                      but to properly use it it is bit more work in short if you use AttributeDefinition

                      calling AD.resolveModelAttribute(context,model)

                      will give you resolved expression for that attribute.

                       

                      but AttributeDefinition must be defined to properly support expressions (SimpleAttributeDefinitionBuilder#allowExpressions(true))

                      and also when parsing from xml you need to call AD#parseAndSetParameter

                       

                      ping me on #jboss-as7 we can more easily reslove any more question you might have about expresions

                       

                      --

                      tomaz