We setup our jboss7.1.3 to use encrypted datasource passwords:
<datasources>
<datasource jndi-name="java:/SomDS" pool-name="SomeDS" enabled="true" use-java-context="true">
.....
<security>
<security-domain>some-encrypted-ds</security-domain>
</security>
</datasource>
...
| <security-domain name="some-encrypted-ds" cache-type="default"> |
| <authentication> |
| <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required"> |
| <module-option name="username" value="some"/> |
| <module-option name="password" value="-......."/> |
| </login-module> |
| </authentication> |
| </security-domain> |
By using this our system took a 30% performance hit.
Some transactions might call getConnection 50 times.
It seems from looking at code that even if a connection already exists in the pool the password is
decrypted on every call to get a connection from the datasource.
Seems like it should only decrypt when a new connection is created to the database.
Any workarounds?
Moving back to unencrypted passwords solves the performance problem.
Using:
<security xmlns="urn:jboss:domain:datasources:1.1">
<user-name>xxx</user-name>
<password>yyy</password>
</security>