3 Replies Latest reply on Oct 26, 2010 1:09 PM by Peter Johnson

    jboss-eap-4.3 datasource password encryption

    acc01 Newbie

      Hi,

       

      What is best way to encrypt my data source passwords on JBOSS 4.3? I have come across the following 2 mechnanisms, but not sure if these are applicable to 4.3:

       

      Secured Identity using org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule

       

      Configured Identity with Password Based Encryption org.jboss.resource.security.SecureIdentityLoginModule

       

      Thanks,

       

      Hemal

        • 1. Re: jboss-eap-4.3 datasource password encryption
          Peter Johnson Master

          I always used the SecureIdentityLoginModule. The way that security is handled and configured has not changed significantly amoing 4.0.x, 4.2.x, 4.3 and 5.x, so the mechanisms that you found should still work (though I can't vouch for anything prior to 4.0.x).

          • 2. Re: jboss-eap-4.3 datasource password encryption
            acc01 Newbie

            How have you done this in the past?

             

            I tried to follow this guide that I found online: http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Encrypting_Data_Source_Passwords.html

             

            The steps ask you to run the following command: java -cp client/jboss-logging-spi.jar:lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule PASSWORD

             

            However, client/jboss-logging-spi.ja doesnt exist in 4.3. I get the following error:

             

            bash-3.2$ java -cp client/jboss-logging-spi.jar:lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule PWSTART
            Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/resource/security/SecureIdentityLoginModule
            Caused by: java.lang.ClassNotFoundException: org.jboss.resource.security.SecureIdentityLoginModule
                    at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
                    at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
                    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
                    at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
            Could not find the main class: org.jboss.resource.security.SecureIdentityLoginModule.  Program will exit.

            • 3. Re: jboss-eap-4.3 datasource password encryption
              Peter Johnson Master

              The JBoss developers like playing musical chairs with the various classes and tend to reshuffle them between releases just to keep people on their toes. In EAP 4.3 I found the class in question in the server/xxx/lib/jboss-jca.jar file. Of course, you might find that other classes then come up missing. I find that tools such as JBoss Tattletale or isocra's jarfinder (http://www.isocra.com/2006/02/jarfinder/) come in real handy when seeking the hiding classes.

              1 of 1 people found this helpful