1 Reply Latest reply on May 12, 2009 4:37 AM by Wolfgang Knauf

    Encrypting Datasource in SAR

    darren hartford Expert

      Hello all,
      I've read through the entry on encrypting the datasource password: http://www.jboss.org/community/docs/DOC-9703

      However, our approach we've tried to avoid modifying any part of the base jboss install for applications - instead, all configurations that applications need are done through SARs, including datasources.

      In a SAR approach to datasources, can you use the login-config.xml approach **within** a SAR in some fashion for encrypting Datasource passwords instead of using the default location of the login-config.xml?

      thanks!
      -D

        • 1. Re: Encrypting Datasource in SAR
          Wolfgang Knauf Master

          Yes, this is possible.

          Add a "...-service.xml" to your SAR with this content:

          <?xml version="1.0" encoding="UTF-8"?>
          <server>
           <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
           name="jboss:service=DynamicLoginConfig">
           <attribute name="AuthConfig">META-INF/login-config.xml</attribute>
           <depends optional-attribute-name="LoginConfigService">
           jboss.security:service=XMLLoginConfig
           </depends>
           <depends optional-attribute-name="SecurityManagerService">
           jboss.security:service=JaasSecurityManager
           </depends>
           </mbean>
          </server>

          It adds a "DynamicLoginConfig" MBean, which points to the "login-config.xml" inside your SAR.

          See http://www.jboss.org/community/wiki/DynamicLoginConfig

          Best regards

          Wolfgang