1 Reply Latest reply on Apr 7, 2004 5:52 PM by dheinecke

Setting username and password on existing datasource

dheinecke Apr 7, 2004 11:44 AM

I work for a security company and we are going to be delivering our next product on JBoss. Our secure coding requirements dictate that usernames and passwords cannot be left in clear text on the filesystem. We are using a DB2 datasource but we cannot have the username and password in the -ds.xml. I have seen the SecureLoginModule code, but it still shows the username in clear text, even though the password is encrypted. A further requirement wrinkle is that the customer is supposed to be able to change the username and password for the database at will, which makes the SecureLoginModule less attractive as a solution.

The solution that we (partially) came up was to remove the username and password from the -ds.xml file and to let the jboss create the datasource without these two elements. We then put the username and password into an encrypted properties file that is read and decrypted by a deployer MBean that we wrote. We have a custom utility for the customer to run to change these values and re-write the file when she wants.

So far, so good. But now that we have the decrypted username and password in the deployer MBean, how do we go about adding these values to the jndi-existant datasource? I thought about looking up the datasource in jndi and adding the uname and pswd with a setUsername() and setPassword() mechanism, but datasource doesn't expose these methods. The ManagedConnectionFactory for the ds has a method for setting the uname and pswd, but is it enough to set them there and not on the ds itself? Would it make better sense to try and dynamically create the datasource in the deployer MBean after we have the uname and password from the encrypted prop file?

Any help or suggestions would be greatly appreciated!

David Heinecke

1. Re: Setting username and password on existing datasource

dheinecke Apr 7, 2004 5:52 PM (in response to dheinecke)

Ok, what we did seems to have worked, but if anyone has a better way to do this, or can see any potential problems, please let me know.

First, we made our deployer MBean depend on the ManagedConnectionFactory service for our datasource. Without this dependency, our MBean was starting up and trying to modify the settings of the MCF before it was up and running.

In our MBean, as soon as we read the encrypted username and password, we lookup and call the setManagedConnectionFactoryAttribute method of the MCF. This is illustrated by the following code...
EncryptedProperties props = new EncryptedProperties("enc.properties");
MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).iterator().next();
ObjectName objectName = new ObjectName("jboss.jca:service=ManagedConnectionFactory,name=EsmDS");
server.invoke(objectName, "setManagedConnectionFactoryAttribute",
new Object[] { "UserName", String.class, props.getProperty(BridgeProperties.DB_ACCOUNT_NAME) },
new String[] { "java.lang.String", "java.lang.Class", "java.lang.Object" });
server.invoke(objectName, "setManagedConnectionFactoryAttribute",
new Object[] { "Password", String.class, props.getProperty(BridgeProperties.DB_ACCOUNT_PASSWORD) },
new String[] { "java.lang.String", "java.lang.Class", "java.lang.Object" });

This approach appears to work since we are able to lookup the connection in jndi and obtain connections from it (without having to pass credentials to the ds in the getConnection call).

Even though it works, the solution feels a little dirty to me. For starters, I don't like the dependency that has been created between the datasource and our deployer service. I am also worried that in the future this model will be broken when we move over to supporting the DB2 8.1 XADatasource.

Any ideas, or is this the best that we can do?
Actions