JBoss AS 7.1 - datasource how to encrypt password

前端 未结 5 1869
情深已故
情深已故 2021-02-07 07:28

In JBoss AS 5, I have a datasource defined in *-ds.xml but put username/encrypted password in *-jboss-beans.xml.

Now in JBoss AS 7.1, the datasource is defined in standa

相关标签:
5条回答
  • 2021-02-07 08:03

    create simple project with jars( jboss-logging-3.1.4.GA-redhat-2.jar picketbox-4.1.1.Final-redhat-1.jar picketbox-commons-1.0.0.final-redhat-3.jar picketbox-infinispan-4.1.1.Final-redhat-1.jar) and run custom class with input args:

    public class Test {
    
        public static void main(String[] args) throws Exception {
            new org.picketbox.datasource.security.SecureIdentityLoginModule()
                    .main(args);
    
        }
    
    }
    

    Output will be: Encoded password: 3d5bc094c128...

    0 讨论(0)
  • 2021-02-07 08:05

    For who is interested on having this running on windows (and in my case on JBoss EAP 6.4...)

    set JBOSS_HOME=C:\dev\jboss\jboss-eap-6.4
    set MYPATH=%JBOSS_HOME%\modules\system\layers\base\org\picketbox\main\picketbox-4.1.1.Final-redhat-1.
    jar;%JBOSS_HOME%\modules\system\layers\base\org\jboss\logging\main\jboss-logging-3.1.4.GA-redhat-2.jar;
    java -classpath %MYPATH% org.picketbox.datasource.security.SecureIdentityLoginModule SecretPass
    
    Encoded password: 13e0362237c93a9cda89f5b3da271521
    

    Hope this helps, Matteo

    0 讨论(0)
  • 2021-02-07 08:05

    In an environment CentOS release 6.3, JBoss-EAP-6.0.0 this only worked with code="SecureIdentity", using picketbox-4.0.9.Final-redhat-1.jar for password encryption.

    <security-domain name="some-ds-EncryptedPassword">
      <authentication>
        <login-module code="SecureIdentity" flag="required">
          <module-option name="username" value="username"/>
          <module-option name="password" value="encrypted_password"/>
        </login-module>
      </authentication>
    </security-domain>
    

    code="SecureIdentityLogin" gives "PB00024: Access Denied:Unauthenticated caller:null".

    Source: https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration

    0 讨论(0)
  • 2021-02-07 08:17

    Below is the complete security Domain Configuration for Jboss AS-7 :

         <security-domains>
            <!--  Security Setting's --> 
            <security-domain name="encryptedSecurity" cache-type="default">
                <authentication>
                    <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                    <module-option name="username" value="user_name"/>
                    <module-option name="password" value="encrypted_password"/>
                    <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=dataSource-1-PoolName,dataSource-2-PoolName"/>
                </login-module>
                </authentication>
            </security-domain>
    
    0 讨论(0)
  • 2021-02-07 08:24

    In AS7 you can use the SecureIdentityLoginModule to add an encrypted password domain. For instance, you can define a security domain in standalone.xml or domain.xml:

    <security-domain name="EncryptedPassword">
      <authentication>
        <login-module code="SecureIdentity" flag="required">
          <module-option name="username" value="test"/>
          <module-option name="password" value="encrypted_password"/>
        </login-module>
      </authentication>
    </security-domain>
    

    Then you can add this security domain in your particular data source that uses this userid/pwd combination in standalone.xml or domain.xml:

      <datasource ... >
           .....
           <security>
                  <security-domain>EncryptedPassword</security-domain>
           </security>
      </datasource>
    

    To encrypt the password itself, you can run this command (please verify the versions of picketbox jar and logging jar in your particular AS7 download to substitute accordingly):

    java -cp $JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.6.<beta|final>.jar:$JBOSS_HOME/modules/org/jboss/logging/main/jboss-logging-3.1.0.<some_version>.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule password
    

    This will return an encrypted password back that you can use in your security domain.

    You can read more about JBoss AS7 security subsystem here. Since open source rocks, you can see how the encoding code works in the source code of SecureIdentityLogin. You will notice in the source code that it uses Blowfish for encryption.

    0 讨论(0)
提交回复
热议问题