问题
I have encrypted the datasource as follows:
Standalone.xml:
<datasource jndi-name="java:/OracleDS" pool-name="OracleDS" enabled="true">
<connection-url>jdbc:oracle:thin:@abc.com:1001:DEV1</connection-url>
<driver>oracle</driver>
<security>
<security-domain>encrypted-ds</security-domain>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
<validate-on-match>true</validate-on-match>
<background-validation>false</background-validation>
<stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
</validation>
</datasource>
->added the security-domain in security-domains tag:
<security-domain name="encrypted-ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="308c162f7c2ec7f"/>
<module-option name="password" value="308c162f7c2ec7f"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=OracleDS"/>
</login-module>
</authentication>
</security-domain>
I want the username password to be plain text / '*'(in case of password) in management console. Is it possible. ?? Any other encryption technique that I can use to do the same??
回答1:
In Jboss EAP 6 you can use the SecureIdentityLoginModule to add an encrypted password domain. For instance, you can define a security domain in standalone.xml or domain.xml:
<security-domain name="EncryptedPassword">
<authentication>
<login-module code="SecureIdentity" flag="required">
<module-option name="username" value="test"/>
<module-option name="password" value="encrypted_password"/>
</login-module>
</authentication>
</security-domain>
Then you can add this security domain in your particular data source that uses this userid/pwd combination in standalone.xml or domain.xml:
<datasource ... >
.....
<security>
<security-domain>EncryptedPassword</security-domain>
</security>
</datasource>
To encrypt the password itself, you can run this command (please verify the versions of picketbox jar and logging jar in your particular AS7 download to substitute accordingly):
java -cp $JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.6.<beta|final>.jar:$JBOSS_HOME/modules/org/jboss/logging/main/jboss-logging-3.1.0.<some_version>.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule password
This will return an encrypted password back that you can use in your security domain.
You can read more about JBoss AS7 security subsystem here
Since open source rocks, you can see how the encoding code works in the source code of SecureIdentityLogin. You will notice in the source code that it uses Blowfish for encryption.
来源:https://stackoverflow.com/questions/44626992/datasource-encryption-in-jboss-eap-6