Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encrypting sensitive information in JBoss configuration

The standard data source configuration in JBoss requires the username and password of the database user to be in the xxx-ds.xml file. If I define my data source as a c3p0 mbean I encounter the same issue.

Is there a standard way to have the user and password encrypted? What is a good place to save the key?

This of course relevant to tomcat too - context.xml files, spring configuration files, etc.

like image 245
David Rabinowitz Avatar asked May 11 '09 15:05

David Rabinowitz


2 Answers

There is a wiki document out there: http://www.jboss.org/community/docs/DOC-9703 that describes this.

like image 195
Heiko Rupp Avatar answered Nov 19 '22 11:11

Heiko Rupp


for the spring part, you can use your own extension of spring's PropertyPlaceholderConfigurer with the String convertPropertyValue(String originalValue) overridden. As the javadoc for the method mentions it (actually in superclass PropertyResourceConfigurer):

Convert the given property value from the properties source to the value that should be applied.

The default implementation simply returns the original value. Can be overridden in subclasses, for example to detect encrypted values and decrypt them accordingly.

This means you can configure your datasource with ${encoded.value} in the spring xml file, and decode the value before injecting the decoded value into the datasource.

like image 41
Gaetan Avatar answered Nov 19 '22 11:11

Gaetan