In JBoss AS 5, I have a datasource defined in *-ds.xml but put username/encrypted password in *-jboss-beans.xml. Now in JBoss AS 7.1, the datasource is defined in standalone.xml or domain.xml. Where do I put the encrypted password in AS 7.1? In other words, how is a clear password encrypted and secured in AS 7?

In AS7 you can use the SecureIdentityLoginModule to add an encrypted password domain. For instance, you can define a security domain in standalone.xml or domain.xml: <pre class="prettyprint"><code><security-domain name="EncryptedPassword"> <authentication> <login-module code="SecureIdentity" flag="required"> <module-option name="username" value="test"/> <module-option name="password" value="encrypted_password"/> </login-module> </authentication> </security-domain> </code></pre> Then you can add this security domain in your particular data source that uses this userid/pwd combination in standalone.xml or domain.xml: <pre class="prettyprint"><code> <datasource ... > ..... <security> <security-domain>EncryptedPassword</security-domain> </security> </datasource> </code></pre> To encrypt the password itself, you can run this command (please verify the versions of picketbox jar and logging jar in your particular AS7 download to substitute accordingly): <pre class="prettyprint"><code>java -cp $JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.6.<beta|final>.jar:$JBOSS_HOME/modules/org/jboss/logging/main/jboss-logging-3.1.0.<some_version>.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule password </code></pre> This will return an encrypted password back that you can use in your security domain. You can read more about JBoss AS7 security subsystem here. Since open source rocks, you can see how the encoding code works in the source code of SecureIdentityLogin. You will notice in the source code that it uses <code>Blowfish</code> for encryption.

Below is the complete security Domain Configuration for Jboss AS-7 : <pre class="prettyprint"><code> <security-domains>  <security-domain name="encryptedSecurity" cache-type="default"> <authentication> <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required"> <module-option name="username" value="user_name"/> <module-option name="password" value="encrypted_password"/> <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=dataSource-1-PoolName,dataSource-2-PoolName"/> </login-module> </authentication> </security-domain> </code></pre>

JBoss AS 7.1 - datasource how to encrypt password

2 Answers

In AS7 you can use the SecureIdentityLoginModule to add an encrypted password domain. For instance, you can define a security domain in standalone.xml or domain.xml:

<security-domain name="EncryptedPassword">
  <authentication>
    <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="test"/>
      <module-option name="password" value="encrypted_password"/>
    </login-module>
  </authentication>
</security-domain>

Then you can add this security domain in your particular data source that uses this userid/pwd combination in standalone.xml or domain.xml:

  <datasource ... >
       .....
       <security>
              <security-domain>EncryptedPassword</security-domain>
       </security>
  </datasource>

To encrypt the password itself, you can run this command (please verify the versions of picketbox jar and logging jar in your particular AS7 download to substitute accordingly):

java -cp $JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.6.<beta|final>.jar:$JBOSS_HOME/modules/org/jboss/logging/main/jboss-logging-3.1.0.<some_version>.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule password

This will return an encrypted password back that you can use in your security domain.

You can read more about JBoss AS7 security subsystem here. Since open source rocks, you can see how the encoding code works in the source code of SecureIdentityLogin. You will notice in the source code that it uses Blowfish for encryption.

answered Sep 24 '22 16:09

CoolBeans

Below is the complete security Domain Configuration for Jboss AS-7 :

     <security-domains>
        <!--  Security Setting's --> 
        <security-domain name="encryptedSecurity" cache-type="default">
            <authentication>
                <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username" value="user_name"/>
                <module-option name="password" value="encrypted_password"/>
                <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=dataSource-1-PoolName,dataSource-2-PoolName"/>
            </login-module>
            </authentication>
        </security-domain>

answered Sep 23 '22 16:09

shatk

Related questions
                            
                                How to check existence of a program in the path
                            
                                Setting the default jsp view with spring mvc
                            
                                Reverse bits in number
                            
                                Ant + Vista 64 : "Unable to locate tools.jar" (jre/jdk conflict?)
                            
                                Making a multi-player game playable over a network or on the internet
                            
                                Should I declare a java field 'final' when if it's not modified in code?
                            
                                Eclipse : how we take arguments for main when run
                            
                                com.google.api.client.json.jackson.JacksonFactory; missing in Google Drive example
                            
                                mkdir() is not creating the new directory
                            
                                Creating a Java Enum in Scala
                            
                                Generate a Random Color Java [duplicate]
                            
                                TLSv1.3 - is it available now in Java 8?
                            
                                bootstrap.yml not loading in Spring Boot 2
                            
                                How should I load native libraries for JNI to avoid an UnsatisfiedLinkError?
                            
                                How can I refresh a JTree after adding some nodes to the underlying model?
                            
                                problem in ant build invalid target release
                            
                                Runtime.exec() : Reboot in Android?
                            
                                How to add Write to File Permission on Android
                            
                                Unsigned Bytes in Java
                            
                                Using Spring Security, how can I use HTTP methods (e.g. GET, PUT, POST) to distingush security for particular URL patterns?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

JBoss AS 7.1 - datasource how to encrypt password

Tags:

java

security

password-protection

jboss

jboss7.x

Eric

People also ask

2 Answers

CoolBeans

shatk

Recent Activity

Donate For Us