Documentation - Security - pluggable encryption system/custom keys
------------------------------------------------------------------
Key: GERONIMO-4176
URL: https://issues.apache.org/jira/browse/GERONIMO-4176
Project: Geronimo
Issue Type: Task
Security Level: public (Regular issues)
Components: documentation
Affects Versions: 2.1.x
Reporter: Hernan Cunico
Assignee: Hernan Cunico
Provide documentation for the pluggable encryption system for passwords. This
feature has been available since [GERONIMO-2925] but never documented.
<snip>
If you want to have a fixed key generated by geronimo you can add this gbean to
the rmi-naming module in config.xml:
<gbean
name="org.apache.geronimo.configs/rmi-naming/2.1-SNAPSHOT/car?name=ConfiguredEncryption,j2eeType=GBean"
gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
<attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
<reference
name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference>
</gbean>
This will create a key the first time its started, after that it will keep
using the saved key at the location specified. If you put a serialized
SecretKeySpec there it will use it instead.
Of course using something like this leaves your system open to the key file
changing or disappearing and losing all the saved password info.
</snip>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
