My goal is to encrypt datasouce passwords in our current production system.
I followed the wiki and wrote a class (module) of my own. I've created (almost copied) the SecurityIdentityLoginModule to have properties such as pbePass, algo, salt and iterationCount configured. I did the following: - I've added the reference to the policy name in my *-ds.xml(see below) - I've added the relevant bits in login-config.xml (see below) - when I deploy I can see that the login module invoked is mine However, I find these things intriguing: - Although I have different applicaition-policy definitions for different daatasources, I can only see that my LoginModule being invoked just once! I am not sure why though - can any one explain to me if this is expected? - Secondly if I have two datasouce definitions, one with XA and other non-XA, I can only see that the LoginModule is invoked just for Non-XA all the times. The XA version, looks like, doesn't do any authentication. I've tried to deploy just a single XA datasource and found that my LoginModule being not invoked. I am not sure why though. Is this expected, if yes, could you give me an explanation, if not, is this a bug? - third, even if I change the password string to incorrect one deliberately, the second DS deployment doesn't complain! Can someone throw few pointers, please? Help/input much appreciated. Thanks /M <<my datasouces>> -------------------- | <local-tx-datasource> | <jndi-name>JMSDS</jndi-name> | <connection-url>jdbc:sybase:Tds:myhost:4100/MyDbMS</connection-url> | <driver-class>com.sybase.jdbc3.jdbc.SybDataSource</driver-class> | <use-java-context>true</use-java-context> | <security-domain>JMSDSEncryptionPolicy</security-domain> | <check-valid-connection-sql>SELECT @@VERSION</check-valid-connection-sql> | <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.SybaseExceptionSorter</exception-sorter-class-name> | <metadata> | <type-mapping>Sybase</type-mapping> | </metadata> | </local-tx-datasource> | | <xa-datasource> | <jndi-name>JMSXADS</jndi-name> | <use-java-context>false</use-java-context> | <security-domain>JMSDSEncryptionPolicy</security-domain> | <xa-datasource-class>com.sybase.jdbc3.jdbc.SybXADataSource</xa-datasource-class> | <xa-datasource-property name="DatabaseName">mydb</xa-datasource-property> | <xa-datasource-property name="ServerName">myserver</xa-datasource-property> | <xa-datasource-property name="PortNumber">4100</xa-datasource-property> | <check-valid-connection-sql>SELECT @@VERSION</check-valid-connection-sql> | <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.SybaseExceptionSorter</exception-sorter-class-name> | <metadata> | <type-mapping>Sybase</type-mapping> | </metadata> | </xa-datasource> | <<my login-config.xml >> ----------------------- | <application-policy name = "JMSDSEncryptionPolicy"> | <authentication> | <login-module code = "com.cmi2.framework.security.SecureLoginModule" | flag = "required"> | <module-option name = "username">cmi2Trade01</module-option> | <module-option name = "password">4d85a83e922ac8bed6cfd1f9898f3b42</module-option> | <module-option name = "pbeAlgo">Blowfish</module-option> | <module-option name = "pbePass">CMI2 is evolving</module-option> | <module-option name = "securePropertiesFile">secure.properties.file</module-option> | <module-option name = "policyName">JMSDSEncryptionPolicy</module-option> | <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=JMSDS</module-option> | </login-module> | </authentication> | </application-policy> | | <application-policy name = "EAIDSEncryptionPolicy"> | <authentication> | <login-module code = "com.cmi2.framework.security.SecureLoginModule" | | flag = "required"> | <module-option name = "username">cmi2Trade01</module-option> | <module-option name = "password">4d85a83e922ac8bed6cfd1f9898f3b42</module-option> | <module-option name = "pbeAlgo">Blowfish</module-option> | <module-option name = "pbePass">CMI2 is evolving</module-option> | <module-option name = "securePropertiesFile">secure.properties.file</module-option> | <module-option name = "policyName">CMITrade01EAIDSEncryptionPolicy</module-option> | <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=CMITrade01EAIDS</module-option> | </login-module> | </authentication> | </application-policy> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4061336#4061336 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4061336 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
