Hi Kent, What version of the Aries JPA container are you using? There were a number of timing issues around JPA datasources that were improved through the use of a delayed lookup in the JPA container, this passes a proxy datasource to OpenJPA and only does the real lookup when the first Database connection is requested. This might give you the opportunity you need? If you are able to pass in the javax.persistence.jdbc.password property at runtime that might also help.
Let me know how you get on, Regards, Tim ---------------------------------------- > Date: Mon, 28 Mar 2011 17:37:09 -0600 > From: [email protected] > To: [email protected] > Subject: Encrypting passwords with Aries JPA > > I am using Aries JPA in conjunction with OpenJPA in Apache Karaf and have a > need to use encrypted database passwords. I am using a blueprint.xml file to > configure the Aries data source for a database. The code will be deployed to > several different environments where the database information will differ. > Because of this I was planning to deploy a different blueprint.xml data > source for each different environment. > > OpenJPA provides a mechanism to work with encrypted passwords by specifying > an EncryptionProvider in the persistence.xml file. I have tried adding the > encryption provider to persistence.xml. OpenJPA does call it to to the > decryption, but since the user name and password are in the data source > blueprint.xml file, Aries binds it after OpenJPA does the decryption call for > the password. I suspect it would work if I put the username and password in > persistence.xml. The problem with that is that I wanted to just deploy a > different blueprint.xml rather than a different persistence.xml. > > I have also tried setting this configuration in code by tweaking the > OpenJPAConfiguration object, but the EntityManagerFactory handed out by Aries > is a wrapper. > > I was wondering if anyone has any suggestions on how to get this working with > just configuration? Are there any code-based approaches to do this? > > Thanks in advance, > Kent Olsen >
