Re: Encrypting passwords with Aries JPA

Sun, 03 Apr 2011 15:34:22 -0700

Thanks Tim for your response. I am using version 0.3 of the container that is bundled as a Karaf feature. It is clearly a timing issue. OpenJpa is getting the credentials for the persistence unit and trying to decrypt the password before Aries has done its part. At that point the password is still null (not yet injected) from blueprint.xml.
I was able to work around the issue by getting the data source as a blueprint container instance and manually setting the credentials in code at run time before getting an EntityManager from the factory. 

On 4/2/2011 6:04 AM, Timothy Ward wrote:

Hi Kent,

What version of the Aries JPA container are you using? There were a number of 
timing issues around JPA datasources that were improved through the use of a 
delayed lookup in the JPA container, this passes a proxy datasource to OpenJPA 
and only does the real lookup when the first Database connection is requested. 
This might give you the
opportunity you need? If you are able to pass in the 
javax.persistence.jdbc.password property at runtime that might also help.

Let me know how you get on,

Regards,

Tim

----------------------------------------

Date: Mon, 28 Mar 2011 17:37:09 -0600
From: [email protected]
To: [email protected]
Subject: Encrypting passwords with Aries JPA

I am using Aries JPA in conjunction with OpenJPA in Apache Karaf and have a 
need to use encrypted database passwords. I am using a blueprint.xml file to 
configure the Aries data source for a database. The code will be deployed to 
several different environments where the database information will differ. 
Because of this I was planning to deploy a different blueprint.xml data source 
for each different environment.

OpenJPA provides a mechanism to work with encrypted passwords by specifying an 
EncryptionProvider in the persistence.xml file. I have tried adding the 
encryption provider to persistence.xml. OpenJPA does call it to to the 
decryption, but since the user name and password are in the data source 
blueprint.xml file, Aries binds it after OpenJPA does the decryption call for 
the password. I suspect it would work if I put the username and password in 
persistence.xml. The problem with that is that I wanted to just deploy a 
different blueprint.xml rather than a different persistence.xml.

I have also tried setting this configuration in code by tweaking the 
OpenJPAConfiguration object, but the EntityManagerFactory handed out by Aries 
is a wrapper.

I was wondering if anyone has any suggestions on how to get this working with 
just configuration? Are there any code-based approaches to do this?

Thanks in advance,
Kent Olsen


                                        
























					Reply via email to