Hi Mark,
We've done quite a bit of work in Cayenne to avoid complex things like
PasswordEncoding or custom DataSourceFactories. If all that is needed is to
change / define login credentials, the simplest way is via properties [1]. [2]
shows an example with a single DataNode. If you have more than one, you will
need to add the project name and the DataNode name to the base property name.
E.g.:
export MY_USER=user
export MY_PASSWORD=secret
java -Dcayenne.jdbc.username.project.mynode=$MY_USER \
-Dcayenne.jdbc.password.project.mynode=$MY_PASSWORD \
-jar myapp.jar
Hope this helps,
Andrus
[1]
http://cayenne.apache.org/docs/4.0/cayenne-guide/configuration-properties.html
[2]
https://stackoverflow.com/questions/45781378/best-practice-to-manage-apache-cayenne-project-xml-file
> On Dec 17, 2017, at 4:23 AM, Mark Hull <[email protected]> wrote:
>
> I apologize if this question has been asked and answered before but: What is
> the best-practices solution to redact the database user name and password
> from an XML file created and used by Cayenne Modeler? The ServerRuntime build
> statement is simply:
>
> cayenneRuntime = ServerRuntime.builder()
> .addConfig("com/hulles/a1icia/cayenne/cayenne-a1icia.xml")
> .build();
>
> It works just fine as long as the db user name and password are in the XML
> file, but I don't believe in leaving clear-text artifacts like that laying
> around in the code, so I want to add the user and password data at runtime
> from a Java method (not from an external file or an 'executable', whatever
> that means in the content of PasswordEncoding). Adding .user("xyz") and
> .password("zyx") to the build statement don't work, presumably because the
> DataNode is not the default and those statements just set their respective
> fields for the default DataNode.
>
> If I have to, I can create either a Module to change those properties somehow
> at runtime (though the documentation for doing so is, to be kind, sparse),
> somehow implement the PasswordEncoding (even less documentation, because I
> don't know where it's used), or just edit the XML at runtime (horrible choice
> but looking like the best of a bad lot at this point).
>
> All this seems like a lot of effort when I imagine this need must crop up
> fairly often among Cayenne users (it should, for security reasons IMO). Is
> there a simple standard way to do what I want? Or at least a standard way? I
> don't want to invent a new wheel here. I feel like I'm missing something
> obvious that everyone else knows about and that I just missed. Oh, by the
> way, whatever the solution is should still allow Cayenne Modeler to function
> normally.
>
> I promise I searched for the answer everywhere I could think of.
> StackOverflow had a couple answers that used deprecated methods and didn't
> work when I tried them.
>
> Thanks in advance for any help. I hope there's a really simple answer so I
> feel stupid but don't have to spend any more time on this than I have
> already. :)
>
> - Mark Hull
>
> /People say nothing is impossible, but I do nothing every day. - A. A. Milne/
