Re: Where to store secret EJB properties?

Tue, 21 Oct 2008 10:43:31 -0700 


On Oct 21, 2008, at 9:38 AM, Juergen Weber wrote:
The canonical way to have properties for EJBs is IMHO to use <env- entry> in 
ejb-jar.xml and have them injected via @Resource.
ejb-jar.xml are like source and in source control and are put in the ejb.jar 
by ant.
Obviously this is not a good idea for passwords.
Is there a way to save properties via the Geronimo Console (or deployer) and 
have them injected via @Resource?
I guess properties in .properties in a .jar cannot be injected, can they?
Could this be done via javax.naming.spi.ObjectFactory as suggested in the 
comment here:
http://www.jroller.com/agoncal/entry/ configure_your_ejb_3_with#comments
I'm sure that wouldn't work in geronimo naming (e.g. in a web app in geronimo, which only uses geronimo naming stuff) and doubt openejb has a way to make it work (IIRC openejb does some of its own jndi setup). I also don't see how this would conceal the secrets. Wouldn't they now be in the source code of the ObjectFactory class?
I can think of a couple approaches that you might find suitable. One is having an application specific data file as explained here: http://cwiki.apache.org/GMOxDOC21/locating-your-application-specific-configuration-files.html . This also hints at the other, using a system property to store the secret, set up with a SystemPropertiesGBean in the geronimo plan for your app. In this case however I would advise: 

- use maven :-)
- deploy your app as a geronimo plugin using the car-maven-plugin
- include a config.xml snippet in the geronimo-plugin.xml (generated from the car-maven-plugin configuration) - set up the property value as a config-substitutions.properties variable.
Now you can either set the secret directly in var/config/config- substitutions.properties or on the command line, e.g. with gshell 
geronimo/start-server -G mySecret=foo

hope this helps
david jencks




Thanks,
Juergen
--
View this message in context: 
http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20094408.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.

Reply via email to