Glad you have it working. The other approach you could take is to implement a custom password cipher: https://tomee.apache.org/latest/examples/datasource-ciphered-password.html or a properties provider: https://tomee.apache.org/latest/docs/admin/configuration/resources.html which you might be able to hook up to your password store. Here's a sample properties provider in a unit test, if that helps. https://github.com/apache/tomee/blob/master/container/openejb-core/src/test/java/org/apache/openejb/resource/PropertiesProviderTest.java#L90-L103
The DataSourceFactory is a little complex, but in general the properties part of the system is quite flexible. The defaults for different resources come from service-jar.xml in openejb-core, and are overridden by tomee.xml or WEB-INF/resources.xml, and in turn, overridden by system properties. Then you have ciphering, properties providers and class factories in the mix as well, so there's a bunch of of different ways you can do it. Couple of points to be wary of - specifying JVM args would potentially mean the password is exposed on the command line, and visible to someone doing a `ps`. Your System.err.println() may write the plain text password to a log, depending on where stderr is routed to. Also, no matter how you get the password to TomEE, if the server is compromised and an attacker is able to get a heap dump, they'll be able to get your database password, so nothing is perfect. Anyway, glad you got something working, and thanks for following up. If you have any questions around config, please let us know. Jon On Tue, Dec 3, 2019 at 8:06 PM randygalbraith <regalbra...@aetna.com.invalid> wrote: > Hi Dmitry & Richard, > > Thank you for all your help! Here is my anonymized source for what worked > :-) > > DataSourceFactory.java: > > package path1.path2; > > import java.io.IOException; > import path3.path4.FooStore; > > > public class DataSourceFactory { > > public Object create() { > > String password = null; > > try { > password = FooStore.getPassword("user", "db"); > } catch (Exception e) { > System.err.println(e.toString()); > return null; > > } > String definition = "JdbcDriver=oracle.jdbc.OracleDriver\n" + > "JdbcUrl=jdbc:oracle:thin:@host:port:db\n" + > "JtaManaged=true\n" + > "UserName=user\n" + > "Password=" + password + "\n"; > System.err.println("definition=["+definition+"]"); > try { > return org.apache.openejb.resource.jdbc.DataSourceFactory. > create("someDS", true, oracle.jdbc.OracleDriver.class, > definition, null, null, null, false); > } catch (IllegalAccessException iae) { > System.err.println(iae.toString()); > return null; > } catch (InstantiationException ie) { > System.err.println(ie.toString()); > return null; > } catch (IOException ioe) { > System.err.println(ioe.toString()); > return null; > } > } > } > > resources.xml: > > <?xml version="1.0" encoding="UTF-8"?> > <resources> > <Resource id="myDS" > type="javax.sql.DataSource" > class-name="path1.path2.DataSourceFactory" > factory-name="create"> > JdbcDriver = oracle.jdbc.OracleDriver > </Resource> > </resources> > > build.xml updates: > + <pathelement location = "${libcat}/openejb-core-8.0.0-M2.jar"/> > + <pathelement location = "${libora}/ojdbc8.jar"/> > > Cheers, -Randy > > > > -- > Sent from: > http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html >