Glad you have it working. The other approach you could take is to implement
a custom password cipher:
https://tomee.apache.org/latest/examples/datasource-ciphered-password.html or
a properties provider:
https://tomee.apache.org/latest/docs/admin/configuration/resources.html which
you might be able to hook up to your password store. Here's a sample
properties provider in a unit test, if that helps.
https://github.com/apache/tomee/blob/master/container/openejb-core/src/test/java/org/apache/openejb/resource/PropertiesProviderTest.java#L90-L103
The DataSourceFactory is a little complex, but in general the properties
part of the system is quite flexible. The defaults for different resources
come from service-jar.xml in openejb-core, and are overridden by tomee.xml
or WEB-INF/resources.xml, and in turn, overridden by system properties.
Then you have ciphering, properties providers and class factories in the
mix as well, so there's a bunch of of different ways you can do it.
Couple of points to be wary of - specifying JVM args would potentially mean
the password is exposed on the command line, and visible to someone doing a
`ps`. Your System.err.println() may write the plain text password to a log,
depending on where stderr is routed to. Also, no matter how you get the
password to TomEE, if the server is compromised and an attacker is able to
get a heap dump, they'll be able to get your database password, so nothing
is perfect.
Anyway, glad you got something working, and thanks for following up. If you
have any questions around config, please let us know.
Jon
On Tue, Dec 3, 2019 at 8:06 PM randygalbraith <regalbra...@aetna.com.invalid>
wrote:
> Hi Dmitry & Richard,
>
> Thank you for all your help! Here is my anonymized source for what worked
> :-)
>
> DataSourceFactory.java:
>
> package path1.path2;
>
> import java.io.IOException;
> import path3.path4.FooStore;
>
>
> public class DataSourceFactory {
>
> public Object create() {
>
> String password = null;
>
> try {
> password = FooStore.getPassword("user", "db");
> } catch (Exception e) {
> System.err.println(e.toString());
> return null;
>
> }
> String definition = "JdbcDriver=oracle.jdbc.OracleDriver\n" +
> "JdbcUrl=jdbc:oracle:thin:@host:port:db\n" +
> "JtaManaged=true\n" +
> "UserName=user\n" +
> "Password=" + password + "\n";
> System.err.println("definition=["+definition+"]");
> try {
> return org.apache.openejb.resource.jdbc.DataSourceFactory.
> create("someDS", true, oracle.jdbc.OracleDriver.class,
> definition, null, null, null, false);
> } catch (IllegalAccessException iae) {
> System.err.println(iae.toString());
> return null;
> } catch (InstantiationException ie) {
> System.err.println(ie.toString());
> return null;
> } catch (IOException ioe) {
> System.err.println(ioe.toString());
> return null;
> }
> }
> }
>
> resources.xml:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <resources>
> <Resource id="myDS"
> type="javax.sql.DataSource"
> class-name="path1.path2.DataSourceFactory"
> factory-name="create">
> JdbcDriver = oracle.jdbc.OracleDriver
> </Resource>
> </resources>
>
> build.xml updates:
> + <pathelement location = "${libcat}/openejb-core-8.0.0-M2.jar"/>
> + <pathelement location = "${libora}/ojdbc8.jar"/>
>
> Cheers, -Randy
>
>
>
> --
> Sent from:
> http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
>
