Skip to content

Criptografia De Senhas De Datasources

Jump to bottom Edit New page
Markenson edited this page Aug 21, 2014 · 1 revision

$JBOSS_HOME = C:\jboss-eap-5.1\jboss-as

${profile} = default

Criptografando Senhas

Abrir o prompt (windows) ou o shell (linux);

Navegar até a pasta da instalação do JBoss ($JBOSS_HOME);

Dentro de $JBOSS_HOME rodar o comando: java -cp client/jboss-logging-spi.jar:lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule PASSWORD

Ex: java -cp client/jboss-logging-spi.jar:lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule minha_senha

A saída é: Encoded password: -6a17e58bd07310b2228d68ed24301645

Configurando um Application Authentication Policy

Abrir o arquivo login-config.xml localizado em: ${JBOSS_HOME}\server\${profile}\conf\

Criar dentro da tag <policy> um application policy como no exemplo abaixo:

<application-policy name="EncryptSigaLoginDS">
	  <authentication>
		  <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
			  <module-option name="username">acesso_tomcat</module-option>
			  <module-option name="password">-6a17e58bd07310b2228d68ed24301645
</module-option>
			  <module-option name="managedConnectionFactoryName">jboss.jca:name=SigaLoginDS,service=LocalTxCM</module-option>
		  </login-module>
	  </authentication>
	</application-policy>

Obs: a senha que deve ser definida é a senha criptografada gerada no passo anterior.

Configurar o Datasource para usar o Application Authentication Policy

Altere o datasource, removendo as as tags <username> e <password> e adicione a tag <security-domain> apontando para o application policy criado no passo anterior:

Ex:

<local-tx-datasource>
   <jndi-name>SigaLoginDS</jndi-name>
   <connection-url>jdbc:oracle:thin:@servidor:1521:instancia</connection-url>
   <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
   <security-domain>EncryptSigaLoginDS</security-domain>
   <min-pool-size>1</min-pool-size>
   <max-pool-size>4</max-pool-size>
   <idle-timeout-minutes>5</idle-timeout-minutes>
   <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
   <check-valid-connection-sql>select sysdate from dual</check-valid-connection-sql>
   <blocking-timeout-millis>5000</blocking-timeout-millis>
   <metadata>
		<type-mapping>Oracle9i</type-mapping>
   </metadata>
 </local-tx-datasource>

Está feito!

Referências

https://community.jboss.org/wiki/EncryptingDataSourcePasswords

Add a custom footer
Clone this wiki locally