paulwong

JBoss下DataSource加密(下)

数据源文件:my-oracle-ds.xml

<datasources>
    <local-tx-datasource>
        <jndi-name>jdbc/my-local</jndi-name>
        <connection-url>
            jdbc:oracle:thin:@10.5.7.30:1521:orcl
        </connection-url>
        <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
        <security-domain>EncryptedOracleDbRealm</security-domain>
        <exception-sorter-class-name>
            org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter
        </exception-sorter-class-name>
        <metadata>
            <type-mapping>Oracle10g</type-mapping>
        </metadata>
        <depends>
            jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword
        </depends>
    </local-tx-datasource>



    <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
        name="jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword">
        <constructor>
            <arg type="java.lang.String" value="ServerMasterPassword"></arg>
        </constructor>
        <!-- The opaque master password file used to decrypt the encrypted
            database password key -->
        <attribute name="KeyStorePass">
            {CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password
        </attribute>
        <attribute name="Salt">abcdefgh</attribute>
        <attribute name="IterationCount">13</attribute>
    </mbean>

</datasources>

在jboss4.3/jboss-as/server/default/conf/login-config.xml中增加节点:

<application-policy name="EncryptedOracleDbRealm">
    <authentication>
        <login-module
            code="org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule"
            flag="required">
            <module-option name="username">username</module-option>
            <module-option name="password">
                3wW33nIpavHK4pd3qoNTbA
            </module-option>
            <module-option name="managedConnectionFactoryName">
                jboss.jca:service=LocalTxCM,name=jdbc/my-local
            </module-option>
            <module-option name="jaasSecurityDomain">
                jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword
            </module-option>
        </login-module>
    </authentication>
</application-policy>

以上的password由下面命令得出:

E:\JBOSS\jboss4.3\jboss-as\server\default\lib>java -cp jbosssx.jar
org.jboss.security.plugins.PBEUtils abcdefgh 13 master mypassowrd
Encoded password:  2mqrIBSpp8JVWFAqCBklhf

生成server.password文件:

E:\JBOSS\jboss4.3\jboss-as\server\default\lib>java -cp jbosssx.jar
org.jboss.security.plugins.FilePassword abcdefgh 13 master server.password

产生后拷贝到:${jboss.server.home.dir}/conf中。

posted on 2012-01-16 18:58 paulwong 阅读(938) 评论(0)  编辑  收藏 所属分类: JBOSS


只有注册用户登录后才能发表评论。
网站导航: