JBoss AS 7.1 - datasource如何加密密码 [英] JBoss AS 7.1 - datasource how to encrypt password

问题描述

在JBoss AS 5中，我在* -ds.xml中定义了一个数据源，但是将用户名/加密密码放在* -jboss-beans.xml中。

In JBoss AS 5, I have a datasource defined in *-ds.xml but put username/encrypted password in *-jboss-beans.xml.

现在在JBoss AS 7.1中，数据源在standalone.xml或domain.xml中定义。
我在哪里将加密密码放在AS 7.1中？

Now in JBoss AS 7.1, the datasource is defined in standalone.xml or domain.xml. Where do I put the encrypted password in AS 7.1?

换句话说，如何在AS 7中加密和保护明确的密码？

In other words, how is a clear password encrypted and secured in AS 7?

推荐答案

在AS7中，您可以使用SecureIdentityLoginModule添加加密的密码域。例如，您可以在standalone.xml或domain.xml中定义安全域：

In AS7 you can use the SecureIdentityLoginModule to add an encrypted password domain. For instance, you can define a security domain in standalone.xml or domain.xml:

<security-domain name="EncryptedPassword">
  <authentication>
    <login-module code="SecureIdentity" flag="required">
      <module-option name="username" value="test"/>
      <module-option name="password" value="encrypted_password"/>
    </login-module>
  </authentication>
</security-domain>

然后，您可以在独立使用此userid / pwd组合的特定数据源中添加此安全域.xml或domain.xml：

Then you can add this security domain in your particular data source that uses this userid/pwd combination in standalone.xml or domain.xml:

  <datasource ... >
       .....
       <security>
              <security-domain>EncryptedPassword</security-domain>
       </security>
  </datasource>

要加密密码本身，您可以运行此命令（请验证picketbox jar的版本和日志记录在您特定的AS7下载jar以相应替换）：

To encrypt the password itself, you can run this command (please verify the versions of picketbox jar and logging jar in your particular AS7 download to substitute accordingly):

java -cp $JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.6.<beta|final>.jar:$JBOSS_HOME/modules/org/jboss/logging/main/jboss-logging-3.1.0.<some_version>.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule password

这将返回一个可以在安全域中使用的加密密码。

This will return an encrypted password back that you can use in your security domain.

您可以阅读有关JBoss AS7安全子系统的更多信息此处。自开源摇滚以来，您可以看到编码代码如何在 SecureIdentityLogin 。你会在源代码中注意到它使用 Blowfish 进行加密。

You can read more about JBoss AS7 security subsystem here. Since open source rocks, you can see how the encoding code works in the source code of SecureIdentityLogin. You will notice in the source code that it uses Blowfish for encryption.

这篇关于JBoss AS 7.1 - datasource如何加密密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！