Wildfly：加密数据库的密码和用户名 [英] Wildfly: Encrypt password and username for database

问题描述

我想把一些web应用程序交给某些人，但这些人不应该允许使用某些工具访问数据库。使用webapplicaton并在后台数据库就可以了。

I would like to hand over a webapplication to some people but these people should not allowed to has access to the database with some tools. Using the webapplicaton and in the background the database is ok.

Wildfly的配置包含以下代码：

Wildfly has a config with these code:

<xa-datasource jndi-name="java:jboss/datasources/ExampleXADS" pool-name="ExampleXADS">
       <driver>h2</driver>
       <xa-datasource-property name="URL">jdbc:h2:mem:test</xa-datasource-property>
       <xa-pool>
            <min-pool-size>10</min-pool-size>
            <max-pool-size>20</max-pool-size>
            <prefill>true</prefill>
       </xa-pool>
       <security>
            <user-name>sa</user-name>
            <password>sa</password>
       </security>
    </xa-datasource>

如您所见，还有可用的用户名和密码。如何排除/加密这些，所以只有管理员知道数据库的密码。
同样也是整个应用服务器 - 还有用户和密码。
我该怎么做？

As you can see, there is also the username and password available. How is it possible to exclude / encrypt these, so only the administrator know the password for the database. The same also for the whole application server - there are also users and password. How can I do this?

编辑：
客户将获得包含Web服务器配置的整个应用程序。 （Wilfly和.war - 文件）
它仅用于将数据库中的软件密钥保存。
如果客户第一次启动Web应用程序，他将被提示输入许可证密钥。
输入许可证密钥后，Webservice将被调用。返回代码为false或true（有效或无效）
我的第一个想法是将该标志存储在数据库中。但是如果用户可以访问数据库，他可以自己操作这个标志。
还有其他可能性为软件密钥有效设置标志，而不是将数据库中的标志保存。
任何想法？

The "customer" will get the whole application inclusive the webserver configuration. (Wilfly and .war - file) It´s only for saving the software key in the database. The first time if the "customer" start the web application, he will be prompted so enter the licence key. After entering the license key a Webservice will be called. The return code is "false" or "true" (is key valid or is key not valid) My first idea was to store the flag in the database. But if a user has access to the database, he can manipulate this flag on his own. Is there any other possibility to set a flag for "the software key is valid" instead saving the flag in the database. Any ideas?

推荐答案

您可以使用安全域来解决这个问题，这可能是Wildfly的一些具体变化但是对于JBoss 7.1.1，这里是您需要做的。

You can use security domain to get over this, this could be some specific changes for Wildfly but for JBoss 7.1.1 here is what you need to do.

1. 查找jboss-logging-3.1.0的位置您的JBoss / Widlfy服务器中的.GA.jar。在JBoss 7.1.1的情况下，它应该像 - modules\org\jboss\logging\main\jboss-logging-3.1.0.GA.jar

1. Find the location of jboss-logging-3.1.0.GA.jar in your JBoss/Widlfy server. In case of JBoss 7.1.1 it should be something like - modules\org\jboss\logging\main\jboss-logging-3.1.0.GA.jar

查找picketbox-4.0.7.Final.jar的位置

Find the location of picketbox-4.0.7.Final.jar

检查picketbox jar是否具有org.picketbox.datasource。 security.SecureIdentityLoginModule类。

Check if the picketbox jar has org.picketbox.datasource.security.SecureIdentityLoginModule class.

从JBoss服务器根文件夹运行以下命令以加密数据源连接密码

Run the following command from JBoss server root folder to encrypt your datasource connection password

java -cp modules\org\jboss\logging\main\jboss-logging-3.1.0.GA.jar; modules\org\picketbox\main\picketbox-4.0.7 .Final.jar org.picketbox.datasource.security.SecureIdentityLoginModule PasswordXYZ

java -cp modules\org\jboss\logging\main\jboss-logging-3.1.0.GA.jar;modules\org\picketbox\main\picketbox-4.0.7.Final.jar org.picketbox.datasource.security.SecureIdentityLoginModule PasswordXYZ

获取输出文本，并在standalone.xml中添加以下安全域： / p>

Get the output text and in the standalone.xml add following security domain under elements:

            <security-domain name="encrypted-ds-WASM2" cache-type="default">
                <authentication>
                    <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                        <module-option name="username" value="WASM2"/>
                        <module-option name="password" value="89471a19022f8af"/>
                        <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=MySqlDS_Pool"/>
                    </login-module>
                </authentication>
            </security-domain>

在数据源元素中使用此安全域，如下所示：

Use this security domain in the datasource element as follows:

            <datasource jta="false" jndi-name="java:jboss/jdbc/JNDIDS" pool-name="OFS1" enabled="true" use-ccm="false">
                <connection-url>jdbc:oracle:thin:@x.x.x.x:1521:xxxx</connection-url>
                <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
                <driver>oracle</driver>
                <security>
                    <security-domain>encrypted-ds-WASM2</security-domain>
                </security>
                <validation>
                    <validate-on-match>false</validate-on-match>
                    <background-validation>false</background-validation>
                    <background-validation-millis>1</background-validation-millis>
                </validation>
                <statement>
                    <prepared-statement-cache-size>0</prepared-statement-cache-size>
                    <share-prepared-statements>false</share-prepared-statements>
                </statement>
            </datasource>

参考链接： http://middlewaremagic.com/jboss/?p=1026

这篇关于Wildfly：加密数据库的密码和用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！