jboss中对Oracle数据源加密配置

最新推荐文章于 2021-04-05 11:11:53 发布

liuzhixiong1992

最新推荐文章于 2021-04-05 11:11:53 发布

阅读量998

点赞数

分类专栏： jboss 文章标签： oracle jboss 数据源

本文链接：https://blog.csdn.net/liuzhixiong1992/article/details/38758703

版权

jboss 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

一、Oracle数据源加密配置
1、修改oracle-test-ds.xml：
<user-name>db_username</user-name>
<password>db_password</password>
替换为：
<security-domain>EncryptDBPasswordWFM</security-domain>

2、修改jboss-4.2.3.GA/server/default/conf/login-config.xml，添加如下配置：

 
          <application-policy name= 
          "EncryptDBPasswordWFM" 
          > 
         
          <authentication> 
         
          <login-module code= 
          "org.jboss.resource.security.SecureIdentityLoginModuleEx" 
          flag= 
          "required" 
          > 
         
          <module-option name= 
          "username" 
          >WFM_DB_USERNAME</module-option> 
         
          <module-option name= 
          "password" 
          >WFM_DB_PASSWORD</module-option> 
         
          <module-option name= 
          "managedConnectionFactoryName" 
          >jboss.jca:service=LocalTxCM,name=testDataSource</module-option> 
         
          </login-module> 
         
          </authentication> 
         
          </application-policy>

3、编写类SecureIdentityLoginModuleEx继承Jboss验证类SecureIdentityLoginModule：

1）重写初始化方法，账号和密码密文直接从password.properties中获取

 
          public 
           void 
          initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) 
         
          { 
         
          super 
          .initialize(subject, handler, sharedState, options); 
         
          //根据平台提供的方法获取账号密码 
         
          username = SecretPropUtil.getPasswordPropValue((String)options.get( 
          "username" 
          )); 
         
          if 
          (username ==  
          null 
          ) 
         
          { 
         
          // NR : try with userName 
         
          username = SecretPropUtil.getPasswordPropValue((String)options.get( 
          "userName" 
          )); 
         
          if 
          (username ==  
          null 
          ) 
         
          { 
         
          throw 
          new 
          IllegalArgumentException( 
          "The user name is a required option" 
          ); 
         
          } 
         
          } 
         
          password = SecretPropUtil.getPasswordPropValue((String)options.get( 
          "password" 
          )); 
         
          if 
          (password ==  
          null 
          ) 
         
          { 
         
          throw 
          new 
          IllegalArgumentException( 
          "The password is a required option" 
          ); 
         
          } 
         
          }

2）重写解密算法改为test自己的解密算法

 
          private 
           static 
          char 
          [] decode(String secret) 
         
          { 
         
          String srcPwd = 
          "" 
          ; 
         
          try 
         
          { 
         
          srcPwd = PasswordHandler.generateDecryptStr(secret); 
         
          } 
         
          catch 
          (UnsupportDigestTypeNameException e) 
         
          { 
         
          LOGGER.error(e); 
         
          } 
         
          return 
          srcPwd.toCharArray(); 
         
          }