一、Oracle数据源加密配置
1、修改oracle-test-ds.xml:
<user-name>db_username</user-name>
<password>db_password</password>
替换为:
<security-domain>EncryptDBPasswordWFM</security-domain>
2、修改jboss-4.2.3.GA/server/default/conf/login-config.xml,添加如下配置:
<application-policy name=
"EncryptDBPasswordWFM"
>
<authentication>
<login-module code=
"org.jboss.resource.security.SecureIdentityLoginModuleEx"
flag=
"required"
>
<module-option name=
"username"
>WFM_DB_USERNAME</module-option>
<module-option name=
"password"
>WFM_DB_PASSWORD</module-option>
<module-option name=
"managedConnectionFactoryName"
>jboss.jca:service=LocalTxCM,name=testDataSource</module-option>
</login-module>
</authentication>
</application-policy>
|
3、编写类SecureIdentityLoginModuleEx继承Jboss验证类SecureIdentityLoginModule:
1)重写初始化方法,账号和密码密文直接从password.properties中获取
public
void
initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
{
super
.initialize(subject, handler, sharedState, options);
//根据平台提供的方法获取账号密码
username = SecretPropUtil.getPasswordPropValue((String)options.get(
"username"
));
if
(username ==
null
)
{
// NR : try with userName
username = SecretPropUtil.getPasswordPropValue((String)options.get(
"userName"
));
if
(username ==
null
)
{
throw
new
IllegalArgumentException(
"The user name is a required option"
);
}
}
password = SecretPropUtil.getPasswordPropValue((String)options.get(
"password"
));
if
(password ==
null
)
{
throw
new
IllegalArgumentException(
"The password is a required option"
);
}
}
|
2)重写解密算法改为test自己的解密算法
private
static
char
[] decode(String secret)
{
String srcPwd =
""
;
try
{
srcPwd = PasswordHandler.generateDecryptStr(secret);
}
catch
(UnsupportDigestTypeNameException e)
{
LOGGER.error(e);
}
return
srcPwd.toCharArray();
}
|
3)将用到的jar包放入/jboss-4.2.3.GA/server/default/lib目录下