一、Oracle數據源加密配置
1、修改oracle-test-ds.xml:
<user-name>db_username</user-name>
<password>db_password</password>
替換爲:
<security-domain>EncryptDBPasswordWFM</security-domain>
2、修改jboss-4.2.3.GA/server/default/conf/login-config.xml,添加如下配置:
<application-policy name="EncryptDBPasswordWFM"> <authentication> <login-module code="org.jboss.resource.security.SecureIdentityLoginModuleEx"flag="required"> <module-option name="username">WFM_DB_USERNAME</module-option> <module-option name="password">WFM_DB_PASSWORD</module-option> <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=testDataSource</module-option> </login-module> </authentication></application-policy> |
3、編寫類SecureIdentityLoginModuleEx繼承Jboss驗證類SecureIdentityLoginModule:
1)重寫初始化方法,賬號和密碼密文直接從password.properties中獲取
public
void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) { super.initialize(subject, handler, sharedState, options); //根據平臺提供的方法獲取賬號密碼 username = SecretPropUtil.getPasswordPropValue((String)options.get("username")); if(username ==
null) { // NR : try with userName username = SecretPropUtil.getPasswordPropValue((String)options.get("userName")); if(username ==
null) { thrownew
IllegalArgumentException("The user name is a required option"); } } password = SecretPropUtil.getPasswordPropValue((String)options.get("password")); if(password ==
null) { thrownew
IllegalArgumentException("The password is a required option"); } } |
2)重寫解密算法改爲test自己的解密算法
private
static char[] decode(String secret) { String srcPwd =""; try { srcPwd = PasswordHandler.generateDecryptStr(secret); } catch(UnsupportDigestTypeNameException e) { LOGGER.error(e); } returnsrcPwd.toCharArray(); } |
3)將用到的jar包放入/jboss-4.2.3.GA/server/default/lib目錄下