一、Oracle數據源加密配置
1、修改oracle-test-ds.xml:
<user-name>db_username</user-name>
<password>db_password</password>
替換爲:
<security-domain>EncryptDBPasswordWFM</security-domain>
2、修改jboss-4.2.3.GA/server/default/conf/login-config.xml,添加如下配置:
<application-policy name= "EncryptDBPasswordWFM" > <authentication> <login-module code= "org.jboss.resource.security.SecureIdentityLoginModuleEx" flag= "required" > <module-option name= "username" >WFM_DB_USERNAME</module-option> <module-option name= "password" >WFM_DB_PASSWORD</module-option> <module-option name= "managedConnectionFactoryName" >jboss.jca:service=LocalTxCM,name=testDataSource</module-option> </login-module> </authentication> </application-policy> |
3、編寫類SecureIdentityLoginModuleEx繼承Jboss驗證類SecureIdentityLoginModule:
1)重寫初始化方法,賬號和密碼密文直接從password.properties中獲取
public
void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) { super .initialize(subject, handler, sharedState, options); //根據平臺提供的方法獲取賬號密碼 username = SecretPropUtil.getPasswordPropValue((String)options.get( "username" )); if (username ==
null ) { // NR : try with userName username = SecretPropUtil.getPasswordPropValue((String)options.get( "userName" )); if (username ==
null ) { throw new
IllegalArgumentException( "The user name is a required option" ); } } password = SecretPropUtil.getPasswordPropValue((String)options.get( "password" )); if (password ==
null ) { throw new
IllegalArgumentException( "The password is a required option" ); } } |
2)重寫解密算法改爲test自己的解密算法
private
static char [] decode(String secret) { String srcPwd = "" ; try { srcPwd = PasswordHandler.generateDecryptStr(secret); } catch (UnsupportDigestTypeNameException e) { LOGGER.error(e); } return srcPwd.toCharArray(); } |
3)將用到的jar包放入/jboss-4.2.3.GA/server/default/lib目錄下