红帽全球峰会此内容没有您所选择的语言版本。
17.2. Configured Identity with Password Based Encryption (PBE)
The
org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule is a login module for statically defining a data source using a password that has been encrypted by a JaasSecurityDomain. The base64 format of the data source password may be generated using PBEUtils:
Procedure 17.4. Encrypt password with PBEUtils - Platforms version 5.0 and 5.0.1
This procedure encrypts a password on JBoss Enterprise Application Platform versions 5.0 and 5.0.1.
- Execute the command:
java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.PBEUtils \ salt count domain-password data-source-password
java -cp jboss-as/common/lib/jbosssx.jar org.jboss.security.plugins.PBEUtils \ salt count domain-password data-source-passwordCopy to Clipboard Copied! Toggle word wrap Toggle overflow Result:The encrypted password is displayed
Procedure 17.5. Encrypt password with PBEUtils - Platform version 5.1
This procedure encrypts a password on JBoss Enterprise Application Platform versions 5.1 and later.
- Execute the command:
java -cp jboss-as/lib/jbosssx.jar org.jboss.security.plugins.PBEUtils \ salt count domain-password data-source-password
java -cp jboss-as/lib/jbosssx.jar org.jboss.security.plugins.PBEUtils \ salt count domain-password data-source-passwordCopy to Clipboard Copied! Toggle word wrap Toggle overflow Result:The encrypted password is displayed
The parameters for the
PBEUtils are:
- salt
- The Salt attribute from the JaasSecurityDomain (Must only be eight characters long).
- count
- The IterationCount attribute from the JaasSecurity domain.
- domain-password
- The plain text password that maps to the KeyStorePass attribute from the JaasSecurityDomain.
- data-source-password
- The plain text password for the data source that should be encrypted with the JaasSecurityDomain password.
Example 17.3, “PBEUtils command example” provides an example of the command with its output.
Example 17.3. PBEUtils command example
java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils abcdefgh 13 master password Encoded password: 3zbEkBDfpQAASa3H39pIyP
java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils abcdefgh 13 master password
Encoded password: 3zbEkBDfpQAASa3H39pIyP
Add the following application policy to the
$JBOSS_HOME/server/$PROFILE/conf/login-config.xml file.
The
$JBOSS_HOME/docs/examples/jca/hsqldb-encrypted-ds.xml illustrates that data source configuration along with the JaasSecurityDomain configuration for the keystore:
Example 17.4, “FilePassword command example” provides an example of the command with its output.
Example 17.4. FilePassword command example
The following example refers to the file
.../conf/server.password. You first need to run the following command, which will store the encryption details and obfuscated master password:
java -cp jboss-as/lib/jbosssx.jar org.jboss.security.plugins.FilePassword salt count master_password password_file
For example: java -cp jboss-as/lib/jbosssx.jar org.jboss.security.plugins.FilePassword abcdefgh 13 master jboss-as/server/$PROFILE/conf/server.password
java -cp jboss-as/lib/jbosssx.jar org.jboss.security.plugins.FilePassword salt count master_password password_file
For example: java -cp jboss-as/lib/jbosssx.jar org.jboss.security.plugins.FilePassword abcdefgh 13 master jboss-as/server/$PROFILE/conf/server.password
Warning
Remember to use the same Salt and IterationCount in the MBean that was used during the password generation step.
Note
When starting a service that depends on an encrypted data source, the error
java.security.InvalidAlgorithmParameterException: Parameters missing is raised when the following MBean is not yet started as a service:
(jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword)
(jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword)
Include the following element so that the MBean starts before the data source, as per the example
hsqldb-encrypted-ds.xml code shown previously.
<depends>jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</depends>
<depends>jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</depends>
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}