JBoss下DataSource加密(下)

JBoss下DataSource加密(下)

数据源文件：my-oracle-ds.xml

< datasources >
     < local-tx-datasource >
         < jndi-name > jdbc/my-local </ jndi-name >
        < connection-url >
            jdbc:oracle:thin:@10.5.7.30:1521:orcl
         </ connection-url >
         < driver-class > oracle.jdbc.driver.OracleDriver </ driver-class >
        < security-domain > EncryptedOracleDbRealm </ security-domain >
         < exception-sorter-class-name >
            org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter
         </ exception-sorter-class-name >
         < metadata >
             < type-mapping > Oracle10g </ type-mapping >
         </ metadata >
         < depends >
            jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword
         </ depends >
     </ local-tx-datasource >



     < mbean  code ="org.jboss.security.plugins.JaasSecurityDomain"
        name ="jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword" >
         < constructor >
             < arg  type ="java.lang.String"  value ="ServerMasterPassword" ></ arg >
         </ constructor >
         <!--  The opaque master password file used to decrypt the encrypted
            database password key  -->
         < attribute  name ="KeyStorePass" >
            {CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password
         </ attribute >
         < attribute  name ="Salt" > abcdefgh </ attribute >
         < attribute  name ="IterationCount" > 13 </ attribute >
     </ mbean >

</ datasources >

在jboss4.3/jboss-as/server/default/conf/login-config.xml中增加节点：

< application-policy  name ="EncryptedOracleDbRealm" >
     < authentication >
         < login-module
             code ="org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule"
            flag ="required" >
             < module-option  name ="username" > username </ module-option >
             < module-option  name ="password" >
                3wW33nIpavHK4pd3qoNTbA
             </ module-option >
             < module-option  name ="managedConnectionFactoryName" >
                jboss.jca:service=LocalTxCM,name=jdbc/my-local
             </ module-option >
             < module-option  name ="jaasSecurityDomain" >
                jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword
             </ module-option >
         </ login-module >
     </ authentication >
</ application-policy >

以上的password由下面命令得出：

E:\JBOSS\jboss4 .3 \jboss-as\server\default\lib>java -cp jbosssx.jar
org.jboss.security.plugins.PBEUtils abcdefgh  13  master mypassowrd
Encoded password:  2mqrIBSpp8JVWFAqCBklhf

生成server.password文件：

E:\JBOSS\jboss4 .3 \jboss-as\server\default\lib>java -cp jbosssx.jar
org.jboss.security.plugins.FilePassword abcdefgh  13  master server.password

产生后拷贝到：${jboss.server.home.dir}/conf中。