html/3.0/datasource-password-encryption.html - tomee-site-ng - Git at Google


 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <HTML>
   <HEAD>
     <!-- $PAGETITLE -->
     <TITLE>OpenEJB - DataSource Password Encryption</TITLE>
     <LINK href="http://openejb.apache.org/all.css" rel="stylesheet" type="text/css">
     <!--[if IE]><link rel="stylesheet" type="text/css" media="screen, projection" href="openejb.apache.org/ie.css"><![endif]-->

     <LINK rel="SHORTCUT ICON" href="http://openejb.apache.org/images/favicon.ico">
     <META http-equiv="Content-Type" content="text/html;charset=UTF-8">
   </HEAD>
   <BODY>

     <!-- Delay the loading of the external javascript file needed for labels (as it takes too long to load and visibly holds loading of the page body) -->
     <!-- To do this without javascript errors over undefined functions, we need to declare stubs here (that are overrided later by the proper implementations) -->
     <SCRIPT language="JavaScript" type="text/javascript">
       function doAddLabel(hideTextfieldAfterAddParam)
       {
       // stub
       }

       function onAddLabel()
       {
       // stub
       }

       function showLabelsInput()
       {
       // stub
       }
     </SCRIPT>

     <A name="top"></A>
     <TABLE class="frameTable" cellpadding="0" cellspacing="0" border="0">
       <TR class="Row1">
         <TD class="Col1"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col2"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col3"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col5"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
       </TR>
       <TR class="Row2">
         <TD class="Col1"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col2">&nbsp;</TD>
         <TD class="Col3" id="breadcrumbs">
           <!-- $TOP_NAV_BAR -->
                     <A href="../OPENEJB/index.html" title="Index">Home</A> | <A href="../OPENEJB/download.html" title="Download">Download</A> | <A href="../OPENEJB/mailing-lists.html" title="Mailing Lists">Lists</A> | <A href="http://issues.apache.org/jira/browse/OPENEJB" class="external-link" rel="nofollow">Issues</A>

         </TD>
         <TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col5">&nbsp;</TD>
       </TR>
       <TR class="Row3">
         <TD class="Col1"><IMG alt="" class="Row3Img" id="thinLine" src="http://openejb.apache.org/images/line_sm.gif"></TD>
         <TD class="Col2"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col3"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col5"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
       </TR>
       <TR class="Row4">
         <TD class="Col1">
           <SPAN id="Navigation">

                         <H3><A name="Navigation-Overview"></A>Overview</H3>

 <UL class="alternate" type="square">
 	<LI><A href="../OPENEJB/index.html" title="Index">Home</A></LI>
 	<LI><A href="../OPENEJB/news.html" title="News">News</A></LI>
 	<LI><A href="../OPENEJB/faq.html" title="FAQ">FAQ</A></LI>
 	<LI><A href="../OPENEJB/download.html" title="Download">Download</A></LI>
 	<LI><A href="index.html" title="Index">Documentation</A></LI>
 	<LI><A href="../OPENEJB/examples.html" title="Examples">Examples</A></LI>
 	<LI><A href="http://cwiki.apache.org/confluence/display/OPENEJB/Lightening%20Demos" class="external-link" rel="nofollow">Lightning Demos</A></LI>
 	<LI><A href="../OPENEJB/mailing-lists.html" title="Mailing Lists">Mailing Lists</A></LI>
 	<LI><A href="../OPENEJB/source-code.html" title="Source Code">Source Code</A></LI>
 	<LI><A href="http://blogs.apache.org/openejb" class="external-link" rel="nofollow">Project Blog</A></LI>
 </UL>


 <H3><A name="Navigation-Servers"></A>Servers</H3>

 <UL class="alternate" type="square">
 	<LI><A href="../OPENEJB/local-server.html" title="Local Server">Local</A></LI>
 	<LI><A href="../OPENEJB/remote-server.html" title="Remote Server">Remote</A></LI>
 </UL>


 <H3><A name="Navigation-Integrations"></A>Integrations</H3>

 <UL class="alternate" type="square">
 	<LI><A href="tomcat.html" title="Tomcat">Tomcat</A></LI>
 	<LI><A href="../OPENEJB/geronimo.html" title="Geronimo">Geronimo</A></LI>
 	<LI><A href="../OPENEJB/webobjects.html" title="WebObjects">WebObjects</A></LI>
 </UL>


 <H3><A name="Navigation-Community"></A>Community</H3>

 <UL class="alternate" type="square">
 	<LI><A href="../OPENEJB/team.html" title="Team">Team</A></LI>
 	<LI><A href="../OPENEJB/articles.html" title="Articles">Articles</A></LI>
 	<LI><A href="http://webchat.freenode.net/?channels=openejb" class="external-link" rel="nofollow">IRC</A></LI>
 </UL>


 <H3><A name="Navigation-RelatedProjects"></A>Related Projects</H3>

 <UL class="alternate" type="square">
 	<LI><A href="http://activemq.apache.org/" class="external-link" rel="nofollow">ActiveMQ</A></LI>
 	<LI><A href="http://openjpa.apache.org/" class="external-link" rel="nofollow">OpenJPA</A></LI>
 	<LI><A href="http://cxf.apache.org/" class="external-link" rel="nofollow">CXF</A></LI>
 </UL>


 <H3><A name="Navigation-Index"></A>Index</H3>
 <UL class="alternate" type="square">
 	<LI><A href="../OPENEJB/space-index.html" title="Space Index">Site Index</A></LI>
 	<LI><A href="space-index.html" title="Space Index">Doc Index</A></LI>
 </UL>

             <H3>
               <A name="Navigation-Feeds"></A>
               Feeds
             </H3>

             <UL class="feeds">
             <LI>
               <A href="http://cwiki.apache.org/confluence/spaces/rss.action?key=OPENEJB&newPages=false">
               <IMG src="http://openejb.apache.org/images/rss.gif"></A>
               <A class="feedsText" href="http://cwiki.apache.org/confluence/spaces/rss.action?key=OPENEJB&newPages=false">Site</A>
             </LI>

             <LI><A href="http://cwiki.apache.org/confluence/spaces/blogrss.action?key=OPENEJB">
               <IMG src="http://openejb.apache.org/images/rss.gif"></A>
               <A class="feedsText" href="http://cwiki.apache.org/confluence/spaces/blogrss.action?key=OPENEJB">News</A>
             </LI>
             </UL>
           </SPAN>
         </TD>
         <TD class="Col2">&nbsp;</TD>
         <TD class="Col3">
           <TABLE id="PageHeader" border="0" width="100%">
             <TR>
               <TD>
                 <A href="http://openejb.org/">
                   <IMG hspace="0" src="http://openejb.apache.org/images/logo_openejb.gif" vspace="0">
                 </A>
               </TD>
               <TD align="right">
                 <A href="http://www.apache.org/">
                   <IMG src="http://www.apache.org/images/asf-logo.gif" width="258" height="66">
                 </A>
               </TD>
             </TR>
             <TR>
               <TD id="page_title">
                 <!-- $TITLE -->
                 DataSource Password Encryption
               </TD>

               <TD align="right">
                 <BR><BR>
                 <!-- Google CSE Search Box Begins  -->
                 <FORM id="searchbox_010475492895890475512:_t4iqjrgx90" action="http://www.google.com/cse">
                   <INPUT type="hidden" name="cx" value="010475492895890475512:_t4iqjrgx90">
                   <INPUT type="hidden" name="cof" value="FORID:0">
                   <INPUT name="q" type="text" size="25">
                   <INPUT type="submit" name="sa" value="Search">
                 </FORM>
                 <SCRIPT type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_010475492895890475512:_t4iqjrgx90"></SCRIPT>
                 <!-- Google CSE Search Box Ends -->

               </TD>
             </TR>
           </TABLE>
           <P>
             <!-- $BODY -->
             <DIV id="PageContent">
               <DIV class="panelMacro"><TABLE class="noteMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD>Apache OpenEJB 3.1.2 or later required</TD></TR></TABLE></DIV>
 <H1><A name="DataSourcePasswordEncryption-Cipheringpasswords"></A>Ciphering passwords</H1>
 <P>Apache OpenEJB now provides an easy and extensible way to cipher databases passwords. Not that by default, this feature is not activated so plain passwords are used.</P>

 <H2><A name="DataSourcePasswordEncryption-Usage"></A>Usage</H2>

 <UL>
 	<LI>Default Plain text password example:
 <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
 <PRE class="code-xml">
 <SPAN class="code-tag">&lt;Resource id=<SPAN class="code-quote">&quot;MySQL Database&quot;</SPAN> type=<SPAN class="code-quote">&quot;DataSource&quot;</SPAN>&gt;</SPAN>
     #  MySQL example
     #
     #  This connector will not work until you download the driver at:
     #  http://www.mysql.com/downloads/api-jdbc-stable.html

     JdbcDriver  com.mysql.jdbc.Driver
     JdbcUrl     jdbc:mysql://localhost/test
     UserName    test
     Password    Passw0rd
 <SPAN class="code-tag">&lt;/Resource&gt;</SPAN>
 </PRE>
 </DIV></DIV></LI>
 </UL>


 <UL>
 	<LI>3DES ciphered password example:<BR>
 Note that the built in 3DES implementation uses <B>a static key</B> to encode/decode your password.
 <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
 <PRE class="code-xml">
 <SPAN class="code-tag">&lt;Resource id=<SPAN class="code-quote">&quot;MySQL Database&quot;</SPAN> type=<SPAN class="code-quote">&quot;DataSource&quot;</SPAN>&gt;</SPAN>
     #  MySQL example
     #
     #  This connector will not work until you download the driver at:
     #  http://www.mysql.com/downloads/api-jdbc-stable.html

     JdbcDriver  com.mysql.jdbc.Driver
     JdbcUrl     jdbc:mysql://localhost/test
     UserName    test

     # ciphered value for Passw0rd using Static3DES codec is xMH5uM1V9vQzVUv5LG7YLA==
     Password    xMH5uM1V9vQzVUv5LG7YLA==
     PasswordCipher Static3DES
 <SPAN class="code-tag">&lt;/Resource&gt;</SPAN>
 </PRE>
 </DIV></DIV></LI>
 </UL>


 <DIV class="panelMacro"><TABLE class="tipMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD><B>Hint</B><BR>You can plug your own algorithm to extend Apache OpenEJB built in ones. To do such, you just need to implement the
 <DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
 <PRE>org.apache.openejb.resource.jdbc.PasswordCipher</PRE>
 </DIV></DIV>
 <P> interface and push a file in </P>
 <DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
 <PRE>META-INF/org.apache.openejb.resource.jdbc.PasswordCipher/&lt;your cipher algorithm alias&gt;</PRE>
 </DIV></DIV>
 <P> containing the fully qualified name of your implementation.</P></TD></TR></TABLE></DIV>

 <H2><A name="DataSourcePasswordEncryption-Commandlinetool"></A>Command line tool</H2>
 <P>Apache OpenEJB also provides a command line tool allowing password cipher algorithm. Actually, it's useful to get the ciphered value of a plain text value using a given algorithm.</P>

 <H3><A name="DataSourcePasswordEncryption-NAME"></A>NAME</H3>

 <P>openejb cipher - OpenEJB Cypher Tool</P>

 <H3><A name="DataSourcePasswordEncryption-SYNOPSIS"></A>SYNOPSIS</H3>

 <P>openejb cipher <A href="#DataSourcePasswordEncryption-options">options</A> &lt;value&gt;</P>

 <H3><A name="DataSourcePasswordEncryption-DESCRIPTION"></A>DESCRIPTION</H3>

 <P>The OpenEJB Cipher tool is an OPTIONAL tool that allows you to use <TT>PasswordCipher</TT> algorithm to encode/decode values.</P>

 <P>It can be used to deploy into an offline server, however in this scenario it simply copies the archive into the openejb.base/apps directory which is something that can be done manually with a simple copy command or drag and drop.</P>

 <P>The OpenEJB Cipher tool can be executed from any directory as long as &lt;OPENEJB_HOME&gt;/bin is in the system PATH. Before running this tool you need to set the environment variable OPENEJB_HOME to the path of the directory where you unpacked the OpenEJB installation. For for the remainder of this document we will assume you unpacked OpenEJB into the directory C:\openejb-3.1.2.</P>

 <P>In Windows, the cipher tool can be executed as follows:</P>

 <P><TT>C:\openejb-3.1.2&gt; bin\openejb cipher --help</TT></P>

 <P>In UNIX, Linux, or Mac OS X, the cipher tool can be executed as follows:</P>

 <P><TT>[user@host openejb-3.1.2]# bin/openejb cipher --help</TT></P>

 <P>Depending on your OpenEJB version, you may need to change execution bits to make the scripts executable.  You can do this with the following command.</P>

 <P><TT>[user@host openejb-3.1.2]# chmod 755 bin/openejb</TT></P>

 <P>From here on out, it will be assumed that you know how to execute the right openejb script for your operating system and commands will appear in shorthand as show below.</P>

 <P><TT>openejb cipher --help</TT></P>

 <H3><A name="DataSourcePasswordEncryption-OPTIONS"></A>OPTIONS</H3>

 <DIV class="table-wrap">
 <TABLE class="confluenceTable"><TBODY>
 <TR>
 <TD class="confluenceTd">-h, --<EM>help</EM> </TD>
 <TD class="confluenceTd">Lists these options and exit.</TD>
 </TR>
 <TR>
 <TD class="confluenceTd">-c, --<EM>cipher</EM> </TD>
 <TD class="confluenceTd">Specifies the password cipher implementation to use (default is Static3DES).</TD>
 </TR>
 <TR>
 <TD class="confluenceTd">-d, --<EM>decrypt</EM> </TD>
 <TD class="confluenceTd">Switches command line tool to decrypt.</TD>
 </TR>
 <TR>
 <TD class="confluenceTd">-e, --<EM>encrypt</EM> </TD>
 <TD class="confluenceTd">Switches command line tool to encrypt (default).</TD>
 </TR>
 </TBODY></TABLE>
 </DIV>


 <H3><A name="DataSourcePasswordEncryption-EXAMPLES"></A>EXAMPLES</H3>

 <P>Encrypt a plain password using the default algorithm. <BR>
 <TT>openejb cipher Passw0rd</TT></P>

 <P>Output</P>
 <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
 <PRE class="code-java">
 xMH5uM1V9vQzVUv5LG7YLA==
 </PRE>
 </DIV></DIV>
             </DIV>
           </P>
         </TD>
         <TD class="Col4"><IMG src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col5">


             </TD>
       </TR>
       <TR class="Row5">
         <TD class="Col1">&nbsp;</TD>
         <TD class="Col2">&nbsp;</TD>
         <TD class="Col3">
           <BR>
           <BR>
           <IMG width="100%" height="1" src="http://openejb.apache.org/images/line_light.gif">
           <TABLE width="100%">
             <TR>
               <TD>
                 <SPAN class="bodyGrey">
                   <SMALL>
                     <NOTICE><!-- $FOOTER -->
                       Apache OpenEJB is an project of The Apache Software Foundation (ASF)
                     </NOTICE>
                     <BR>
                     Site Powered by
                     <A href="http://atlassian.com/">Atlassian</A>
                     <A href="http://atlassian.com/confluence/">Confluence</A>
                     .
                   </SMALL>
                 </SPAN>
               </TD>
               <TD align="right">
                 <A style="color:#999;font-size:small;font-weight:normal;" href="https://cwiki.apache.org/confluence/pages/editpage.action?spaceKey=OPENEJBx30&title=DataSource%20Password%20Encryption">[ edit ]</A>
               </TD>
             </TR>
           </TABLE>
           <BR>
         </TD>
         <TD class="Col4"><IMG src="http://openejb.apache.org/images/dotTrans.gif"></TD>
         <TD class="Col5">&nbsp;</TD>
       </TR>
     </TABLE>

     <!-- Needed for composition plugin -->
     <!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
     <SPAN style="display: none">
       <SCRIPT type="text/javascript" language="JavaScript" src="http://cwiki.apache.org/confluence/labels-javascript"></SCRIPT>

       <SCRIPT src="http://www.google-analytics.com/urchin.js" type="text/javascript">
       </SCRIPT>
       <SCRIPT type="text/javascript">
         _uacct = "UA-2717626-1";
         urchinTracker();
       </SCRIPT>
     </SPAN>

   </BODY>
 </HTML>

	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
	<HTML>
	<HEAD>
	<!-- $PAGETITLE -->
	<TITLE>OpenEJB - DataSource Password Encryption</TITLE>
	<LINK href="http://openejb.apache.org/all.css" rel="stylesheet" type="text/css">
	<!--[if IE]><link rel="stylesheet" type="text/css" media="screen, projection" href="openejb.apache.org/ie.css"><![endif]-->

	<LINK rel="SHORTCUT ICON" href="http://openejb.apache.org/images/favicon.ico">
	<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
	</HEAD>
	<BODY>

	<!-- Delay the loading of the external javascript file needed for labels (as it takes too long to load and visibly holds loading of the page body) -->
	<!-- To do this without javascript errors over undefined functions, we need to declare stubs here (that are overrided later by the proper implementations) -->
	<SCRIPT language="JavaScript" type="text/javascript">
	function doAddLabel(hideTextfieldAfterAddParam)
	{
	// stub
	}

	function onAddLabel()
	{
	// stub
	}

	function showLabelsInput()
	{
	// stub
	}
	</SCRIPT>

	<A name="top"></A>
	<TABLE class="frameTable" cellpadding="0" cellspacing="0" border="0">
	<TR class="Row1">
	<TD class="Col1"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col2"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col3"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col5"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	</TR>
	<TR class="Row2">
	<TD class="Col1"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col2"> </TD>
	<TD class="Col3" id="breadcrumbs">
	<!-- $TOP_NAV_BAR -->
	<A href="../OPENEJB/index.html" title="Index">Home</A> \| <A href="../OPENEJB/download.html" title="Download">Download</A> \| <A href="../OPENEJB/mailing-lists.html" title="Mailing Lists">Lists</A> \| <A href="http://issues.apache.org/jira/browse/OPENEJB" class="external-link" rel="nofollow">Issues</A>

	</TD>
	<TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col5"> </TD>
	</TR>
	<TR class="Row3">
	<TD class="Col1"><IMG alt="" class="Row3Img" id="thinLine" src="http://openejb.apache.org/images/line_sm.gif"></TD>
	<TD class="Col2"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col3"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col5"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	</TR>
	<TR class="Row4">
	<TD class="Col1">
	<SPAN id="Navigation">

	<H3><A name="Navigation-Overview"></A>Overview</H3>

	<UL class="alternate" type="square">
	<LI><A href="../OPENEJB/index.html" title="Index">Home</A></LI>
	<LI><A href="../OPENEJB/news.html" title="News">News</A></LI>
	<LI><A href="../OPENEJB/faq.html" title="FAQ">FAQ</A></LI>
	<LI><A href="../OPENEJB/download.html" title="Download">Download</A></LI>
	<LI><A href="index.html" title="Index">Documentation</A></LI>
	<LI><A href="../OPENEJB/examples.html" title="Examples">Examples</A></LI>
	<LI><A href="http://cwiki.apache.org/confluence/display/OPENEJB/Lightening%20Demos" class="external-link" rel="nofollow">Lightning Demos</A></LI>
	<LI><A href="../OPENEJB/mailing-lists.html" title="Mailing Lists">Mailing Lists</A></LI>
	<LI><A href="../OPENEJB/source-code.html" title="Source Code">Source Code</A></LI>
	<LI><A href="http://blogs.apache.org/openejb" class="external-link" rel="nofollow">Project Blog</A></LI>
	</UL>


	<H3><A name="Navigation-Servers"></A>Servers</H3>

	<UL class="alternate" type="square">
	<LI><A href="../OPENEJB/local-server.html" title="Local Server">Local</A></LI>
	<LI><A href="../OPENEJB/remote-server.html" title="Remote Server">Remote</A></LI>
	</UL>


	<H3><A name="Navigation-Integrations"></A>Integrations</H3>

	<UL class="alternate" type="square">
	<LI><A href="tomcat.html" title="Tomcat">Tomcat</A></LI>
	<LI><A href="../OPENEJB/geronimo.html" title="Geronimo">Geronimo</A></LI>
	<LI><A href="../OPENEJB/webobjects.html" title="WebObjects">WebObjects</A></LI>
	</UL>


	<H3><A name="Navigation-Community"></A>Community</H3>

	<UL class="alternate" type="square">
	<LI><A href="../OPENEJB/team.html" title="Team">Team</A></LI>
	<LI><A href="../OPENEJB/articles.html" title="Articles">Articles</A></LI>
	<LI><A href="http://webchat.freenode.net/?channels=openejb" class="external-link" rel="nofollow">IRC</A></LI>
	</UL>


	<H3><A name="Navigation-RelatedProjects"></A>Related Projects</H3>

	<UL class="alternate" type="square">
	<LI><A href="http://activemq.apache.org/" class="external-link" rel="nofollow">ActiveMQ</A></LI>
	<LI><A href="http://openjpa.apache.org/" class="external-link" rel="nofollow">OpenJPA</A></LI>
	<LI><A href="http://cxf.apache.org/" class="external-link" rel="nofollow">CXF</A></LI>
	</UL>


	<H3><A name="Navigation-Index"></A>Index</H3>
	<UL class="alternate" type="square">
	<LI><A href="../OPENEJB/space-index.html" title="Space Index">Site Index</A></LI>
	<LI><A href="space-index.html" title="Space Index">Doc Index</A></LI>
	</UL>

	<H3>
	<A name="Navigation-Feeds"></A>
	Feeds
	</H3>

	<UL class="feeds">
	<LI>
	<A href="http://cwiki.apache.org/confluence/spaces/rss.action?key=OPENEJB&newPages=false">
	<IMG src="http://openejb.apache.org/images/rss.gif"></A>
	<A class="feedsText" href="http://cwiki.apache.org/confluence/spaces/rss.action?key=OPENEJB&newPages=false">Site</A>
	</LI>

	<LI><A href="http://cwiki.apache.org/confluence/spaces/blogrss.action?key=OPENEJB">
	<IMG src="http://openejb.apache.org/images/rss.gif"></A>
	<A class="feedsText" href="http://cwiki.apache.org/confluence/spaces/blogrss.action?key=OPENEJB">News</A>
	</LI>
	</UL>
	</SPAN>
	</TD>
	<TD class="Col2"> </TD>
	<TD class="Col3">
	<TABLE id="PageHeader" border="0" width="100%">
	<TR>
	<TD>
	<A href="http://openejb.org/">
	<IMG hspace="0" src="http://openejb.apache.org/images/logo_openejb.gif" vspace="0">
	</A>
	</TD>
	<TD align="right">
	<A href="http://www.apache.org/">
	<IMG src="http://www.apache.org/images/asf-logo.gif" width="258" height="66">
	</A>
	</TD>
	</TR>
	<TR>
	<TD id="page_title">
	<!-- $TITLE -->
	DataSource Password Encryption
	</TD>

	<TD align="right">
	<BR><BR>
	<!-- Google CSE Search Box Begins -->
	<FORM id="searchbox_010475492895890475512:_t4iqjrgx90" action="http://www.google.com/cse">
	<INPUT type="hidden" name="cx" value="010475492895890475512:_t4iqjrgx90">
	<INPUT type="hidden" name="cof" value="FORID:0">
	<INPUT name="q" type="text" size="25">
	<INPUT type="submit" name="sa" value="Search">
	</FORM>
	<SCRIPT type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_010475492895890475512:_t4iqjrgx90"></SCRIPT>
	<!-- Google CSE Search Box Ends -->

	</TD>
	</TR>
	</TABLE>
	<P>
	<!-- $BODY -->
	<DIV id="PageContent">
	<DIV class="panelMacro"><TABLE class="noteMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD>Apache OpenEJB 3.1.2 or later required</TD></TR></TABLE></DIV>
	<H1><A name="DataSourcePasswordEncryption-Cipheringpasswords"></A>Ciphering passwords</H1>
	<P>Apache OpenEJB now provides an easy and extensible way to cipher databases passwords. Not that by default, this feature is not activated so plain passwords are used.</P>

	<H2><A name="DataSourcePasswordEncryption-Usage"></A>Usage</H2>

	<UL>
	<LI>Default Plain text password example:
	<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
	<PRE class="code-xml">
	<SPAN class="code-tag"><Resource id=<SPAN class="code-quote">"MySQL Database"</SPAN> type=<SPAN class="code-quote">"DataSource"</SPAN>></SPAN>
	# MySQL example
	#
	# This connector will not work until you download the driver at:
	# http://www.mysql.com/downloads/api-jdbc-stable.html

	JdbcDriver com.mysql.jdbc.Driver
	JdbcUrl jdbc:mysql://localhost/test
	UserName test
	Password Passw0rd
	<SPAN class="code-tag"></Resource></SPAN>
	</PRE>
	</DIV></DIV></LI>
	</UL>


	<UL>
	<LI>3DES ciphered password example:<BR>
	Note that the built in 3DES implementation uses <B>a static key</B> to encode/decode your password.
	<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
	<PRE class="code-xml">
	<SPAN class="code-tag"><Resource id=<SPAN class="code-quote">"MySQL Database"</SPAN> type=<SPAN class="code-quote">"DataSource"</SPAN>></SPAN>
	# MySQL example
	#
	# This connector will not work until you download the driver at:
	# http://www.mysql.com/downloads/api-jdbc-stable.html

	JdbcDriver com.mysql.jdbc.Driver
	JdbcUrl jdbc:mysql://localhost/test
	UserName test

	# ciphered value for Passw0rd using Static3DES codec is xMH5uM1V9vQzVUv5LG7YLA==
	Password xMH5uM1V9vQzVUv5LG7YLA==
	PasswordCipher Static3DES
	<SPAN class="code-tag"></Resource></SPAN>
	</PRE>
	</DIV></DIV></LI>
	</UL>


	<DIV class="panelMacro"><TABLE class="tipMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD><B>Hint</B><BR>You can plug your own algorithm to extend Apache OpenEJB built in ones. To do such, you just need to implement the
	<DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
	<PRE>org.apache.openejb.resource.jdbc.PasswordCipher</PRE>
	</DIV></DIV>
	<P> interface and push a file in </P>
	<DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
	<PRE>META-INF/org.apache.openejb.resource.jdbc.PasswordCipher/<your cipher algorithm alias></PRE>
	</DIV></DIV>
	<P> containing the fully qualified name of your implementation.</P></TD></TR></TABLE></DIV>

	<H2><A name="DataSourcePasswordEncryption-Commandlinetool"></A>Command line tool</H2>
	<P>Apache OpenEJB also provides a command line tool allowing password cipher algorithm. Actually, it's useful to get the ciphered value of a plain text value using a given algorithm.</P>

	<H3><A name="DataSourcePasswordEncryption-NAME"></A>NAME</H3>

	<P>openejb cipher - OpenEJB Cypher Tool</P>

	<H3><A name="DataSourcePasswordEncryption-SYNOPSIS"></A>SYNOPSIS</H3>

	<P>openejb cipher <A href="#DataSourcePasswordEncryption-options">options</A> <value></P>

	<H3><A name="DataSourcePasswordEncryption-DESCRIPTION"></A>DESCRIPTION</H3>

	<P>The OpenEJB Cipher tool is an OPTIONAL tool that allows you to use <TT>PasswordCipher</TT> algorithm to encode/decode values.</P>

	<P>It can be used to deploy into an offline server, however in this scenario it simply copies the archive into the openejb.base/apps directory which is something that can be done manually with a simple copy command or drag and drop.</P>

	<P>The OpenEJB Cipher tool can be executed from any directory as long as <OPENEJB_HOME>/bin is in the system PATH. Before running this tool you need to set the environment variable OPENEJB_HOME to the path of the directory where you unpacked the OpenEJB installation. For for the remainder of this document we will assume you unpacked OpenEJB into the directory C:\openejb-3.1.2.</P>

	<P>In Windows, the cipher tool can be executed as follows:</P>

	<P><TT>C:\openejb-3.1.2> bin\openejb cipher --help</TT></P>

	<P>In UNIX, Linux, or Mac OS X, the cipher tool can be executed as follows:</P>

	<P><TT>[user@host openejb-3.1.2]# bin/openejb cipher --help</TT></P>

	<P>Depending on your OpenEJB version, you may need to change execution bits to make the scripts executable. You can do this with the following command.</P>

	<P><TT>[user@host openejb-3.1.2]# chmod 755 bin/openejb</TT></P>

	<P>From here on out, it will be assumed that you know how to execute the right openejb script for your operating system and commands will appear in shorthand as show below.</P>

	<P><TT>openejb cipher --help</TT></P>

	<H3><A name="DataSourcePasswordEncryption-OPTIONS"></A>OPTIONS</H3>

	<DIV class="table-wrap">
	<TABLE class="confluenceTable"><TBODY>
	<TR>
	<TD class="confluenceTd">-h, --<EM>help</EM> </TD>
	<TD class="confluenceTd">Lists these options and exit.</TD>
	</TR>
	<TR>
	<TD class="confluenceTd">-c, --<EM>cipher</EM> </TD>
	<TD class="confluenceTd">Specifies the password cipher implementation to use (default is Static3DES).</TD>
	</TR>
	<TR>
	<TD class="confluenceTd">-d, --<EM>decrypt</EM> </TD>
	<TD class="confluenceTd">Switches command line tool to decrypt.</TD>
	</TR>
	<TR>
	<TD class="confluenceTd">-e, --<EM>encrypt</EM> </TD>
	<TD class="confluenceTd">Switches command line tool to encrypt (default).</TD>
	</TR>
	</TBODY></TABLE>
	</DIV>


	<H3><A name="DataSourcePasswordEncryption-EXAMPLES"></A>EXAMPLES</H3>

	<P>Encrypt a plain password using the default algorithm. <BR>
	<TT>openejb cipher Passw0rd</TT></P>

	<P>Output</P>
	<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
	<PRE class="code-java">
	xMH5uM1V9vQzVUv5LG7YLA==
	</PRE>
	</DIV></DIV>
	</DIV>
	</P>
	</TD>
	<TD class="Col4"><IMG src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col5">


	</TD>
	</TR>
	<TR class="Row5">
	<TD class="Col1"> </TD>
	<TD class="Col2"> </TD>
	<TD class="Col3">
	<BR>
	<BR>
	<IMG width="100%" height="1" src="http://openejb.apache.org/images/line_light.gif">
	<TABLE width="100%">
	<TR>
	<TD>
	<SPAN class="bodyGrey">
	<SMALL>
	<NOTICE><!-- $FOOTER -->
	Apache OpenEJB is an project of The Apache Software Foundation (ASF)
	</NOTICE>
	<BR>
	Site Powered by
	<A href="http://atlassian.com/">Atlassian</A>
	<A href="http://atlassian.com/confluence/">Confluence</A>
	.
	</SMALL>
	</SPAN>
	</TD>
	<TD align="right">
	<A style="color:#999;font-size:small;font-weight:normal;" href="https://cwiki.apache.org/confluence/pages/editpage.action?spaceKey=OPENEJBx30&title=DataSource%20Password%20Encryption">[ edit ]</A>
	</TD>
	</TR>
	</TABLE>
	<BR>
	</TD>
	<TD class="Col4"><IMG src="http://openejb.apache.org/images/dotTrans.gif"></TD>
	<TD class="Col5"> </TD>
	</TR>
	</TABLE>

	<!-- Needed for composition plugin -->
	<!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
	<SPAN style="display: none">
	<SCRIPT type="text/javascript" language="JavaScript" src="http://cwiki.apache.org/confluence/labels-javascript"></SCRIPT>

	<SCRIPT src="http://www.google-analytics.com/urchin.js" type="text/javascript">
	</SCRIPT>
	<SCRIPT type="text/javascript">
	_uacct = "UA-2717626-1";
	urchinTracker();
	</SCRIPT>
	</SPAN>

	</BODY>
	</HTML>