Google Git
Sign in
apache / tomee-site-pub / 43cf80e624a0cecf0f38bef5ef2614bfb2410f57 / . / tomee-8.0 / docs / datasource-password-encryption.html
blob: 79c534035dce997470af37b9d5f595942e283c91 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Apache TomEE</title>
<meta name="description"
content="Apache TomEE is a lightweight, yet powerful, JavaEE Application server with feature rich tooling." />
<meta name="keywords" content="tomee,asf,apache,javaee,jee,shade,embedded,test,junit,applicationcomposer,maven,arquillian" />
<meta name="author" content="Luka Cvetinovic for Codrops" />
<link rel="icon" href="../../favicon.ico">
<link rel="icon" type="image/png" href="../../favicon.png">
<meta name="msapplication-TileColor" content="#80287a">
<meta name="theme-color" content="#80287a">
<link rel="stylesheet" type="text/css" href="../../css/normalize.css">
<link rel="stylesheet" type="text/css" href="../../css/bootstrap.css">
<link rel="stylesheet" type="text/css" href="../../css/owl.css">
<link rel="stylesheet" type="text/css" href="../../css/animate.css">
<link rel="stylesheet" type="text/css" href="../../fonts/font-awesome-4.1.0/css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="../../fonts/eleganticons/et-icons.css">
<link rel="stylesheet" type="text/css" href="../../css/jqtree.css">
<link rel="stylesheet" type="text/css" href="../../css/idea.css">
<link rel="stylesheet" type="text/css" href="../../css/cardio.css">
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-2717626-1']);
_gaq.push(['_setDomainName', 'apache.org']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body>
<div class="preloader">
<img src="../../img/loader.gif" alt="Preloader image">
</div>
<nav class="navbar">
<div class="container">
<div class="row"> <div class="col-md-12">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">
<span>
<img src="../../img/logo-active.png">
</span>
Apache TomEE
</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav navbar-right main-nav">
<li><a href="../../docs.html">Documentation</a></li>
<li><a href="../../community/index.html">Community</a></li>
<li><a href="../../security/security.html">Security</a></li>
<li><a href="../../download-ng.html">Downloads</a></li>
</ul>
</div>
<!-- /.navbar-collapse -->
</div></div>
</div>
<!-- /.container-fluid -->
</nav>
<div id="main-block" class="container main-block">
<div class="row title">
<div class="col-md-12">
<div class='page-header'>
<h1>DataSource Password Encryption</h1>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p><em>Apache OpenEJB 3.1.2 or later required</em></p>
</div>
<div class="paragraph">
<p><em>TomEE 1.5.0 switched from Apache Commons-DBCP to Tomcat-pool. On that
specific version, password encryption is not available. You can still
switch back to Apache Commons DBCP buy adding the following property:
DataSourceCreator dbcp. On all following versions, the database
encryption will be ported and hence available on Tomcat-pool as well.</em></p>
</div>
</div>
</div>
<h1 id="_ciphering_passwords_apache_openejb_now_provides_an_easy_and_extensible" class="sect0">Ciphering passwords Apache OpenEJB now provides an easy and extensible</h1>
<div class="paragraph">
<p>way to cipher databases passwords. Not that by default, this feature is
not activated so plain passwords are used.</p>
</div>
<div class="sect1">
<h2 id="_usage">Usage</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Default Plain text password example:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-xml" data-lang="xml">&lt;Resource id="MySQL Database" type="DataSource"&gt;
# MySQL example
#
# This connector will not work until you download the driver at:
# http://www.mysql.com/downloads/api-jdbc-stable.html
JdbcDriver com.mysql.jdbc.Driver
JdbcUrl jdbc:mysql://localhost/test
UserName test
Password Passw0rd
&lt;/Resource&gt;</code></pre>
</div>
</div>
<div class="paragraph">
<p>3DES ciphered password example.</p>
</div>
<div class="paragraph">
<p>Note that the built in 3DES implementation uses <em>a static key</em> to
encode/decode your password. <em>It&#8217;s only meant to be a sample on how to
implement a Codec. On a real enterprise life, you should implement your
how relying on an HSM for example.</em> The easiest way to do it is to
implement the <em>org.apache.openejb.resource.jdbc.cipher.PasswordCipher</em>
interface.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-xml" data-lang="xml">&lt;Resource id="MySQL Database" type="DataSource"&gt;
# MySQL example
#
# This connector will not work until you download the driver at:
# http://www.mysql.com/downloads/api-jdbc-stable.html
JdbcDriver com.mysql.jdbc.Driver
JdbcUrl jdbc:mysql://localhost/test
UserName test
# ciphered value for Passw0rd using Static3DES codec is
xMH5uM1V9vQzVUv5LG7YLA==
Password xMH5uM1V9vQzVUv5LG7YLA==
PasswordCipher Static3DES
&lt;/Resource&gt;</code></pre>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_hint">Hint</h2>
<div class="sectionbody">
<div class="paragraph">
<p>You can plug your own algorithm to extend Apache OpenEJB built in ones.
To do such, you just need to implement the</p>
</div>
<div class="sect2">
<h3 id="_command_line_tool">Command line tool</h3>
<div class="paragraph">
<p>Apache OpenEJB also provides a command line tool allowing password
cipher algorithm. Actually, it&#8217;s useful to get the ciphered value of a
plain text value using a given algorithm.</p>
</div>
<div class="sect3">
<h4 id="_name">NAME</h4>
<div class="paragraph">
<p>openejb cipher - OpenEJB Cypher Tool</p>
</div>
</div>
<div class="sect3">
<h4 id="_synopsis">SYNOPSIS</h4>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-properties" data-lang="properties">openejb cipher [#options]</code></pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_description">DESCRIPTION</h4>
<div class="paragraph">
<p>The OpenEJB Cipher tool is an OPTIONAL tool that allows you to use
<code>PasswordCipher</code> algorithm to encode/decode values.</p>
</div>
<div class="paragraph">
<p><em>This tool isn&#8217;t package by default on TomEE 1.5.0. It&#8217;s only available
on the standalone distribution. After 1.5.0, it&#8217;s in TomEE as well.</em></p>
</div>
<div class="paragraph">
<p>The OpenEJB Cipher tool can be executed from any directory as long as
<code>&lt;OPENEJB_HOME&gt;/bin</code> is in the system PATH. Before running this tool you
need to set the environment variable OPENEJB_HOME to the path of the
directory where you unpacked the OpenEJB installation. For for the
remainder of this document we will assume you unpacked OpenEJB into the
directory C:-3.1.2.</p>
</div>
<div class="paragraph">
<p>In Windows, the cipher tool can be executed as follows:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-java" data-lang="java">`C:\openejb-3.1.2&gt; bin\openejb cipher --help`</code></pre>
</div>
</div>
<div class="paragraph">
<p>In UNIX, Linux, or Mac OS X, the cipher tool can be executed as follows:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-java" data-lang="java">`\[user@host openejb-3.1.2]# bin/openejb cipher --help`</code></pre>
</div>
</div>
<div class="paragraph">
<p>Depending on your OpenEJB version, you may need to change execution bits
to make the scripts executable. You can do this with the following
command.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-java" data-lang="java">`\[user@host openejb-3.1.2]# chmod 755 bin/openejb`</code></pre>
</div>
</div>
<div class="paragraph">
<p>From here on out, it will be assumed that you know how to execute the
right openejb script for your operating system and commands will appear
in shorthand as show below.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-java" data-lang="java">`openejb cipher --help`</code></pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_options">OPTIONS</h4>
<div class="paragraph">
<p>-h, --<em>help</em></p>
</div>
<div class="paragraph">
<p>Lists these options and exit.</p>
</div>
<div class="paragraph">
<p>-c, --<em>cipher</em></p>
</div>
<div class="paragraph">
<p>Specifies the password cipher implementation to use (default is
Static3DES).</p>
</div>
<div class="paragraph">
<p>-d, --<em>decrypt</em></p>
</div>
<div class="paragraph">
<p>Switches command line tool to decrypt.</p>
</div>
<div class="paragraph">
<p>-e, --<em>encrypt</em></p>
</div>
<div class="paragraph">
<p>Switches command line tool to encrypt (default).</p>
</div>
</div>
<div class="sect3">
<h4 id="_examples">EXAMPLES</h4>
<div class="paragraph">
<p>Encrypt a plain password using the default algorithm.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-java" data-lang="java">`openejb cipher Passw0rd`</code></pre>
</div>
</div>
<div class="paragraph">
<p>Output</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-properties" data-lang="properties">xMH5uM1V9vQzVUv5LG7YLA==</code></pre>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<footer>
<div class="container">
<div class="row">
<div class="col-sm-6 text-center-mobile">
<h3 class="white">Be simple. Be certified. Be Tomcat.</h3>
<h5 class="light regular light-white">"A good application in a good server"</h5>
<ul class="social-footer">
<li><a href="https://www.facebook.com/ApacheTomEE/"><i class="fa fa-facebook"></i></a></li>
<li><a href="https://twitter.com/apachetomee"><i class="fa fa-twitter"></i></a></li>
<li><a href="https://plus.google.com/communities/105208241852045684449"><i class="fa fa-google-plus"></i></a></li>
</ul>
</div>
<div class="col-sm-6 text-center-mobile">
<div class="row opening-hours">
<div class="col-sm-3 text-center-mobile">
<h5><a href="../../latest/docs/" class="white">Documentation</a></h5>
<ul class="list-unstyled">
<li><a href="../../latest/docs/admin/configuration/index.html" class="regular light-white">How to configure</a></li>
<li><a href="../../latest/docs/admin/file-layout.html" class="regular light-white">Dir. Structure</a></li>
<li><a href="../../latest/docs/developer/testing/index.html" class="regular light-white">Testing</a></li>
<li><a href="../../latest/docs/admin/cluster/index.html" class="regular light-white">Clustering</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../../latest/examples/" class="white">Examples</a></h5>
<ul class="list-unstyled">
<li><a href="../../latest/examples/simple-cdi-interceptor.html" class="regular light-white">CDI Interceptor</a></li>
<li><a href="../../latest/examples/rest-cdi.html" class="regular light-white">REST with CDI</a></li>
<li><a href="../../latest/examples/ejb-examples.html" class="regular light-white">EJB</a></li>
<li><a href="../../latest/examples/jsf-managedBean-and-ejb.html" class="regular light-white">JSF</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../../community/index.html" class="white">Community</a></h5>
<ul class="list-unstyled">
<li><a href="../../community/contributors.html" class="regular light-white">Contributors</a></li>
<li><a href="../../community/social.html" class="regular light-white">Social</a></li>
<li><a href="../../community/sources.html" class="regular light-white">Sources</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../../security/index.html" class="white">Security</a></h5>
<ul class="list-unstyled">
<li><a href="http://apache.org/security" target="_blank" class="regular light-white">Apache Security</a></li>
<li><a href="http://apache.org/security/projects.html" target="_blank" class="regular light-white">Security Projects</a></li>
<li><a href="http://cve.mitre.org" target="_blank" class="regular light-white">CVE</a></li>
</ul>
</div>
</div>
</div>
</div>
<div class="row bottom-footer text-center-mobile">
<div class="col-sm-12 light-white">
<p>Copyright &copy; 1999-2016 The Apache Software Foundation, Licensed under the Apache License, Version 2.0. Apache TomEE, TomEE, Apache, the Apache feather logo, and the Apache TomEE project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
</div>
</div>
</div>
</footer>
<!-- Holder for mobile navigation -->
<div class="mobile-nav">
<ul>
<li><a hef="../../latest/docs/admin/index.html">Administrators</a>
<li><a hef="../../latest/docs/developer/index.html">Developers</a>
<li><a hef="../../latest/docs/advanced/index.html">Advanced</a>
<li><a hef="../../community/index.html">Community</a>
</ul>
<a href="#" class="close-link"><i class="arrow_up"></i></a>
</div>
<!-- Scripts -->
<script src="../../js/jquery-1.11.1.min.js"></script>
<script src="../../js/owl.carousel.min.js"></script>
<script src="../../js/bootstrap.min.js"></script>
<script src="../../js/wow.min.js"></script>
<script src="../../js/typewriter.js"></script>
<script src="../../js/jquery.onepagenav.js"></script>
<script src="../../js/tree.jquery.js"></script>
<script src="../../js/highlight.pack.js"></script>
<script src="../../js/main.js"></script>
</body>
</html>