| Title: DataSource Password Encryption |
| {note}Apache OpenEJB 3.1.2 or later required{note} |
| <a name="DataSourcePasswordEncryption-Cipheringpasswords"></a> |
| # Ciphering passwords |
| Apache OpenEJB now provides an easy and extensible way to cipher databases |
| passwords. Not that by default, this feature is not activated so plain |
| passwords are used. |
| |
| <a name="DataSourcePasswordEncryption-Usage"></a> |
| ## Usage |
| |
| * Default Plain text password example: |
| |
| <Resource id="MySQL Database" type="DataSource"> |
| # MySQL example |
| # |
| # This connector will not work until you download the driver at: |
| # http://www.mysql.com/downloads/api-jdbc-stable.html |
| |
| JdbcDriver com.mysql.jdbc.Driver |
| JdbcUrl jdbc:mysql://localhost/test |
| UserName test |
| Password Passw0rd |
| </Resource> |
| |
| |
| * 3DES ciphered password example: |
| Note that the built in 3DES implementation uses *a static key* to |
| encode/decode your password. |
| |
| <Resource id="MySQL Database" type="DataSource"> |
| # MySQL example |
| # |
| # This connector will not work until you download the driver at: |
| # http://www.mysql.com/downloads/api-jdbc-stable.html |
| |
| JdbcDriver com.mysql.jdbc.Driver |
| JdbcUrl jdbc:mysql://localhost/test |
| UserName test |
| |
| # ciphered value for Passw0rd using Static3DES codec is |
| xMH5uM1V9vQzVUv5LG7YLA== |
| Password xMH5uM1V9vQzVUv5LG7YLA== |
| PasswordCipher Static3DES |
| </Resource> |
| |
| |
| {tip:title=Hint} |
| You can plug your own algorithm to extend Apache OpenEJB built in ones. To |
| do such, you just need to implement the |
| |
| {tip} |
| |
| ## Command line tool |
| Apache OpenEJB also provides a command line tool allowing password cipher |
| algorithm. Actually, it's useful to get the ciphered value of a plain text |
| value using a given algorithm. |
| |
| ### NAME |
| |
| openejb cipher - OpenEJB Cypher Tool |
| |
| ### SYNOPSIS |
| |
| openejb cipher [#options] |
| <value> |
| |
| ### DESCRIPTION |
| |
| The OpenEJB Cipher tool is an OPTIONAL tool that allows you to use |
| {{PasswordCipher}} algorithm to encode/decode values. |
| |
| It can be used to deploy into an offline server, however in this scenario |
| it simply copies the archive into the openejb.base/apps directory which is |
| something that can be done manually with a simple copy command or drag and |
| drop. |
| |
| The OpenEJB Cipher tool can be executed from any directory as long as |
| <OPENEJB_HOME>/bin is in the system PATH. Before running this tool you need |
| to set the environment variable OPENEJB_HOME to the path of the directory |
| where you unpacked the OpenEJB installation. For for the remainder of this |
| document we will assume you unpacked OpenEJB into the directory |
| C:\openejb-3.1.2. |
| |
| In Windows, the cipher tool can be executed as follows: |
| |
| {{C:\openejb-3.1.2> bin\openejb cipher --help}} |
| |
| In UNIX, Linux, or Mac OS X, the cipher tool can be executed as follows: |
| |
| {{\[user@host openejb-3.1.2] |
| # bin/openejb cipher --help}} |
| |
| Depending on your OpenEJB version, you may need to change execution bits to |
| make the scripts executable. You can do this with the following command. |
| |
| {{\[user@host openejb-3.1.2] |
| # chmod 755 bin/openejb}} |
| |
| From here on out, it will be assumed that you know how to execute the right |
| openejb script for your operating system and commands will appear in |
| shorthand as show below. |
| |
| {{openejb cipher --help}} |
| |
| ### OPTIONS |
| |
| |-h, --_help_ |Lists these options and exit.| |
| |-c, --_cipher_ |Specifies the password cipher implementation to use (default is Static3DES).| |
| |-d, --_decrypt_ |Switches command line tool to decrypt.| |
| |-e, --_encrypt_ |Switches command line tool to encrypt (default).| |
| |
| ### EXAMPLES |
| |
| Encrypt a plain password using the default algorithm. |
| {{openejb cipher Passw0rd}} |
| |
| Output |
| |
| xMH5uM1V9vQzVUv5LG7YLA== |
