[英]How to add a service module in wildfly-swarm with .war packaging?
[英]How to add a datasource with encrypted password in WildFly Swarm with .war packaging?
我正在使用以下配置将数据源添加到 WildFly 群中的 WAR 中:
swarm:
datasources:
data-sources:
MyDS:
driver-name: oracle
connection-url: <my-connection-string>
user-name: <my-user-name>
password: <my-password-in-clear-text>
如何更改,以便密码加密而不是明文?
这是我使用 SecureIdentityLoginModule 的 Oracle12 工作示例:
swarm:
datasources:
data-sources:
<your-datasoure-name>:
driver-name: oracle
connection-url: jdbc:oracle:thin:@<your-oracle-ip>:<your-oracle-port>:<your-oracle-sid>
security-domain: myEncryptedDs
security:
security-domains:
myEncryptedDs:
classic-authentication:
login-modules:
myLoginModule:
code: org.picketbox.datasource.security.SecureIdentityLoginModule
flag: required
module-options:
username: <your-oracle-username>
password: <your-encrypted-oracle-password>
使用以下命令,您可以加密您的密码(可以在您创建的 wildfly-swarm-war-File 中找到两个 jar-libraries):
java -cp <your-path-to-wildfly-jars>\picketbox-4.9.6.Final.jar;<your-path-to-wildfly-jars>\logging-2017.11.0.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule <your-password>
您需要实现org.wildfly.swarm.spi.api.ConfigurationFilter
。 将为您的文件的每个属性调用您的类。 您可以同时更改该值。 这是一个如何解密您的值的示例。 您必须提供一个密钥(jvm 启动)来解密您的值。
public class DecryptPropertyFilter implements ConfigurationFilter {
private EncryptionHelper encryptionHelper;
{
try {
encryptionHelper = new EncryptionHelper(System.getProperty("encryption.key"));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
@Override
@SuppressWarnings("unchecked")
public <T> T filter(String key, T value) {
if (value instanceof String) {
String str = value.toString();
if (str.startsWith("ENC(") && str.endsWith(")")) {
try {
value = (T) encryptionHelper.decrypt(str.substring(4, str.length() - 1));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
return value;
}
}
为刺尾。
thorntail:
datasources:
data-sources:
myDS:
use-java-context: true
statistics-enabled: true
driver-name: mysql
connection-url: ${db.url}
security-domain: mydbSecure
jndi-name: java:/myDS
check-valid-connection-sql: select 1
valid-connection-checker-class-name: org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker
validate-on-match: false
background-validation: true
background-validation-millis: 10000
use-fast-fail: true
min-pool-size: 5
max-pool-size: 10
prefill: true
flush-strategy: FailingConnectionOnly
exception-sorter-class-name: org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter
security:
security-domains:
mydbSecure:
classic-authentication:
login-modules:
default:
module-options:
username: ${ds.uname}
password: ${ds.pass}
flag: required
code: org.picketbox.datasource.security.SecureIdentityLoginModule
cache-type: default
这是您对密码进行编码的方式
public class EncodePassword {
public static void main(String[] args) throws Exception
{
String password = "password";
String encode = encode(password);
System.out.println("Encoded password: "+encode);
}
private static String encode(String secret) throws NoSuchPaddingException, NoSuchAlgorithmException,
InvalidKeyException, BadPaddingException, IllegalBlockSizeException
{
byte[] kbytes = "jaas is the way".getBytes();
SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encoding = cipher.doFinal(secret.getBytes());
BigInteger n = new BigInteger(encoding);
return n.toString(16);
}
}
以下是您将如何解码密码。
public class DecodePassword {
public static void main(String[] args) throws Exception {
String value = "5dfc52b51bd35553df8592078de921bc";
try {
System.out.println(decode(value));
} catch (Exception io) {
io.printStackTrace();
}
}
public static char[] decode(String secret)
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
byte[] kbytes = "jaas is the way".getBytes();
SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
BigInteger n = new BigInteger(secret, 16);
byte[] encoding = n.toByteArray();
//SECURITY-344: fix leading zeros
if (encoding.length % 8 != 0) {
int length = encoding.length;
int newLength = ((length / 8) + 1) * 8;
int pad = newLength - length; //number of leading zeros
byte[] old = encoding;
encoding = new byte[newLength];
for (int i = old.length - 1; i >= 0; i--) {
encoding[i + pad] = old[i];
}
//SECURITY-563: handle negative numbers
if (n.signum() == -1) {
for (int i = 0; i < newLength - length; i++) {
encoding[i] = (byte) -1;
}
}
}
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decode = cipher.doFinal(encoding);
return new String(decode).toCharArray();
}
}
有关 PicketBox 的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.