DBAs and JBoss system administrators are weary of having the password to the LiveCycle database in cleartext in the data source configuration XML file. JBoss provides instructions here on how to use it in encrypt form.
1) Encrypt database password
The following command will encrypt the password "lc_password":
java -cp C:\Programs\jboss_es2\lib\jboss-common.jar;C:\Programs\jboss_es2\lib\jboss-jmx.jar;C:\Programs\jboss_es2\server\lc_mysql\lib\jbosssx.jar;C:\Programs\jboss_es2\server\lc_mysql\lib\jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule lc_password.
Obviously, you should replace the paths to the JAR files with yours. In the above example, the JBoss configuration is "lc_mysql"
If successful, you should get a response like as follows:
Encoded password: -2d19d44d319c1d9e008fba5553e14ea0
2) Create new Application Policy
Edit the %JBOSS_HOME%\server\lc_mysql\conf\login-config.xml file and create a new application policy that would look something like this.
3) Configure data source with the new Application Policy
Replace the following:
<user-name>lc_db_usr</user-name>
<password>password</password>
with this:
<security-domain>EncryptDBPasswordAppPolicy</security-domain>
where "EncryptDBPasswordAppPolicy" is the name of the 'application policy' you created in %JBOSS_HOME%\server\
This has been tested to work with MySQL. Your mileage with Oracle, SQL Server etc may vary.
Leave a comment