[오픈소스컨설팅]Data Source Password Encryption on JBoss EAP 6

1,350 views

Published on

This allows you to apply encrypted password in data source for JBoss EAP 6

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,350
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
23
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

[오픈소스컨설팅]Data Source Password Encryption on JBoss EAP 6

  1. 1. JBoss EAP6 Datasource 암호화 설정 2013. 10 Certified Partner by
  2. 2. Datasource 암호화 설정 JBoss EAP 6 – Datasource encryption 보안상의 이유로 실제 운영서버 인 경우에는 Datasource의 패스워드 부분을 일반 평문이 아닌 Encrytion 형태로 설정을 합니다. 1. EAP 버전 별 library를 서버에 맞게 설정합니다. 암호화를 위한 쉘 스크립트 부분 enc_ds.sh 작성 #!/bin/sh export JBOSS_HOME=/opt/was/jboss-eap-6.1 export CLASSPATH=${JBOSS_HOME}/modules/system/layers/base/org/picketbox/main/picketbox-4.0.17.SP2-redhat-2.jar export CLASSPATH=$CLASSPATH:${JBOSS_HOME}/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.2.GA-r edhat-1.jar java -cp $CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule !test123 암호화할 패스워드 : ex) !test123 2 - Internal Use Only -
  3. 3. Datasource 암호화 설정 JBoss EAP 6 – Datasource encryption 2. 쉘 스크립트 실행 [jboss@KVM2 /opt/was/servers/standalone_ha_11/bin]$ ./enc_ds.sh Encoded password: 576959465f6c98a0df8592078de921bc 암호화된 패스워드 3. security domain 설정 서버의 configuration 파일에서 sub-system [security-domains] 항목에 해당 security-domain 을 추가 Datasource에서 참조될 security-domain 이름 합니다. <security-domain name="encrypted-ds" cache-type="default"> <authentication> <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required"> <module-option name="username" value="test"/> <module-option name="password" value="576959465f6c98a0df8592078de921bc"/> <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=MySqlDS_Pool"/> </login-module> </authentication> </security-domain> 3 - Internal Use Only -
  4. 4. Datasource 암호화 설정 JBoss EAP 6 – Datasource encryption 4. Datasource에 암호화 적용 서버의 configuration 파일에서 datasource의 [security] 항목부분 확인 ASIS <datasource jta="false" jndi-name="java:/testDS" pool-name="testDS" enabled="true" use-ccm="false"> …중략 <security> <user-name>test</user-name> <password>!test123</password> </security> …중략 </datasource> ToBE <datasource jta="false" jndi-name="java:/testDS" pool-name="testDS" enabled="true" use-ccm="false"> …중략 <security> <security-domain>encrypted-ds</security-domain> </security> …중략 </datasource> 4 - Internal Use Only -
  5. 5. OPEN SHARE CONTRIBUTE ADOPT REUSE 5 - Internal Use Only -

×