Apache OpenEJB 3.1.2 or later required

Ciphering passwords

Apache OpenEJB now provides an easy and extensible way to cipher databases passwords. Not that by default, this feature is not activated so plain passwords are used.

Usage

  • Default Plain text password example:
    <Resource id="MySQL Database" type="DataSource">
        #  MySQL example
        #
        #  This connector will not work until you download the driver at:
        #  http://www.mysql.com/downloads/api-jdbc-stable.html
    
        JdbcDriver  com.mysql.jdbc.Driver
        JdbcUrl     jdbc:mysql://localhost/test
        UserName    test
        Password    Passw0rd
    </Resource>
    
  • 3DES ciphered password example:
    Note that the built in 3DES implementation uses a static key to encode/decode your password.
    <Resource id="MySQL Database" type="DataSource">
        #  MySQL example
        #
        #  This connector will not work until you download the driver at:
        #  http://www.mysql.com/downloads/api-jdbc-stable.html
    
        JdbcDriver  com.mysql.jdbc.Driver
        JdbcUrl     jdbc:mysql://localhost/test
        UserName    test
    
        # ciphered value for Passw0rd using Static3DES codec is xMH5uM1V9vQzVUv5LG7YLA==
        Password    xMH5uM1V9vQzVUv5LG7YLA==
        PasswordCipher Static3DES
    </Resource>
    

Hint

You can plug your own algorithm to extend Apache OpenEJB built in ones. To do such, you just need to implement the

org.apache.openejb.resource.jdbc.PasswordCipher

interface and push a file in

META-INF/org.apache.openejb.resource.jdbc.PasswordCipher/<your cipher algorithm alias>

containing the fully qualified name of your implementation.

Command line tool

Apache OpenEJB also provides a command line tool allowing password cipher algorithm. Actually, it's useful to get the ciphered value of a plain text value using a given algorithm.

NAME

openejb cipher - OpenEJB Cypher Tool

SYNOPSIS

openejb cipher #options <value>

DESCRIPTION

The OpenEJB Cipher tool is an OPTIONAL tool that allows you to use PasswordCipher algorithm to encode/decode values.

It can be used to deploy into an offline server, however in this scenario it simply copies the archive into the openejb.base/apps directory which is something that can be done manually with a simple copy command or drag and drop.

The OpenEJB Cipher tool can be executed from any directory as long as <OPENEJB_HOME>/bin is in the system PATH. Before running this tool you need to set the environment variable OPENEJB_HOME to the path of the directory where you unpacked the OpenEJB installation. For for the remainder of this document we will assume you unpacked OpenEJB into the directory C:\openejb-3.1.2.

In Windows, the cipher tool can be executed as follows:

C:\openejb-3.1.2> bin\openejb cipher --help

In UNIX, Linux, or Mac OS X, the cipher tool can be executed as follows:

[user@host openejb-3.1.2]# bin/openejb cipher --help

Depending on your OpenEJB version, you may need to change execution bits to make the scripts executable. You can do this with the following command.

[user@host openejb-3.1.2]# chmod 755 bin/openejb

From here on out, it will be assumed that you know how to execute the right openejb script for your operating system and commands will appear in shorthand as show below.

openejb cipher --help

OPTIONS

-h, --help

Lists these options and exit.

-c, --cipher

Specifies the password cipher implementation to use (default is Static3DES).

-d, --decrypt

Switches command line tool to decrypt.

-e, --encrypt

Switches command line tool to encrypt (default).

EXAMPLES

Encrypt a plain password using the default algorithm.
openejb cipher Passw0rd

Output

xMH5uM1V9vQzVUv5LG7YLA==
  • No labels