[
https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790178#action_12790178
]
Jack Cai commented on GERONIMO-3003:
------------------------------------
I believe Requirement (1) is already done in the previous patch. The TODO is to
provide a utility to generate encrypted strings. A simple way to do this is to
let the user optionally specify a key file and then generate the string, or use
the default key if no key file is provided. A more robust way is to call the
running server to do the encryption, e.g., extend the
org.apache.geronimo.system.util.ConfiguredEncryption GBean to provide such
operation. I'd prefer the latter solution. If no objection, I'll create a patch.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch,
> GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get
> encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This
> encryption is performed in the
> {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password
> strings in deployment plans (e.g. datasource or JMS deployment plans within
> an EAR). Even though the plans are only used during the deployment process,
> and not at runtime, the plans are left with plaintext password strings
> sitting in them. It would be nice if the deployment process could internally
> encrypt the strings and then write back out the deployment plan to the file
> system. Also, this means that the deployment process will require the
> ability to decrypt strings that are already in encrypted format in the plan
> (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list
> thread:
> http://www.mail-archive.com/u...@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the
> {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in
> the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path,
> DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor
> dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a
> better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
