Re: DataSource Password Encryption

[David Blevins]

On Nov 12, 2012, at 11:30 AM, middleware  wrote:

> Actually, the solution was easier than I thought:
> 
> 
>  JdbcDriver oracle.jdbc.xa.client.OracleXADataSource
>  JdbcUrl jdbc:oracle:thin:@hostname:port:ora
>  UserName **
>  Password **
>  PasswordCipher Static3DES
>  JtaManaged false
> 
> 
> I did my civic duty :) and updated the common-datasource-configuration
> documentation page with the XA configuration, fixing an error too (It was
> still stated that TomEE relies Apache Commons DBCP instead of Tomcat pool).

Excellent and thank you, Davide!  I went ahead and committed your doc update.  
Updated it slightly to reference some additional doc in progress:

 - http://tomee.apache.org/common-datasource-configurations.html

The new page in progress:

 - http://tomee.apache.org/datasource-config.html


-David

Re: DataSource Password Encryption

[middleware]

Actually, the solution was easier than I thought:


  JdbcDriver oracle.jdbc.xa.client.OracleXADataSource
  JdbcUrl jdbc:oracle:thin:@hostname:port:ora
  UserName **
  Password **
  PasswordCipher Static3DES
  JtaManaged false


I did my civic duty :) and updated the common-datasource-configuration
documentation page with the XA configuration, fixing an error too (It was
still stated that TomEE relies Apache Commons DBCP instead of Tomcat pool).

Davide



--
View this message in context: 
http://openejb.979440.n4.nabble.com/DataSource-Password-Encryption-tp4658424p4658524.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: DataSource Password Encryption

[David Blevins]

On Nov 8, 2012, at 11:35 AM, Yousef Herzallah  
wrote:

> 

FYI, I added a check so that illegal attributes are found and flagged.

-David

Re: DataSource Password Encryption

[Romain Manni-Bucau]

you have Definition and url on the same line?

definition should be a key so basically:


...
Definition =
url =
...


Side note: you shouldn't use Definition yourself

*Romain Manni-Bucau*
*Twitter: @rmannibucau *
*Blog: **http://rmannibucau.wordpress.com/*
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*




2012/11/9 middleware 

> This is my conf:
>
> 
>   JdbcDriver oracle.jdbc.xa.client.OracleXADataSource
>   Definition url=jdbc:oracle:thin:@*hostname*:1521:ORA
>   UserName *username*
>   Password *encripted_password*
>   PasswordCipher Static3DES
>   JtaManaged false
> 
>
> The exception says that I have an invalid URL but the same URL works if I
> define the datasource as localTX
>
> This is the exception:
> 2012-11-09 16:56:00,727 INFO  [ConnectionProviderFactory.java:173] :
> Initializing connection provider:
> org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider
> 2012-11-09 16:56:00,727 DEBUG [JDBCExceptionReporter.java:225] : SQL
> Exception
> java.sql.SQLException: È stato specificato un URL Oracle non valido
> at
>
> oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:286)
> at
>
> oracle.jdbc.xa.client.OracleXADataSource.getPooledConnection(OracleXADataSource.java:508)
> at
>
> oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:154)
> at
>
> oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:128)
> at
>
> org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource(PooledConnection.java:215)
> at
>
> org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:180)
> at
>
> org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:699)
> at
>
> org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:631)
> at
>
> org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:187)
> at
>
> org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:128)
> at
>
> org.apache.tomee.jdbc.TomEEDataSourceCreator$TomEEDataSource.getConnection(TomEEDataSourceCreator.java:251)
> at
>
> org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider.getConnection(LocalDataSourceConnectionProvider.java:81)
> at
> org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:113)
> at
>
> org.hibernate.cfg.Configuration.buildSettingsInternal(Configuration.java:2863)
> at
> org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2859)
> at
>
> org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1870)
> at
>
> org.springframework.orm.hibernate3.LocalSessionFactoryBean.newSessionFactory(LocalSessionFactoryBean.java:860)
> at
>
> org.springframework.orm.hibernate3.LocalSessionFactoryBean.buildSessionFactory(LocalSessionFactoryBean.java:779)
> at
>
> org.springframework.orm.hibernate3.AbstractSessionFactoryBean.afterPropertiesSet(AbstractSessionFactoryBean.java:211)
> at
>
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
> at
>
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
> at
>
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
> at
>
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
> at
>
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
> at
>
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> at
>
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
> at
>
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
> at
>
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:563)
> at
>
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
> at
>
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
> at
>
> org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
> at
>
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
> at
>
> o

Re: DataSource Password Encryption

[middleware]

This is my conf: 


  JdbcDriver oracle.jdbc.xa.client.OracleXADataSource
  Definition url=jdbc:oracle:thin:@*hostname*:1521:ORA
  UserName *username*
  Password *encripted_password*
  PasswordCipher Static3DES
  JtaManaged false


The exception says that I have an invalid URL but the same URL works if I
define the datasource as localTX

This is the exception:
2012-11-09 16:56:00,727 INFO  [ConnectionProviderFactory.java:173] :
Initializing connection provider:
org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider
2012-11-09 16:56:00,727 DEBUG [JDBCExceptionReporter.java:225] : SQL
Exception
java.sql.SQLException: È stato specificato un URL Oracle non valido
at
oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:286)
at
oracle.jdbc.xa.client.OracleXADataSource.getPooledConnection(OracleXADataSource.java:508)
at
oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:154)
at
oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:128)
at
org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource(PooledConnection.java:215)
at
org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:180)
at
org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:699)
at
org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:631)
at
org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:187)
at
org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:128)
at
org.apache.tomee.jdbc.TomEEDataSourceCreator$TomEEDataSource.getConnection(TomEEDataSourceCreator.java:251)
at
org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider.getConnection(LocalDataSourceConnectionProvider.java:81)
at
org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:113)
at
org.hibernate.cfg.Configuration.buildSettingsInternal(Configuration.java:2863)
at 
org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2859)
at
org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1870)
at
org.springframework.orm.hibernate3.LocalSessionFactoryBean.newSessionFactory(LocalSessionFactoryBean.java:860)
at
org.springframework.orm.hibernate3.LocalSessionFactoryBean.buildSessionFactory(LocalSessionFactoryBean.java:779)
at
org.springframework.orm.hibernate3.AbstractSessionFactoryBean.afterPropertiesSet(AbstractSessionFactoryBean.java:211)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:563)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at
org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4791)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5285)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(Fu

Re: DataSource Password Encryption

[Romain Manni-Bucau]

Well yes just use xadatasource or driver and it should be fine

About the use case i dont try to convince you and dont want any troll but
saw so much revert (even in camel world) that i really think xa is less
important (didnt say not important ;))

Btw, did you try a config which failed?
Le 9 nov. 2012 10:25, "middleware"  a écrit :

> I'm more than happy to contribute. If somebody tells me how to configure an
> XA ds, I'll update the doc.
> Reading this:
>
>
> http://www.saddi.com/software/news/archives/87-TomEEOpenEJB-+-PostgreSQL-XA-DataSources.html
>
> it seems I just have to use the XA driver, and the definition property
> instead of JdbcUrl, is it correct? Is there any special flag to mark the
> datasource as XA? An example, on how to configure an XA datasource for
> Oracle 11g would be very appreciated.
>
> BTW, I don't agree when you say that XA datasource is not so important. In
> my case 10% of datasources are XAs. If you have a little project, prolly
> you
> don't care about XA bc you have just one database with everything in it. In
> my experience, in an enterprise enviroment XA is often used because you
> frequently have to deal with integration issues.
>
>
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/DataSource-Password-Encryption-tp4658424p4658494.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>

Re: DataSource Password Encryption

[middleware]

I'm more than happy to contribute. If somebody tells me how to configure an
XA ds, I'll update the doc. 
Reading this:

http://www.saddi.com/software/news/archives/87-TomEEOpenEJB-+-PostgreSQL-XA-DataSources.html

it seems I just have to use the XA driver, and the definition property
instead of JdbcUrl, is it correct? Is there any special flag to mark the
datasource as XA? An example, on how to configure an XA datasource for
Oracle 11g would be very appreciated.

BTW, I don't agree when you say that XA datasource is not so important. In
my case 10% of datasources are XAs. If you have a little project, prolly you
don't care about XA bc you have just one database with everything in it. In
my experience, in an enterprise enviroment XA is often used because you
frequently have to deal with integration issues. 





--
View this message in context: 
http://openejb.979440.n4.nabble.com/DataSource-Password-Encryption-tp4658424p4658494.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: DataSource Password Encryption

[Jean-Louis MONTEIRO]

BTW, just updated a bit the datasource password encryption page


2012/11/8 Romain Manni-Bucau 

> Hi,
>
> fine, are you volonteer?
>
> just open a jira on openejb or tomee project (
> issues.apache.org/jira/browse/TOMEE) and attach the patch(s) (examples)
> and
> we'll be able to add them.
>
> If you want to update the doc you can use the edit feature (the pen icon)
>
> i agree on the fact the datasource definition is important, then i don't
> agree XA stuff is so important it is rarely used and not often a good idea.
>
> BTW by default it is local IIRC.
>
>
>
> *Romain Manni-Bucau*
> *Twitter: @rmannibucau *
> *Blog: **http://rmannibucau.wordpress.com/*<
> http://rmannibucau.wordpress.com/>
> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
> *Github: https://github.com/rmannibucau*
>
>
>
>
> 2012/11/8 middleware 
>
> > Talking of datasource and documentation: what's the default transaction
> > support in a datasource? local or XA? I'd document this and I 'd add an
> > example of how to define an XA/local datasource (depending on which one
> is
> > not the default), even if it's a dummy example.
> > A datasource definition is one of the first steps when you deploy a new
> app
> > and in my humble opinion TomEE should put its best foot forward making it
> > as
> > easy(i.e. well documented) as possible.
> >
> >
> >
> > --
> > View this message in context:
> >
> http://openejb.979440.n4.nabble.com/DataSource-Password-Encryption-tp4658424p4658485.html
> > Sent from the OpenEJB User mailing list archive at Nabble.com.
> >
>

Re: DataSource Password Encryption

[Romain Manni-Bucau]

Hi,

fine, are you volonteer?

just open a jira on openejb or tomee project (
issues.apache.org/jira/browse/TOMEE) and attach the patch(s) (examples) and
we'll be able to add them.

If you want to update the doc you can use the edit feature (the pen icon)

i agree on the fact the datasource definition is important, then i don't
agree XA stuff is so important it is rarely used and not often a good idea.

BTW by default it is local IIRC.



*Romain Manni-Bucau*
*Twitter: @rmannibucau *
*Blog: **http://rmannibucau.wordpress.com/*
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*




2012/11/8 middleware 

> Talking of datasource and documentation: what's the default transaction
> support in a datasource? local or XA? I'd document this and I 'd add an
> example of how to define an XA/local datasource (depending on which one is
> not the default), even if it's a dummy example.
> A datasource definition is one of the first steps when you deploy a new app
> and in my humble opinion TomEE should put its best foot forward making it
> as
> easy(i.e. well documented) as possible.
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/DataSource-Password-Encryption-tp4658424p4658485.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>

Re: DataSource Password Encryption

[Romain Manni-Bucau]

sorry was not clear:


   JdbcDriver com.mysql.jdbc.Driver
   JdbcUrl jdbc:mysql://hostname.infocamere.it:3306/mydatabase
   UserName *username*
   Password *KjGfWPfU7xUzVUv5LG7YLA==*
   PasswordCipher *Static3DES*
   JtaManaged false
   DataSourceCreator dbcp


*Romain Manni-Bucau*
*Twitter: @rmannibucau *
*Blog: **http://rmannibucau.wordpress.com/*
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*




2012/11/8 Yousef Herzallah 

>  Hi Romain, we have tomee-plus-1.5.0, i just add (value="dbcp") in the
> resource but still doesn't work. my datasource configuration: tomee.xml
> value="dbcp"*>   JdbcDriver com.mysql.jdbc.Driver   JdbcUrl
> jdbc:mysql://hostname.infocamere.it:3306/mydatabase   UserName username
> Password *KjGfWPfU7xUzVUv5LG7YLA==*   PasswordCipher *Static3DES*
> JtaManaged false
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/DataSource-Password-Encryption-tp4658424p4658453.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: DataSource Password Encryption

[Romain Manni-Bucau]

was fixed on trunk i guess

btw just switch to dbcp using DataSourceCreator property (value = dbcp) in
the datasource definition. I think it should be enough

*Romain Manni-Bucau*
*Twitter: @rmannibucau *
*Blog: **http://rmannibucau.wordpress.com/*
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*




2012/11/7 Jean-Louis MONTEIRO 

> Hi Yousef,
>
> Which version are you using?
> Since latest (1.5.0) we changed the default connection pool to tomcat-pool
> instead of Apache DBCP.
> The feature only works for the moment in Apache DBCP.
>
> Regarding the way it works, please have a look to the PasswordCodec
> interface.
>
> http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/resource/jdbc/cipher/
>
> This interface is really simple and you can implement your own of course.
> By default, we provide 2 implementations: PlainText and Static2DES.
> The second one is only meant to be an example cause if you have a look
> deeper, you gonna see that the key is store in the source code which is not
> so good in terms of security.
> In the real life, you should store the key in an HM or so.
>
>
> Please let us know the version you are using so that we can figure if the
> tomcat pool stuff is the cause of your problem.
>
> Jean-Louis
>
>
> 2012/11/7 Yousef Herzallah 
>
> > Hi Romain,
> > I tried to use DataSource Password Encryption <
> http://tomee.apache.org/**
> > datasource-password-**encryption.html<
> http://tomee.apache.org/datasource-password-encryption.html>>
> > following your steps but i missing some information cause it doesn't
> work.
> > is TomEE can decode the password without any additional library?
> > i have this error *Access denied for user 'username'@'hostname.**
> > infocamere.it ' (using password: YES)*
> > it was working with plain text. i used the (openejb cipher P@ssw0rd) to
> > crypt the password.
> > and i'm also using spring
> > please help :)
> >
> >
> > my datasource configuration:
> > *tomee.xml*
> > 
> >   JdbcDriver com.mysql.jdbc.Driver
> >   JdbcUrl jdbc:mysql://hostname.**infocamere.it:3306/mydatabase<
> http://hostname.infocamere.it:3306/mydatabase>
> >   UserName *username*
> >   Password *KjGfWPfU7xUzVUv5LG7YLA==*
> >   PasswordCipher *Static3DES*
> >   JtaManaged false
> > 
> > *spring.xml*
> > 
> > 
> > 
> >
> > ciao
> > Yousef
> >
> >
> >
> >
> >  http://tomee.apache.org/datasource-password-encryption.html>
> > >
> >
> > --
> > Yousef Herzallah
> >
> >
>

Re: DataSource Password Encryption

[Jean-Louis MONTEIRO]

Hi Yousef,

Which version are you using?
Since latest (1.5.0) we changed the default connection pool to tomcat-pool
instead of Apache DBCP.
The feature only works for the moment in Apache DBCP.

Regarding the way it works, please have a look to the PasswordCodec
interface.
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/resource/jdbc/cipher/

This interface is really simple and you can implement your own of course.
By default, we provide 2 implementations: PlainText and Static2DES.
The second one is only meant to be an example cause if you have a look
deeper, you gonna see that the key is store in the source code which is not
so good in terms of security.
In the real life, you should store the key in an HM or so.


Please let us know the version you are using so that we can figure if the
tomcat pool stuff is the cause of your problem.

Jean-Louis


2012/11/7 Yousef Herzallah 

> Hi Romain,
> I tried to use DataSource Password Encryption  datasource-password-**encryption.html>
> following your steps but i missing some information cause it doesn't work.
> is TomEE can decode the password without any additional library?
> i have this error *Access denied for user 'username'@'hostname.**
> infocamere.it ' (using password: YES)*
> it was working with plain text. i used the (openejb cipher P@ssw0rd) to
> crypt the password.
> and i'm also using spring
> please help :)
>
>
> my datasource configuration:
> *tomee.xml*
> 
>   JdbcDriver com.mysql.jdbc.Driver
>   JdbcUrl 
> jdbc:mysql://hostname.**infocamere.it:3306/mydatabase
>   UserName *username*
>   Password *KjGfWPfU7xUzVUv5LG7YLA==*
>   PasswordCipher *Static3DES*
>   JtaManaged false
> 
> *spring.xml*
> 
> 
> 
>
> ciao
> Yousef
>
>
>
>
> 
> >
>
> --
> Yousef Herzallah
>
>