Hi. Following some examples I found in the forum here along with the Shiro documentation, I have successfully set up a JdbcRealm in my shiro.ini as follows:
# User realm configuration. userRealm=org.apache.shiro.realm.jdbc.JdbcRealm userRealm.authenticationQuery = SELECT password FROM users WHERE username = ? userRealm.userRolesQuery = SELECT role FROM roles WHERE username = ? userRealm.permissionsQuery = SELECT permission FROM permissions WHERE role = ? # User database configuration. ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource ds.serverName = localhost ds.user = shiro ds.password = *[redacted]* ds.databaseName = shiro_schema userRealm.dataSource = $ds # Realm configuration. securityManager.realms = $userRealm That much seems straightforward, but notice that the plaintext password for the database would appear in the shiro.ini file. I would prefer not to store the password there, for obvious reasons including not wanting to check a password into version control. Is there a way to specify that the password should be looked up from a separate file or, even better, a keystore? Or is there a better way to accomplish the same goal of securing the database password? Sorry if this ends up being more of a JDBC question that a strictly Shiro one, but I was having difficulty finding anything relevant in the documentation. Thanks for any help. -- View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-tp7578763.html Sent from the Shiro User mailing list archive at Nabble.com.
