<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
AS7: Utilising masked passwords via the vault
</h3>
<span style="margin-bottom: 10px;">
created by <a href="https://community.jboss.org/people/anil.saldhana">Anil Saldhana</a> in <i>PicketBox Development</i> - <a href="https://community.jboss.org/docs/DOC-17472">View the full document</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Disclaimer:  This article needs to be verified by our JCA experts.  I may be doing something wrong. <span> :) </span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2></h2><h2>Background:</h2><p>JBoss AS7.1 includes a vault facility to secure attributes (such as passwords).  </p><p><span>You can get more information at </span><a class="jive-link-external-small" href="https://community.jboss.org/docs/DOC-17248" target="_blank">https://community.jboss.org/wiki/JBossAS7SecuringPasswords</a></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2></h2><h2>Example:</h2><p>Assume that I want to obtain a datasource in my servlet.  This is a very simple example.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The servlet would look like the following:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-java"><font color="navy"><b>package</b></font> vaulterror.web;
 
<font color="navy"><b>import</b></font> java.io.IOException;
<font color="navy"><b>import</b></font> java.io.Writer;
 
<font color="navy"><b>import</b></font> javax.annotation.Resource;
<font color="navy"><b>import</b></font> javax.annotation.sql.DataSourceDefinition;
<font color="navy"><b>import</b></font> javax.servlet.ServletException;
<font color="navy"><b>import</b></font> javax.servlet.annotation.WebServlet;
<font color="navy"><b>import</b></font> javax.servlet.http.HttpServlet;
<font color="navy"><b>import</b></font> javax.servlet.http.HttpServletRequest;
<font color="navy"><b>import</b></font> javax.servlet.http.HttpServletResponse;
<font color="navy"><b>import</b></font> javax.sql.DataSource;
 
 
<font color="darkgreen">/*@DataSourceDefinition(
        name = "java:jboss/datasources/LoginDS",
        user = "sa",
        password = "sa",
        className = "org.h2.jdbcx.JdbcDataSource",
        url = "jdbc:h2:tcp://localhost/mem:test"
)*/</font>
@DataSourceDefinition(
        name = <font color="red">"java:jboss/datasources/LoginDS"</font>,
        user = <font color="red">"sa"</font>,
        password = <font color="red">"VAULT::DS::thePass::OWY5M2I5NzctYzdkOS00MmZhLWExZGYtNjczM2U5ZGUyOWIxTElORV9CUkVBS3ZhdWx0"</font>,
        className = <font color="red">"org.h2.jdbcx.JdbcDataSource"</font>,
        url = <font color="red">"jdbc:h2:tcp://localhost/mem:test"</font>
)
@WebServlet(name = <font color="red">"MyTestServlet"</font>, urlPatterns = <font color="navy">{</font> <font color="red">"/my/"</font> <font color="navy">}</font>, loadOnStartup = 1)
<font color="navy"><b>public</b></font> <font color="navy"><b>class</b></font> MyTestServlet  <font color="navy"><b>extends</b></font> HttpServlet <font color="navy">{</font>
 
    <font color="navy"><b>private</b></font> <font color="navy"><b>static</b></font> <font color="navy"><b>final</b></font> <font color="navy"><b>long</b></font> serialVersionUID = 1L;
   
 
    @Resource(lookup = <font color="red">"java:jboss/datasources/LoginDS"</font>)
    <font color="navy"><b>private</b></font> DataSource ds;
 
    @Override
    <font color="navy"><b>protected</b></font> <font color="navy"><b>void</b></font> doGet(HttpServletRequest req, HttpServletResponse resp) <font color="navy"><b>throws</b></font> ServletException, IOException <font color="navy">{</font>
        Writer writer = resp.getWriter();
        writer.write((ds != <font color="navy"><b>null</b></font>) + <font color="red">""</font>);
    <font color="navy">}</font>
<font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Note that I have commented out one @DataSourceDefinition annotation.  That includes the clear text database password.  In this example, we use the H2 database that is available for use in JBoss AS7.1</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The uncommented @DataSourceDefinition  contains the masked password via the vault.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code">h
anil@localhost:~/as7/jboss-as/build/target/jboss-as-7.1.0.Final-SNAPSHOT/bin$ sh util/vault.sh
=========================================================================
  JBoss Vault
  JBOSS_HOME: /home/anil/as7/jboss-as/build/target/jboss-as-7.1.0.Final-SNAPSHOT
  JAVA: /opt/java/jdk1.6.0_23/bin/java
  VAULT Classpath: /home/anil/as7/jboss-as/build/target/jboss-as-7.1.0.Final-SNAPSHOT/modules/org/picketbox/main/*:/home/anil/as7/jboss-as/build/target/jboss-as-7.1.0.Final-SNAPSHOT/modules/org/jboss/logging/main/*:/home/anil/as7/jboss-as/build/target/jboss-as-7.1.0.Final-SNAPSHOT/modules/org/jboss/common-core/main/*:/home/anil/as7/jboss-as/build/target/jboss-as-7.1.0.Final-SNAPSHOT/modules/org/jboss/as/security/main/*
=========================================================================
**********************************
****  JBoss Vault ********
**********************************
Please enter a Digit::   0: Start Interactive Session  1: Remove Interactive Session  2: Exit
0
Starting an interactive session
Enter directory to store encrypted files (end with either / or \ based on Unix or Windows:/home/anil/vault/
Enter Keystore URL:/home/anil/vault/vault.keystore
Enter Keystore password:
Enter Keystore password again:
Values match
Enter 8 character salt:12345678
Enter iteration count as a number (Eg: 44):25
               
Please make note of the following:
********************************************
Masked Password:MASK-DjeJRxMmsyt
salt:12345678
Iteration Count:25
********************************************
               
Enter Keystore Alias:vault
Jan 11, 2012 1:02:37 PM org.jboss.security.vault.SecurityVaultFactory get
INFO: Getting Security Vault with implementation of org.picketbox.plugins.vault.PicketBoxSecurityVault
Obtained Vault
Intializing Vault
Jan 11, 2012 1:02:38 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: Default Security Vault Implementation Initialized and Ready
Vault is initialized and ready for use
Handshake with Vault complete
Please enter a Digit::   0: Store a password  1: Check whether password exists  2: Exit
0
Task:  Store a password
Please enter attribute value:
Please enter attribute value again:
Values match
Enter Vault Block:DS
Enter Attribute Name:thePass
Attribute Value for (DS, thePass) saved
               
Please make note of the following:
********************************************
Vault Block:DS
Attribute Name:thePass
Shared Key:OWY5M2I5NzctYzdkOS00MmZhLWExZGYtNjczM2U5ZGUyOWIxTElORV9CUkVBS3ZhdWx0
Configuration should be done as follows:
VAULT::DS::thePass::OWY5M2I5NzctYzdkOS00MmZhLWExZGYtNjczM2U5ZGUyOWIxTElORV9CUkVBS3ZhdWx0
********************************************
               
Please enter a Digit::   0: Store a password  1: Check whether password exists  2: Exit
2
anil@localhost:~/as7/jboss-as/build/target/jboss-as-7.1.0.Final-SNAPSHOT/bin$
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I entered "sa" for the attribute value.</p><p>I entered "vault22" for keystore password</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>My standalone/configuration/standalone.xml contains the following</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><?xml version='1.0' encoding='UTF-8'?></span>
<span class="jive-xml-tag"><span><server name="localhost.sadbhav" xmlns="urn:jboss:domain:1.1" xmlns:xsd="</span><a class="jive-link-external-small" href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a><span>"></span></span>
    <span class="jive-xml-tag"><extensions></span>
       ...
    <span class="jive-xml-tag"></extensions></span>
 
    <span class="jive-xml-tag"><vault></span>
      <span class="jive-xml-tag"><vault-option name="KEYSTORE_URL" value="${user.home}/vault/vault.keystore"/></span>
      <span class="jive-xml-tag"><vault-option name="KEYSTORE_PASSWORD" value="MASK-3y28rCZlcKR"/></span>
      <span class="jive-xml-tag"><vault-option name="KEYSTORE_ALIAS" value="vault"/></span>
      <span class="jive-xml-tag"><vault-option name="SALT" value="12438567"/></span>
      <span class="jive-xml-tag"><vault-option name="ITERATION_COUNT" value="50"/></span>
      <span class="jive-xml-tag"><vault-option name="ENC_FILE_DIR" value="${user.home}/vault/"/></span>
    <span class="jive-xml-tag"></vault></span>
    <span class="jive-xml-tag"><management></span> ....
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span>When I go to the web application, </span><a class="jive-link-external-small" href="http://localhost:8080/vaulterror-web-1.0-SNAPSHOT/my/" target="_blank">http://localhost:8080/vaulterror-web-1.0-SNAPSHOT/my/</a></p><p>I get the value "true".</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Comment by <a href="https://community.jboss.org/docs/DOC-17472">going to Community</a></p>
<p style="margin: 0;">Create a new document in PicketBox Development at <a href="https://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2088">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>