[jboss-user] [Security & JAAS/JBoss] - Jboss doubt

akshay_ajmani do-not-reply at jboss.com
Fri Jul 10 14:33:36 EDT 2009 

I have a piece of code that parses an XML defined as follows:
      
  | <service name="INT_Trip_PingRQ">
  |       <url></url>
  | <action>Trip_PingRQ</action>
  |       <payload></payload>
  |       <failurecount>3</failurecount>
  |        <alerts>
  |         <alert ref="Log4j" />
  |       </alerts>
  | 	      <username>206041</username>
  | 		 <password>nbcb3172</password>
  | 		 <organization>Employees</organization>
  | 		 <domain>Sabre</domain>	  
  |     </service>
  | 


  |     ServiceObject service=new ServiceObject();
  |     service.setPassword(); <!-- this is nbcb3172 that comes from this xml-->
  | 
If you see the xml, it has a password tag in it.This password is used in a soap request by the application to generate token.This piece of code is application specific and has got nothing to do with Jboss.

My requirement is that , I want this password to be encrypted i.e the encrypted password should be stored in Jboss and encryption and decryption to be done by Jboss.
My xml should just have a reference to the encrypted password as shown below.
      
  | <service name="INT_Trip_PingRQ">
  |       <url>https://cert.webservices.sabre.com/tsts</url>
  |       <action>Trip_PingRQ</action>
  |       <payload><![CDATA[<Trip_PingRQ Version="1.0" xmlns="http://webservices.sabre.com/triprecord" />]]></payload>
  |       <failurecount>3</failurecount>
  |        <alerts>
  |         <alert ref="Log4j" />
  |       </alerts>
  | 	      <username>206041</username>
  | 		 <reference-to-password>reference2</reference-to-password>
  | 		 <organization>Employees</organization>
  | 		 <domain>Sabre</domain>	  
  |     </service>
  |       
    Here reference 2 should point to encrypted password which should be decrypted back to nbcb3172 so that I can use it further
I went through the following link but it is used for datasources.I mean Jboss can do the encryption but how to I ensure that  my java code that parses the xml has an access to this decrypted password.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4242978#4242978

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4242978

More information about the jboss-user mailing list