Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Crypting resource password

When using the Resource Loader it can be handy to obfuscate resources' password instead of leaving them in plain text, readable from any person who has access to the loader's configuration file.

Although less useful, it is nevertheless possible to use crypted passwords with the API as well.

Info
titleJDBC and JMS

This is valid for both JDBC and JMS resources even if the examples only demonstrate JDBC.

Contents

Table of Contents
maxLevel3
minLevel2

Crypting a password

The password encryption mechanism is not automatic. You need to configure the crypted password yourself as BTM won't touch the loader's configuration file.

You can get a crypted version of your password with the bitronix.tm.utils.CryptoEngine class. It contains a main method so you can call it from the command line:

Code Block
java -cp btm-2.0.1.jar bitronix.tm.utils.CryptoEngine

Bitronix Transaction Manager password property crypter
Usage: CryptoEngine <password> [cipher]
  where:
    <password> is mandatory and is the resource password to crypt
    [cipher]   is optional and is the cipher to be used to crypt the password

You can just give it the password to encrypt on the command line to get its crypted version:

Code Block
java -cp btm-2.0.1.jar bitronix.tm.utils.CryptoEngine myPassword

Bitronix Transaction Manager password property crypter
crypted password property value: {DES}oBg90wRyVhWcCrwu51xGmw==

By default, the DES cipher will be used. You can override that from the command line by specifying another cipher as a second argument. Please note that the only cipher that is distributed with the JVM by default is DES.

Note
titleSafety

This is not 100% safe as the password can be reverted. Take this feature as a convenience to avoid leaving an important password world-readable.

Using crypted password

Once you have the crypted version of your password, you just need to paste it instead of the plain text version. For instance in a Resource Loader configuration file:

Code Block
resource.ds.className=oracle.jdbc.xa.client.OracleXADataSource
resource.ds.uniqueName=oracle
resource.ds.maxPoolSize=5
resource.ds.driverProperties.user=users1
resource.ds.driverProperties.password={DES}Tg0f6zsYp2GcCrwu51xGmw==
resource.ds.driverProperties.URL=jdbc:oracle:thin:@localhost:1521:XE

or in the API calls:

Code Block
PoolingDataSource myDataSource = new PoolingDataSource();
myDataSource.setClassName("oracle.jdbc.xa.client.OracleXADataSource");
myDataSource.setUniqueName("oracle");
myDataSource.setMaxPoolSize(5);
myDataSource.getDriverProperties().setProperty("user", "users1");
myDataSource.getDriverProperties().setProperty("password", "{DES}Tg0f6zsYp2GcCrwu51xGmw==");
myDataSource.getDriverProperties().setProperty("URL", "jdbc:oracle:thin:@localhost:1521:XE");

BTM will automatically decrypt the password before using it to build the XA connection producer.

Info
titleLimitation

Only driver property called password can contain a crypted password. Other ones won't go through the decryption process.