[JBoss_WildFly] 데이터소스 - DB 접속 계정 password 암호화 (JBoss7.4.7버전)

참고한 글

https://chanchan-father.tistory.com/982

https://answer-me.tistory.com/69

https://brocess.tistory.com/222

 

---

 

#. 암호화된 패스워드 획득

 

스크립트 실행 후에 평문 패스워드를 input 방식으로 직접 입력

JAVA_HOME=/usr/jdk/jdk1.8/jdk1.8.0_202
JBOSS_HOME=/app/jboss/jboss-eap-7.4
 
picketbox=`find ${JBOSS_HOME}/ -type f -name "picketbox*" | sort | head -n 1`
jboss_logging=`find ${JBOSS_HOME}/ -type f -name "jboss-logging*"`
module_name=org.picketbox.datasource.security.SecureIdentityLoginModule
 
export CLASSPATH=${picketbox}:${jboss_logging}
 
if [ -d $JAVA_HOME ]; then
    read -p "Input Database Password : " dbpassword
    ${JAVA_HOME}/bin/java -cp ${CLASSPATH} ${module_name} ${dbpassword}
else
    echo "JAVA 1.8 is not installed. Please install and try again."
fi

 

스크립트 실행 시에 평문 패스워드를 매개변수로 입력하는 방식

JAVA_HOME=/usr/jdk/jdk1.8/jdk1.8.0_202/bin
JBOSS_HOME=/app/jboss/jboss-eap-7.4
 
picketbox=`find ${JBOSS_HOME}/ -type f -name "picketbox*" | sort | head -n 1`
jboss_logging=`find ${JBOSS_HOME}/ -type f -name "jboss-logging*"`
module_name=org.picketbox.datasource.security.SecureIdentityLoginModule
 
export CLASSPATH=${picketbox}:${jboss_logging}
 
if [ -d $JAVA_HOME ]; then
    read -p "Input Database Password : " dbpassword
    STRING=`$JAVA_HOME/bin/java -cp ${CLASSPATH} ${module_name} ${1}`
    echo ${STRING#*password: }
else
    echo "JAVA 1.8 is not installed. Please install and try again."
fi

 

---

 

#. 서버 상에 적용

 

security-domain 추가

                <security-domain name="보안정책이름" cache-type="default">
                    <authentication>
                        <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                            <module-option name="username" value="유저명"/>
                            <module-option name="password" value="암호화된패스워드"/>
                            <module-option name="managedConnectionFactoryName" value="jbossjca:service=LocalTxCM,name=데이터소스이름"/>
                        </login-module>
                    </authentication>
                </security-domain>

 

 

아래 내용은 데이터소스 설정 부분이다.

security 태그 내에 있는 username과 password 태그를 삭제한다.

아래와 같이 security-domain 태그로 대체한다

                <datasource jndi-name="java:/test" pool-name="test_datasource" enabled="true" statistics-enabled="true">
                    <connection-url>jdbc:oracle:thin:@1.1.1.1:1521:ORCL</connection-url>
                    <driver>oracle_driver</driver>
                    <pool>
                        <min-pool-size>10</min-pool-size>
                        <initial-pool-size>10</initial-pool-size>
                        <max-pool-size>30</max-pool-size>
                    </pool>
                    <security>
                        <security-domain>보안정책이름</security-domain>
                    </security>
                    <validation>
                        <check-valid-connection-sql>SELECT 1 FROM DUAL</check-valid-connection-sql>
                        <validate-on-match>true</validate-on-match>
                    </validation>
                </datasource>

 

 

결과적으로 아래와 같이 되어야 한다