Encrypting Password for Data Source

To encrypt the password for data source on JBoss Application Server 7 version, update the standalone.xml file.

Procedure

  1. Add SecureIdentityLoginModule and Security Domain
    1. Go to $JBOSS_HOME/standalone/configuration directory and open the standalone.xml file.
    2. Under <security-domains> element, add the EncryptedPassword security-domain and SecureIdentityLoginModule along with username and password module options. For example, 
      <security-domains>
<security-domain name="EncryptedPassword">
					<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
							<module-option name="username" value="@MDM.DB.USER@"/>
							<module-option name="password" value="@MDM.DB.PASSWORD.ENTCRYPT@"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=dataSource-1-PoolName,dataSource-2-PoolName"/>
						</login-module>
					</authentication>
				</security-domain>
</security-domains>
    3. Under the <datasources> element, remove the following existing <user-name> and <password> from the <security> element because you have already added <user-name> and <password> as module options in the previous step:

      <datasources>

      <datasource ... >

      .....

        <security>

          <user-name>mdmuser</user-name>

          <password>mdmpassword</password>

        </security>

      </datasource>

      </datasources>

    4. Under the <datasources> element, add the EncryptedPassword security-domain, such as:

      <datasources>

      <datasource ... >

      .....

      <security>

                 <security-domain>EncryptedPassword</security-domain>

      </security>

      </datasource>

      </datasources>

    5. Save the updated standalone.xml file.
  2. Encrypt Password
    1. On the command line, type $JBOSS_HOME.
    2. Enter the following command: 
      java -cp modules\org\picketbox\main\picketbox-version.final.jar;modules\org\jboss\logging\main\jboss-logging-version.GA.jar org.picketbox.datasource.security.SecureIdentityLoginModule password
      Note: Verify the versions of the picketbox and logging JAR files in the $JBOSS_HOME directory and specify them in the command accordingly.

      The command returns the encrypted password. You can use the returned password in your security domain.