Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Password obfuscation in 8.1.2 
Or try workarounding it with

<Set name="Password">
  <Arg>
    <Call class="org.eclipse.jetty.util.security.Password" name="deobfuscate">
      <Arg>OBF:1lmb1k8k1kmy1lts20001t331sal1sap1t331zzy1lq61kjo1k5m1ljf</Arg>
    </Call>
  </Arg>
</Set>

On Wed, Oct 23, 2013 at 5:04 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
> The obfuscated password strings that
> org.eclipse.jetty.util.security.Password produces are recognized by various
> jetty components and converted when they see them.
>
> However, <New class="com.mchange.v2.c3p0.ComboPooledDataSource">, is not a
> Jetty component.
> The Jetty IoC XML format has no magic behavior with regards to Password
> handling.
> Think of the <New> and <Set> calls as code.
>
> If you would like to see the Jetty IoC XML format convert obfuscated
> passwords before calling the components, then file a feature request asking
> for this magic behavior.
> https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty&format=guided
>
>
> --
> Joakim Erdfelt <joakim@xxxxxxxxxxx>
> webtide.com - intalio.com/jetty
> Expert advice, services and support from from the Jetty & CometD experts
> eclipse.org/jetty - cometd.org
>
>
> On Tue, Oct 22, 2013 at 6:00 PM, Mike Harrelson <mharrelson@xxxxxxxxxxxxxx>
> wrote:
>>
>> Hi all,
>>
>>
>>
>> I’ve read the secure password obfuscation document from:
>> http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
>>
>>
>>
>> And I’m trying to use the OBF version of my password in a jetty-env.xml
>> data source configuration but it’s not converting back to the original
>> password.  I’ve looked at what’s being passed into the data source’s
>> setPassword and it’s the full OBF sting.  Everything works fine if I use the
>> raw password.
>>
>>
>>
>> Any insight would be appreciated.
>>
>> Thanks
>>
>> Mike
>>
>>
>>
>> Here’s my jetty-env.xml ( removing the specifics of my machine/domain):
>>
>>
>>
>> <?xml version="1.0"?>
>>
>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>> "http://www.eclipse.org/jetty/configure.dtd";>
>>
>>
>>
>> <Configure class="org.eclipse.jetty.webapp.WebAppContext">
>>
>>   <New id="limsDS" class="org.eclipse.jetty.plus.jndi.Resource">
>>
>>     <Arg></Arg>
>>
>>     <Arg>jdbc/limsDS</Arg>
>>
>>     <Arg>
>>
>>       <New class="com.mchange.v2.c3p0.ComboPooledDataSource">
>>
>>         <Set name="driverClass">oracle.jdbc.OracleDriver</Set>
>>
>>         <Set name="jdbcUrl">jdbc:oracle:thin:@xxx.xxx.com:1521:lims1</Set>
>>
>>         <Set name="User">limsweb_dev</Set>
>>
>>         <Set
>> name="Password">OBF:1lmb1k8k1kmy1lts20001t331sal1sap1t331zzy1lq61kjo1k5m1ljf</Set>
>>
>>         <Set name="initialPoolSize">1</Set>
>>
>>         <Set name="minPoolSize">1</Set>
>>
>>         <Set name="maxPoolSize">32</Set>
>>
>>       </New>
>>
>>
>>
>>     </Arg>
>>
>>   </New>
>>
>> </Configure>
>>
>>
>> _______________________________________________
>> jetty-dev mailing list
>> jetty-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>
>
>
> _______________________________________________
> jetty-dev mailing list
> jetty-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>

Back to the top