You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Aman Nanner (JIRA)" <ji...@apache.org> on 2007/03/21 21:08:32 UTC
[jira] Created: (GERONIMO-3003) Encrypt password strings in
deployment plans
Encrypt password strings in deployment plans
--------------------------------------------
Key: GERONIMO-3003
URL: https://issues.apache.org/jira/browse/GERONIMO-3003
Project: Geronimo
Issue Type: Improvement
Security Level: public (Regular issues)
Components: deployment
Affects Versions: Wish List
Reporter: Aman Nanner
Priority: Minor
Fix For: Wish List
Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
More discussion of this feature can be found in the following mailing list thread:
http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
----
if (gerModule.isSetAltDd()) {
// the the url of the alt dd
try {
altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
} catch (IOException e) {
throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
}
----
However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790178#action_12790178 ]
Jack Cai commented on GERONIMO-3003:
------------------------------------
I believe Requirement (1) is already done in the previous patch. The TODO is to provide a utility to generate encrypted strings. A simple way to do this is to let the user optionally specify a key file and then generate the string, or use the default key if no key file is provided. A more robust way is to call the running server to do the encryption, e.g., extend the org.apache.geronimo.system.util.ConfiguredEncryption GBean to provide such operation. I'd prefer the latter solution. If no objection, I'll create a patch.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Cai updated GERONIMO-3003:
-------------------------------
Attachment: GERONIMO-3003.cmd.22.patch
GERONIMO-3003.cmd.21.patch
Attaching the patch to add a command to the deploy commandline to do an encryption. Typical usage:
Use a running server to do the encryption so that the encryption setting of that server will be used:
deploy(.sh|.bat) -h localhost -p 1099 encrypt sometext
Use the common simple encrption so that no running server is required
deploy(.sh|.bat) -o encrypt sometext
Tested with 2.2 branch.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan reassigned GERONIMO-3003:
------------------------------
Assignee: Ivan (was: Jack Cai)
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Ivan
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Cai reassigned GERONIMO-3003:
----------------------------------
Assignee: Jack Cai
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Jack Cai
> Priority: Minor
> Fix For: Wish List
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Shawn Jiang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shawn Jiang reassigned GERONIMO-3003:
-------------------------------------
Assignee: Shawn Jiang
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Shawn Jiang
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.gshell.cmd 30.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Rex Wang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rex Wang closed GERONIMO-3003.
------------------------------
closing it
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Shawn Jiang
> Priority: Minor
> Fix For: 2.1.5, 2.2.1, 3.0
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.gshell.cmd 30.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790012#action_12790012 ]
Jack Cai commented on GERONIMO-3003:
------------------------------------
In addition to what is already done for this requirement, guess the original requirement raised in this JIRA is not resolved. However, instead of doing what is proposed originally (rewrite the deployment plan to encrypt the password), another way to achieve the security goal is to -
1) accept encrypted passwords in deployment plan, and
2) provide an encrypt utility so users could generate encrypted strings that could then be pasted into the deployment plan
Comments?
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Shawn Jiang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840521#action_12840521 ]
Shawn Jiang commented on GERONIMO-3003:
---------------------------------------
1, Migrated encrypt command to trunk.
2, committed the patch from Vanessa to add GShell equivalent for karaf commands.
TODO:
1, testing
2, doc update.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.gshell.cmd 30.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (GERONIMO-3003) Encrypt password strings in deployment plans
Posted by Kevan Miller <ke...@gmail.com>.
On Jul 24, 2009, at 3:58 AM, Ivan (JIRA) wrote:
>
> [ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734957
> #action_12734957 ]
>
> Ivan commented on GERONIMO-3003:
> --------------------------------
>
> The patch looks good to me, if no objection, I will first try to
> apply it to 2.1 branch.
I'd like to have some additional eyes on these patches.
I'm quite interested in seeing improvements in our password handling.
However, I want to be sure we're happy with this approach. Integrating
into 2.1 sets expectations for 2.2.
I'll try to get some time to look at this, but would be great if some
other folks would have a look also.
--kevan
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734957#action_12734957 ]
Ivan commented on GERONIMO-3003:
--------------------------------
The patch looks good to me, if no objection, I will first try to apply it to 2.1 branch.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Jack Cai
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Vanessa Wang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vanessa Wang updated GERONIMO-3003:
------------------------------------
Attachment: GERONIMO-3003.gshell.cmd 30.patch
GShell Command patch for EncryptCommand in Geronimo 3.0
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.gshell.cmd 30.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Shawn Jiang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shawn Jiang resolved GERONIMO-3003.
-----------------------------------
Resolution: Fixed
Fix Version/s: (was: Wish List)
3.0
2.2.1
2.1.5
This should be resloved after applying the patch from Venessa Wang.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Shawn Jiang
> Priority: Minor
> Fix For: 2.1.5, 2.2.1, 3.0
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.gshell.cmd 30.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736523#action_12736523 ]
Jack Cai commented on GERONIMO-3003:
------------------------------------
David, looks like you forgot to commit EncryptionSetting.java.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Cai updated GERONIMO-3003:
-------------------------------
Attachment: (was: GERONIMO-3003.cmd.21.patch)
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks updated GERONIMO-3003:
-----------------------------------
Attachment: GERONIMO-3003-2.2-2.patch
I reworked the 2.2. patch extensively to
- use the command pattern to put the encrypt/decrypt login in the EncryptionSession enumeration
- store the encrypted values in the GBeanOverride and only encrypt/decrypt when we deal with a GBeanData object. This means we always have the GAttibuteInfo available that tells us what to do.
I plan to review this again tonight before committing it.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Ivan
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan updated GERONIMO-3003:
---------------------------
Assignee: (was: Ivan)
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12789666#action_12789666 ]
Ivan commented on GERONIMO-3003:
--------------------------------
Commit the patch to 2.1 At revision: 889880.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736422#action_12736422 ]
Jack Cai commented on GERONIMO-3003:
------------------------------------
Thanks Ivan, Kevan and David!
I think it makes good sense to simply store encrypted values in GBeanOverride. I reviewed David's revised patch and suggest to add the below lines to the patch so that GBeanOverride.applyOverride() will encrypt attribute values which are not encrypted in config.xml but should be encrypted. This is to handle scenarios in which users change a password in config.xml and want it get encrypted when the server writes back to config.xml.
{code}
@@ -357,6 +402,19 @@
}
String valueString = entry.getValue();
Object value = getValue(attributeInfo, valueString, configName, gbeanName, classLoader);
+ /*
+ * Make sure encrypted attributes are encrypted even if they are in
+ * plain text originally.
+ */
+ if (valueString != null
+ && attributeInfo.getEncryptedSetting() == EncryptionSetting.ENCRYPTED) {
+ String decryptedValue = (String) attributeInfo
+ .getEncryptedSetting().decrypt(valueString);
+ if (valueString.equals(decryptedValue)) {
+ entry.setValue(attributeInfo.getEncryptedSetting().encrypt(
+ valueString));
+ }
+ }
data.setAttribute(attributeName, value);
}
{code}
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Aman Nanner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710252#action_12710252 ]
Aman Nanner commented on GERONIMO-3003:
---------------------------------------
I am out of the office this week, and returning Monday, May 18th
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Jack Cai
> Priority: Minor
> Fix For: Wish List
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Cai updated GERONIMO-3003:
-------------------------------
Attachment: (was: GERONIMO-3003.cmd.22.patch)
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Aman Nanner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734547#action_12734547 ]
Aman Nanner commented on GERONIMO-3003:
---------------------------------------
I am out of the office this week, and returning Tuesday, July 28th.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Jack Cai
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736782#action_12736782 ]
David Jencks commented on GERONIMO-3003:
----------------------------------------
As several people noiced I left out a bunch of stuff in the first commit.
Additional files from first commit in rev.799023
Modified version of Jacks' suggestion above in rev 799037.
I think this is all we need for trunk. I would advise using jack's patch for 2.1 directly but if someone wants to try to port my changes it's fine with me.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736478#action_12736478 ]
David Jencks commented on GERONIMO-3003:
----------------------------------------
I applied my revised patch in rev 798794 before I saw Jac's suggestion. I think the use case there is a good idea, and I don't see a better way to implement it. I wish we didn't have to rely on encrypt and decrupt being idempotent.
If no one gets there first I'll apply jack's suggestion in the morning.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Cai updated GERONIMO-3003:
-------------------------------
Attachment: GERONIMO-3003.cmd.22.patch
GERONIMO-3003.cmd.21.patch
Add a bit error check code and tested with 2.1 branch.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Cai updated GERONIMO-3003:
-------------------------------
Attachment: GERONIMO-3003.patch
Creating a patch for the trunk. If it is accepted well, I'll create a patch for 2.1 branch too.
The current design is -
1. Developers can specify a String type attribute of a GBean as "encrypted", either through API or annotation. Encrypted attributes are encrypted when marshalled, e.g., serialized to config.ser. It will also get encrypted when saved into the server's config.xml.
2. By default, GBean attributes are not encrypted except those whose name contains the string "password" (ignore case) and whose type is java.lang.String.
Since the patch is pretty big and affects quite a few files, please help to review and commit it soon. I hope it will make into G2.2 release. Thanks!
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Jack Cai
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12796974#action_12796974 ]
Jack Cai commented on GERONIMO-3003:
------------------------------------
Commited the encrypt command patch to 2.1 branch at Rev 896103 and 2.2 branch at Rev 896316.
TODO:
1. Trunk update
2. GShell equivalent
3. Doc update
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003-2.2-2.patch, GERONIMO-3003.cmd.21.patch, GERONIMO-3003.cmd.22.patch, GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Kevan Miller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735921#action_12735921 ]
Kevan Miller commented on GERONIMO-3003:
----------------------------------------
I looked at the 2.1 patch. Looks pretty good and build/tests seem to be working well.
David J, maybe you could have a look at the patch for trunk? I think this would be a good feature for 2.2.
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Ivan
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3003) Encrypt password strings in
deployment plans
Posted by "Jack Cai (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Cai updated GERONIMO-3003:
-------------------------------
Attachment: GERONIMO-3003_21.patch
Created a patch for 2.1 branch.
I did both a few unit testing and manual testing, for both 2.2 and 2.1. All looks good.
Please help to review and commit. Thanks!
> Encrypt password strings in deployment plans
> --------------------------------------------
>
> Key: GERONIMO-3003
> URL: https://issues.apache.org/jira/browse/GERONIMO-3003
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment
> Affects Versions: Wish List
> Reporter: Aman Nanner
> Assignee: Jack Cai
> Priority: Minor
> Fix For: Wish List
>
> Attachments: GERONIMO-3003.patch, GERONIMO-3003_21.patch
>
>
> Geronimo currently has a feature where password strings in the config.xml get encrypted using the {{org.apache.geronimo.util.EncryptionManager}}. This encryption is performed in the {{org.apache.geronimo.system.configuration.GBeanOverride}} class.
> It would be desirable to have the same encryption applied to the password strings in deployment plans (e.g. datasource or JMS deployment plans within an EAR). Even though the plans are only used during the deployment process, and not at runtime, the plans are left with plaintext password strings sitting in them. It would be nice if the deployment process could internally encrypt the strings and then write back out the deployment plan to the file system. Also, this means that the deployment process will require the ability to decrypt strings that are already in encrypted format in the plan (in the case of redeployment, for example).
> More discussion of this feature can be found in the following mailing list thread:
> http://www.mail-archive.com/user@geronimo.apache.org/msg05859.html
> I would suggest that an appropriate spot to perform the encryption is in the {{org.apache.geronimo.j2ee.deployment.EARConfigBuilder}} class, perhaps in the following code just before the file is written to a temporary file:
> ----
> if (gerModule.isSetAltDd()) {
> // the the url of the alt dd
> try {
> altVendorDDs.put(path, DeploymentUtil.toTempFile(earFile, gerModule.getAltDd().getStringValue()));
> } catch (IOException e) {
> throw new DeploymentException("Invalid alt vendor dd url: " + gerModule.getAltDd().getStringValue(), e);
> }
> ----
> However, somebody more familiar with the design might be able to suggest a better solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.