You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Juergen Weber <we...@gmail.com> on 2008/10/21 18:38:55 UTC
Where to store secret EJB properties?
The canonical way to have properties for EJBs is IMHO to use <env-entry> in
ejb-jar.xml and have them injected via @Resource.
ejb-jar.xml are like source and in source control and are put in the ejb.jar
by ant.
Obviously this is not a good idea for passwords.
Is there a way to save properties via the Geronimo Console (or deployer) and
have them injected via @Resource?
I guess properties in .properties in a .jar cannot be injected, can they?
Could this be done via javax.naming.spi.ObjectFactory as suggested in the
comment here:
http://www.jroller.com/agoncal/entry/configure_your_ejb_3_with#comments
Thanks,
Juergen
--
View this message in context: http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20094408.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Properties in geronimo-application.xml Re: Where to store
secret EJB properties?
Posted by Juergen Weber <we...@gmail.com>.
Juergen Weber wrote:
>
> Another option were to put properties into geronimo-application.xml or
> openejb-jar.xml where they would mirror the values in
> ejb-jar.xml/env-entry, the same ways as properties in geronimo-ra.xml
> override properties in ra.xml.
>
I'd like if this were possible. What do others think?
I would open a JIRA then.
Juergen
--
View this message in context: http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20106126.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Properties in geronimo-application.xml Re: Where to store secret EJB properties?
Posted by David Jencks <da...@yahoo.com>.
On Oct 22, 2008, at 12:00 AM, Juergen Weber wrote:
>
> Another option were to put properties into geronimo-application.xml or
> openejb-jar.xml where they would mirror the values in ejb-jar.xml/
> env-entry,
> the same ways as properties in geronimo-ra.xml override properties in
> ra.xml. Is think this isn't possible right now, is it?
Correct
>
>
> geronimo-application.xml is often not in the ear, so operations
> could get
> the ears from development and keep geronimo-application.xml
> themselves. I
> don't know where Geronimo puts the deployment plans after deployment
> (or is
> it below var/config ?), probably operations would like if the
> deployment
> plans were at a defined location.
If you deploy using the console or gshell the deployment plan is not
included in the car directory. If you use the car-maven-plugin it
ends up in META-INF along with the generated geronimo-plugin.xml
I like the idea of normally putting the plan under META-INF/plan.xml
but there are possible complications and confusion, for instance with
an ee application then you can have a geronimo-application.xml but
each module could have its own e.g. geronimo-web.xml inside.... not
sure if we would want to collect all of these together.
david jencks
>
>
> Juergen
> --
> View this message in context: http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20105057.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Properties in geronimo-application.xml Re: Where to store secret
EJB properties?
Posted by Juergen Weber <we...@gmail.com>.
Another option were to put properties into geronimo-application.xml or
openejb-jar.xml where they would mirror the values in ejb-jar.xml/env-entry,
the same ways as properties in geronimo-ra.xml override properties in
ra.xml. Is think this isn't possible right now, is it?
geronimo-application.xml is often not in the ear, so operations could get
the ears from development and keep geronimo-application.xml themselves. I
don't know where Geronimo puts the deployment plans after deployment (or is
it below var/config ?), probably operations would like if the deployment
plans were at a defined location.
Juergen
--
View this message in context: http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20105057.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Where to store secret EJB properties?
Posted by David Jencks <da...@yahoo.com>.
On Oct 21, 2008, at 12:31 PM, Juergen Weber wrote:
> David, thanks so far, "Locating your application specific
> configuration files" is a step in the right direction. This helps in
> organizing property files, which is better than directly loading them
> from the file system.
> I also was looking for a way to enhance the @Resource injection
> system.
> Now it would be great if one could use a SystemPropertiesGBean to
> inject @Resource into an EJB...
This is a less direct solution to your immediate problem but you might
want to look into gbean bindings into jndi. I think this is the
geronimo equivalent of what the sun article was suggesting. To get
even closer we could write a gbean that bound an object factory into
jndi. The reason the sun idea won't work "as is" in geronimo is that
we have no persistent jndi: everything is bound as the server starts
and various components start and bind stuff. So the equivalent of
using the sun admin console to set up a persistent binding would be to
have a gbean in some plugin that, on starting, would bind whatever is
necessary.
The gbean binding stuff is in geronimo-naming GBeanBinding class.
thanks
david jencks
>
>
> thanks,
> Juergen
>
>
> On Tue, Oct 21, 2008 at 7:42 PM, David Jencks
> <da...@yahoo.com> wrote:
>>
>> On Oct 21, 2008, at 9:38 AM, Juergen Weber wrote:
>>
>>>
>>> The canonical way to have properties for EJBs is IMHO to use <env-
>>> entry>
>>> in
>>> ejb-jar.xml and have them injected via @Resource.
>>> ejb-jar.xml are like source and in source control and are put in the
>>> ejb.jar
>>> by ant.
>>> Obviously this is not a good idea for passwords.
>>>
>>> Is there a way to save properties via the Geronimo Console (or
>>> deployer)
>>> and
>>> have them injected via @Resource?
>>> I guess properties in .properties in a .jar cannot be injected,
>>> can they?
>>>
>>> Could this be done via javax.naming.spi.ObjectFactory as suggested
>>> in the
>>> comment here:
>>> http://www.jroller.com/agoncal/entry/configure_your_ejb_3_with#comments
>>
>> I'm sure that wouldn't work in geronimo naming (e.g. in a web app in
>> geronimo, which only uses geronimo naming stuff) and doubt openejb
>> has a way
>> to make it work (IIRC openejb does some of its own jndi setup). I
>> also
>> don't see how this would conceal the secrets. Wouldn't they now
>> be in the
>> source code of the ObjectFactory class?
>>
>> I can think of a couple approaches that you might find suitable.
>> One is
>> having an application specific data file as explained here:
>> http://cwiki.apache.org/GMOxDOC21/locating-your-application-specific-configuration-files.html
>> .
>> This also hints at the other, using a system property to store the
>> secret,
>> set up with a SystemPropertiesGBean in the geronimo plan for your
>> app. In
>> this case however I would advise:
>>
>> - use maven :-)
>> - deploy your app as a geronimo plugin using the car-maven-plugin
>> - include a config.xml snippet in the geronimo-plugin.xml
>> (generated from
>> the car-maven-plugin configuration)
>> - set up the property value as a config-substitutions.properties
>> variable.
>>
>> Now you can either set the secret directly in
>> var/config/config-substitutions.properties or on the command line,
>> e.g. with
>> gshell
>> geronimo/start-server -G mySecret=foo
>>
>> hope this helps
>> david jencks
>>
>>>
>>>
>>> Thanks,
>>> Juergen
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20094408.html
>>> Sent from the Apache Geronimo - Users mailing list archive at
>>> Nabble.com.
>>>
>>
>>
Re: Where to store secret EJB properties?
Posted by Juergen Weber <we...@gmail.com>.
David, thanks so far, "Locating your application specific
configuration files" is a step in the right direction. This helps in
organizing property files, which is better than directly loading them
from the file system.
I also was looking for a way to enhance the @Resource injection system.
Now it would be great if one could use a SystemPropertiesGBean to
inject @Resource into an EJB...
thanks,
Juergen
On Tue, Oct 21, 2008 at 7:42 PM, David Jencks <da...@yahoo.com> wrote:
>
> On Oct 21, 2008, at 9:38 AM, Juergen Weber wrote:
>
>>
>> The canonical way to have properties for EJBs is IMHO to use <env-entry>
>> in
>> ejb-jar.xml and have them injected via @Resource.
>> ejb-jar.xml are like source and in source control and are put in the
>> ejb.jar
>> by ant.
>> Obviously this is not a good idea for passwords.
>>
>> Is there a way to save properties via the Geronimo Console (or deployer)
>> and
>> have them injected via @Resource?
>> I guess properties in .properties in a .jar cannot be injected, can they?
>>
>> Could this be done via javax.naming.spi.ObjectFactory as suggested in the
>> comment here:
>> http://www.jroller.com/agoncal/entry/configure_your_ejb_3_with#comments
>
> I'm sure that wouldn't work in geronimo naming (e.g. in a web app in
> geronimo, which only uses geronimo naming stuff) and doubt openejb has a way
> to make it work (IIRC openejb does some of its own jndi setup). I also
> don't see how this would conceal the secrets. Wouldn't they now be in the
> source code of the ObjectFactory class?
>
> I can think of a couple approaches that you might find suitable. One is
> having an application specific data file as explained here:
> http://cwiki.apache.org/GMOxDOC21/locating-your-application-specific-configuration-files.html.
> This also hints at the other, using a system property to store the secret,
> set up with a SystemPropertiesGBean in the geronimo plan for your app. In
> this case however I would advise:
>
> - use maven :-)
> - deploy your app as a geronimo plugin using the car-maven-plugin
> - include a config.xml snippet in the geronimo-plugin.xml (generated from
> the car-maven-plugin configuration)
> - set up the property value as a config-substitutions.properties variable.
>
> Now you can either set the secret directly in
> var/config/config-substitutions.properties or on the command line, e.g. with
> gshell
> geronimo/start-server -G mySecret=foo
>
> hope this helps
> david jencks
>
>>
>>
>> Thanks,
>> Juergen
>> --
>> View this message in context:
>> http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20094408.html
>> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
>>
>
>
Re: Where to store secret EJB properties?
Posted by David Jencks <da...@yahoo.com>.
On Oct 21, 2008, at 9:38 AM, Juergen Weber wrote:
>
> The canonical way to have properties for EJBs is IMHO to use <env-
> entry> in
> ejb-jar.xml and have them injected via @Resource.
> ejb-jar.xml are like source and in source control and are put in the
> ejb.jar
> by ant.
> Obviously this is not a good idea for passwords.
>
> Is there a way to save properties via the Geronimo Console (or
> deployer) and
> have them injected via @Resource?
> I guess properties in .properties in a .jar cannot be injected, can
> they?
>
> Could this be done via javax.naming.spi.ObjectFactory as suggested
> in the
> comment here:
> http://www.jroller.com/agoncal/entry/
> configure_your_ejb_3_with#comments
I'm sure that wouldn't work in geronimo naming (e.g. in a web app in
geronimo, which only uses geronimo naming stuff) and doubt openejb has
a way to make it work (IIRC openejb does some of its own jndi setup).
I also don't see how this would conceal the secrets. Wouldn't they
now be in the source code of the ObjectFactory class?
I can think of a couple approaches that you might find suitable. One
is having an application specific data file as explained here: http://cwiki.apache.org/GMOxDOC21/locating-your-application-specific-configuration-files.html
. This also hints at the other, using a system property to store the
secret, set up with a SystemPropertiesGBean in the geronimo plan for
your app. In this case however I would advise:
- use maven :-)
- deploy your app as a geronimo plugin using the car-maven-plugin
- include a config.xml snippet in the geronimo-plugin.xml (generated
from the car-maven-plugin configuration)
- set up the property value as a config-substitutions.properties
variable.
Now you can either set the secret directly in var/config/config-
substitutions.properties or on the command line, e.g. with gshell
geronimo/start-server -G mySecret=foo
hope this helps
david jencks
>
>
> Thanks,
> Juergen
> --
> View this message in context: http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20094408.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>