章子怡床上视频,曰本人色中国美女视频免费,美女视频永久免费观看网站

應(yīng)用系統(tǒng)中的數(shù)據(jù)源通常配置在程序中，或者在應(yīng)用服務(wù)器中配置JDNI數(shù)據(jù)源，在程序中引用。相對(duì)來(lái)說(shuō)在應(yīng)用服務(wù)器中配置JNDI數(shù)據(jù)源更好一點(diǎn)，因?yàn)檫@樣一來(lái)，數(shù)據(jù)源變更之后不用修改程序，只要修改應(yīng)用服務(wù)器中JNDI配置即可。在配置數(shù)據(jù)源的時(shí)候，我們經(jīng)常會(huì)看見(jiàn)有很多人將數(shù)據(jù)源的密碼配置成明文的。這樣其實(shí)不太安全。因?yàn)樯杂羞@個(gè)常識(shí)的人就可以去查看你的配置文件，這樣就能夠知道你的數(shù)據(jù)庫(kù)的用戶名和密碼。所以我們需要將數(shù)據(jù)源的密碼進(jìn)行加密處理，即使別人找到你的配置文件，也不知道數(shù)據(jù)庫(kù)的密碼是多少。

今天介紹JBoss中JNDI數(shù)據(jù)源的密碼加密方法。

應(yīng)用服務(wù)器：JBoss-5.1.0.GA

數(shù)據(jù)庫(kù)：Oracle 10g

假如我們的JBoss安裝在D:\jboss-5.1.0.GA下，首先將D:\jboss-5.1.0.GA\server\default\deploy\management\console-mgr.sar\web-console.war\applet.jar文件復(fù)制到D:\jboss-5.1.0.GA\common\lib下。然后在D:\jboss-5.1.0.GA\server\default\deploy\目錄下創(chuàng)建一個(gè)oracle-ds.xml文件，用于配置針對(duì)Oracle的數(shù)據(jù)源。該文件在Jboss中是有模板的，在D:\jBoss5.1\docs\examples\jca目錄下，里邊除過(guò)Oracle的數(shù)據(jù)源模板文件之外，還有db2、informix、mssql、mysql等的數(shù)據(jù)源模板文件。大家找到以后復(fù)制到D:\jboss-5.1.0.GA\server\default\deploy\目錄下，然后修改一下即可，不用從頭開(kāi)始創(chuàng)建文件。

修改oracle-ds.xml文件，去掉里邊的user-name和password節(jié)點(diǎn)，增加security-domain節(jié)點(diǎn)，具體內(nèi)容如下所示：

<?xml version="1.0" encoding="UTF-8"?>

<!-- ===================================================================== -->
<!--                                                                       -->
<!--  JBoss Server Configuration                                           -->
<!--                                                                       -->
<!-- ===================================================================== -->

<!-- See http://www.jboss.org/community/wiki/Multiple1PC for information about local-tx-datasource -->
<!-- $Id: oracle-ds.xml 97536 2009-12-08 14:05:07Z jesper.pedersen $ -->
<!-- ==================================================================== -->
<!--  Datasource config for Oracle originally from Steven Coy             -->
<!-- ==================================================================== -->


<datasources>
  <local-tx-datasource>
    <jndi-name>ibankDs</jndi-name>
    <!-- 有了這句, 在jndi前可以不用加前綴"java:" 
    <use-java-context>false</use-java-context>
    -->
    
    <!-- 開(kāi)發(fā)環(huán)境 -->
    <connection-url>jdbc:oracle:thin:@10.1.84.1:1521:ycdvlp</connection-url>
    
    <!-- 測(cè)試環(huán)境 
    <connection-url>jdbc:oracle:thin:@10.1.5.152:1521:yctest</connection-url>
    -->
    
 <!--
  Here are a couple of the possible OCI configurations.
  For more information, see http://otn.oracle.com/docs/products/oracle9i/doc_library/release2/java.920/a96654/toc.htm

 <connection-url>jdbc:oracle:oci:@youroracle-tns-name</connection-url>
  or
 <connection-url>jdbc:oracle:oci:@(description=(address=(host=youroraclehost)(protocol=tcp)(port=1521))(connect_data=(SERVICE_NAME=yourservicename)))</connection-url>

  Clearly, its better to have TNS set up properly.
  -->
  <!--
    <driver-class>oracle.jdbc.OracleDriver</driver-class>
     -->
    <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
    
    <!-- 如果使用加密后的數(shù)據(jù)庫(kù)用戶密碼的話, 則下邊的兩個(gè)節(jié)點(diǎn)不需要, 將其配置在login-config.xml文件中. 去掉user-name和password節(jié)點(diǎn), 增加security-domain節(jié)點(diǎn). 
    <user-name>ibank_new</user-name>
    <password>passw0rd!</password>
    -->
    
    <!-- 下邊配置的是%JBOSS_HOME%\server\default\conf\login-config.xml文件中的application-policy的值 -->
    <security-domain>ibankEncryptDBPassword</security-domain>
    
    <min-pool-size>5</min-pool-size>
    <max-pool-size>200</max-pool-size>
    
    <!-- Uses the pingDatabase method to check a connection is still valid before handing it out from the pool -->
    <!--valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleValidConnectionChecker</valid-connection-checker-class-name-->
    <!-- Checks the Oracle error codes and messages for fatal errors -->
    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
        <!-- sql to call when connection is created
        <new-connection-sql>some arbitrary sql</new-connection-sql>
        -->

        <!-- sql to call on an existing pooled connection when it is obtained from pool - the OracleValidConnectionChecker is prefered
        <check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql>
        -->

      <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
      <metadata>
         <type-mapping>Oracle9i</type-mapping>
      </metadata>
  </local-tx-datasource>

</datasources>

security-domain節(jié)點(diǎn)的值和login-config.xml文件中的application-policy節(jié)點(diǎn)的值相同。下來(lái)我們就來(lái)配置login-config.xml文件。

在D:\jboss-5.1.0.GA\server\default\conf\目錄下有一個(gè)login-config.xml文件，在里邊添加一個(gè)application-policy節(jié)點(diǎn)。在這個(gè)文件里邊有很多application-policy節(jié)點(diǎn)，找一個(gè)復(fù)制修改一下。該文件的具體內(nèi)容如下所示：

<?xml version="1.0"?>

<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.

The outline of the application-policy is:
<application-policy name="security-domain-name">
  <authentication>
    <login-module code="login.module1.class.name" flag="control_flag">
      <module-option name = "option1-name">option1-value</module-option>
      <module-option name = "option2-name">option2-value</module-option>
      ...
    </login-module>

    <login-module code="login.module2.class.name" flag="control_flag">
      ...
    </login-module>
    ...
  </authentication>
</application-policy>

$Id: login-config.xml 87078 2009-04-09 14:23:47Z bstansberry@jboss.com $
$Revision: 87078 $
-->

<policy>
  <!-- Used by clients within the application server VM such as
  mbeans and servlets that access EJBs.
  -->
  <application-policy name="client-login">
    <authentication>
      <login-module code="org.jboss.security.ClientLoginModule"
        flag="required">
         <!-- Any existing security context will be restored on logout -->
         <module-option name="restore-login-identity">true</module-option>
      </login-module>
    </authentication>
  </application-policy>

  <!-- Security domains for testing new jca framework -->
  <application-policy name="HsqlDbRealm">
    <authentication>
      <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
        flag="required">
        <module-option name="principal">sa</module-option>
        <module-option name="userName">sa</module-option>
        <module-option name="password"></module-option>
        <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
      </login-module>
    </authentication>
  </application-policy>
  
  <!-- Security domains for ibank -->
  <application-policy name="ibankEncryptDBPassword">
    <authentication>
      <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
        <module-option name="principal">ibank_new</module-option>
        <module-option name="username">ibank_new</module-option> <!-- 數(shù)據(jù)庫(kù)用戶名 -->
        <module-option name="password">64c5fd2979a86168</module-option> <!-- 加密后的數(shù)據(jù)庫(kù)用戶密碼 -->
        <!-- 下邊的name是%JBOSS_HOME%\server\default\deploy\oracle-ds.xml中jndi-name的值 -->
        <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=ibankDs</module-option>
      </login-module>
    </authentication>
  </application-policy>

  <application-policy name="JmsXARealm">
    <authentication>
      <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
        flag="required">
        <module-option name="principal">guest</module-option>
        <module-option name="userName">guest</module-option>
        <module-option name="password">guest</module-option>
        <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
      </login-module>
    </authentication>
  </application-policy>

  <!-- A template configuration for the jmx-console web application. This
    defaults to the UsersRolesLoginModule the same as other and should be
    changed to a stronger authentication mechanism as required.
  -->
  <application-policy name="jmx-console">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required">
        <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
        <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
      </login-module>
    </authentication>
  </application-policy>

  <!-- A template configuration for the web-console web application. This
    defaults to the UsersRolesLoginModule the same as other and should be
    changed to a stronger authentication mechanism as required.
  -->
  <application-policy name="web-console">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required">
        <module-option name="usersProperties">web-console-users.properties</module-option>
        <module-option name="rolesProperties">web-console-roles.properties</module-option>
      </login-module>
    </authentication>
  </application-policy>

  <!--
    A template configuration for the JBossWS security domain.
    This defaults to the UsersRolesLoginModule the same as other and should be
    changed to a stronger authentication mechanism as required.
  -->
  <application-policy name="JBossWS">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required">
        <module-option name="usersProperties">props/jbossws-users.properties</module-option>
        <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
        <module-option name="unauthenticatedIdentity">anonymous</module-option>
      </login-module>
    </authentication>
  </application-policy>

  <!-- The default login configuration used by any security domain that
  does not have a application-policy entry with a matching name
  -->
  <application-policy name="other">
    <!-- A simple server login module, which can be used when the number
    of users is relatively small. It uses two properties files:
    users.properties, which holds users (key) and their password (value).
    roles.properties, which holds users (key) and a comma-separated list of
    their roles (value).
    The unauthenticatedIdentity property defines the name of the principal
    that will be used when a null username and password are presented as is
    the case for an unuathenticated web client or MDB. If you want to
    allow such users to be authenticated add the property, e.g.,
    unauthenticatedIdentity="nobody"
    -->
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required"/>
    </authentication>
  </application-policy>

</policy>

application-policy節(jié)點(diǎn)中的name屬性的值和oracle-ds.xml文件中的security-domain節(jié)點(diǎn)的值相同。application-policy下的name屬性為“username”的module-option節(jié)點(diǎn)的值是數(shù)據(jù)源的用戶名，name屬性為“password”的module-option節(jié)點(diǎn)的值是數(shù)據(jù)源的加密后的密碼，注意該處的密碼是密文的，不是明文。

下來(lái)我們看如何加密數(shù)據(jù)源密碼。

假如數(shù)據(jù)源密碼是123456，啟動(dòng)cmd命令窗口，在里邊執(zhí)行如下命令：

java -cp "D:\jBoss5.1\common\lib\jbosssx.jar;D:\jBoss5.1\common\lib\applet.jar" org.jboss.resource.security.SecureIdentityLoginModule 123456

最后的參數(shù)是數(shù)據(jù)源的密碼。執(zhí)行后界面顯示如下內(nèi)容：

Encoded password: 64c5fd2979a86168

后邊的“64c5fd2979a86168”既是加密后的密碼，將該值放在login-config.xml文件的application-policy下name屬性為“password”的module-option節(jié)點(diǎn)中即可。

本站僅提供存儲(chǔ)服務(wù)，所有內(nèi)容均由用戶發(fā)布，如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請(qǐng)點(diǎn)擊舉報(bào)。

国产一级a片免费看高清,亚洲熟女中文字幕在线视频,黄三级高清在线播放,免费黄色视频在线看