Download the Library
Copy the JAR file to the folder ${TOMCAT_HOME}/lib
${TOMCAT_HOME}/lib
Make the following changes to your JNDI datasource in ${TOMCAT_HOME}/conf/context.xml
${TOMCAT_HOME}/conf/context.xml
Add factory="com.github.ncredinburgh.tomcat.SecureDataSourceFactory"
factory="com.github.ncredinburgh.tomcat.SecureDataSourceFactory"
Replace existing clear text password value with Base64 encoded encrypted password e.g. password="O+JXajIzZS5Hi2+3vpdeqw=="
password
password="O+JXajIzZS5Hi2+3vpdeqw=="
Add algorithm details to connectionProperties e.g. algorithm=AES;mode=ECB;padding=PKCS5PADDING
connectionProperties
algorithm=AES;mode=ECB;padding=PKCS5PADDING
Add location of keyfile to connectionProperties e.g.keyFilename=/some/super/secure/location/keyfile
keyFilename=/some/super/secure/location/keyfile
Congratulations your done!
Example:
Before Password Encryption:
<Resource name="OLDAA90DBJNDI" auth="Container"type="javax.sql.DataSource" username="TESTUSER" password="TESTPASSWORD"driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:@localhost:1521:xe" maxWaitMillis="30000"maxTotal="32" maxIdle="4" initialSize="4"connectionProperties="SetBigStringTryClob=true"accessToUnderlyingConnectionAllowed="true" timeBetweenEvictionRunsMillis="600000"minEvictableIdleTimeMillis="600000"/>
After Password Encryption
<Resource name="AA90DBJNDI" auth="Container"factory="com.github.ncredinburgh.tomcat.SecureDataSourceFactory"type="javax.sql.DataSource" username="TESTUSER" password="F0EV2niaAO2gnUB1/0SKXw=="driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:@localhost:1521:xe" maxWaitMillis="30000"maxTotal="32" maxIdle="4" initialSize="4"accessToUnderlyingConnectionAllowed="true" timeBetweenEvictionRunsMillis="600000"minEvictableIdleTimeMillis="600000"connectionProperties="algorithm=AES;mode=ECB;padding=PKCS5PADDING;keyFilename=./conf/testkeyfile"/>
Reference:
GitHub - ncredinburgh/secure-tomcat-datasourcefactory: A drop in replacement for the standard Tomcat DataSourceFactory t…