cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amedeo Mantica <amedeomant...@me.com>
Subject Re: Redacting db user name and password from XML
Date Wed, 17 Jan 2018 12:57:25 GMT
I tried setting connection dictionary programmactically too, I was succesful, but only after
deletion of the existing connection discionary from the xml

In my module:

String driver = conf.getString(JDBC_DRIVER_PROPERTY);
String jdbcUrl = conf.getString(JDBC_URL_PROPERTY);
String username = conf.getString(JDBC_USERNAME_PROPERTY);
String password = conf.hasPath(JDBC_PASSWORD_PROPERTY) ? conf.getString(JDBC_PASSWORD_PROPERTY)
: "";

if(jdbcUrl != null) {
    binder.bindMap(Constants.PROPERTIES_MAP).put(Constants.JDBC_DRIVER_PROPERTY, driver);
    binder.bindMap(Constants.PROPERTIES_MAP).put(Constants.JDBC_URL_PROPERTY, jdbcUrl);
    binder.bindMap(Constants.PROPERTIES_MAP).put(Constants.JDBC_USERNAME_PROPERTY, username);
    binder.bindMap(Constants.PROPERTIES_MAP).put(Constants.JDBC_PASSWORD_PROPERTY, password);
}

Regards
Amedeo

> On 17 Jan 2018, at 13:53, Pascal Robert <probert@druide.com> wrote:
> 
> It’s not a Bootique project, it’s a plain old Java project that I run in Eclipse.
I can read the properties with System.getProperty, but Cayenne is still using the user and
password from the model.
> 
> INFO [main] (XMLDataChannelDescriptorLoader.java:125) - Loading XML configuration resource
from file:/Users/probert/Code/modele-migration-filemaker/target/classes/cayenne-mysql.xml
> DEBUG [main] (DefaultHandlerFactory.java:38) - Skipping unknown tag <http://cayenne.apache.org/schema/10/domain:domain>
> INFO [main] (DataChannelChildrenHandler.java:106) - Loading XML DataMap resource from
file:/Users/probert/Code/modele-migration-filemaker/target/classes/mysql.map.xml
> INFO [main] (DataSourceChildrenHandler.java:81) - loading user name and password.
> DEBUG [main] (DataDomainProvider.java:240) - finished configuration loading in 62 ms.
> INFO [main] (EntityResolver.java:118) - added runtime complimentary DbRelationship from
adresse to ecole
> INFO [main] (EntityResolver.java:118) - added runtime complimentary DbRelationship from
don_ecole to ecole
> INFO [main] (EntityResolver.java:118) - added runtime complimentary DbRelationship from
no_serie to licence
> INFO [main] (EntityResolver.java:118) - added runtime complimentary DbRelationship from
regroupement to utilisateur
> INFO [main] (EntityResolver.java:118) - added runtime complimentary DbRelationship from
etat_utilisateur to utilisateur_etats
> INFO [main] (DriverDataSource.java:179) - Connecting to 'jdbc:mysql://localhost:3306/services_web'
as 'xxxx'
> INFO [main] (DriverDataSource.java:170) - *** Connecting: FAILURE.
> java.sql.SQLException: Access denied for user 'xxxx'@'localhost' (using password: YES)
> 
> I have tried with both -Dcayenne.jdbc.username.mysql.mysql=root and -Dcayenne.jdbc.username=root
> 
>> Le 17 janv. 2018 à 00:58, Andrus Adamchik <andrus@objectstyle.org> a écrit
:
>> 
>> If it is not a Bootique project, the property should work. A few non-Bootique projects
that I still have (that are on Cayenne 4.0) are started using -Dcayenne.* properties from
the docs.
>> 
>> If it is a Bootique project, you will need to use the Bootique approach to configure
credentials for anything [1], Cayenne included. E.g. for a sample config [2], you'd be setting
a value for the property "-Dbq.jdbc.mysql.password". Another way (preferred to -D IMO) is
to define a shell variable pointing to the same property, and then exporting the var:
>> 
>> in MyModule.java:
>> 
>>  BQCoreModule.extend(binder)
>>    .declareVar("jdbc.mysql.username", "DB_USER");
>>    .declareVar("jdbc.mysql.password", "DB_PASSWORD");
>> 
>> in startup script:
>> 
>>  export DB_PASSWORD=root
>>  export DB_PASSWORD=secret
>> 
>>  java -jar my.jar # no password in the Java process sig
>> 
>> Andrus
>> 
>> [1] http://bootique.io/docs/0/bootique-docs/index.html#chapter-7-configuration-and-configurable-factories
>> [2] https://github.com/bootique-examples/bootique-cayenne-demo/blob/master/config.yml
>> 
>>> On Jan 17, 2018, at 12:22 AM, Pascal Robert <probert@druide.com> wrote:
>>> 
>>> Do -Dcayenne.jdbc.username really work? I’m trying to use that (so that the
password is not stored in Git), and the runtime is still using the login information from
the XML file.
>>> 
>>> Cayenne 4.1.M1.
>>> ServerRuntime mysqlRuntime = ServerRuntime.builder().addConfig("cayenne-mysql.xml").build();
>>> 
>>>> Le 18 déc. 2017 à 11:49, Andrus Adamchik <andrus@objectstyle.org>
a écrit :
>>>> 
>>>> Hi Mark,
>>>> 
>>>> We've done quite a bit of work in Cayenne to avoid complex things like PasswordEncoding
or custom DataSourceFactories. If all that is needed is to change / define login credentials,
the simplest way is via properties [1]. [2] shows an example with a single DataNode. If you
have more than one, you will need to add the project name and the DataNode name to the base
property name. E.g.:
>>>> 
>>>> export MY_USER=user
>>>> export MY_PASSWORD=secret
>>>> 
>>>> java -Dcayenne.jdbc.username.project.mynode=$MY_USER \
>>>>  -Dcayenne.jdbc.password.project.mynode=$MY_PASSWORD \
>>>>  -jar myapp.jar 
>>>> 
>>>> 
>>>> Hope this helps,
>>>> Andrus
>>>> 
>>>> [1] http://cayenne.apache.org/docs/4.0/cayenne-guide/configuration-properties.html
>>>> [2] https://stackoverflow.com/questions/45781378/best-practice-to-manage-apache-cayenne-project-xml-file
>>>> 
>>>> 
>>>> 
>>>>> On Dec 17, 2017, at 4:23 AM, Mark Hull <mark.mkgnao@gmail.com>
wrote:
>>>>> 
>>>>> I apologize if this question has been asked and answered before but:
What is the best-practices solution to redact the database user name and password from an
XML file created and used by Cayenne Modeler? The ServerRuntime build statement is simply:
>>>>> 
>>>>> cayenneRuntime = ServerRuntime.builder()
>>>>> .addConfig("com/hulles/a1icia/cayenne/cayenne-a1icia.xml")
>>>>>         .build();
>>>>> 
>>>>> It works just fine as long as the db user name and password are in the
XML file, but I don't believe in leaving clear-text artifacts like that laying around in the
code, so I want to add the user and password data at runtime from a Java method (not from
an external file or an 'executable', whatever that means in the content of PasswordEncoding).
Adding .user("xyz") and .password("zyx") to the build statement don't work, presumably because
the DataNode is not the default and those statements just set their respective fields for
the default DataNode.
>>>>> 
>>>>> If I have to, I can create either a Module to change those properties
somehow at runtime (though the documentation for doing so is, to be kind, sparse), somehow
implement the PasswordEncoding (even less documentation, because I don't know where it's used),
or just edit the XML at runtime (horrible choice but looking like the best of a bad lot at
this point).
>>>>> 
>>>>> All this seems like a lot of effort when I imagine this need must crop
up fairly often among Cayenne users (it should, for security reasons IMO). Is there a simple
standard way to do what I want? Or at least a standard way? I don't want to invent a new wheel
here. I feel like I'm missing something obvious that everyone else knows about and that I
just missed. Oh, by the way, whatever the solution is should still allow Cayenne Modeler to
function normally.
>>>>> 
>>>>> I promise I searched for the answer everywhere I could think of. StackOverflow
had a couple answers that used deprecated methods and didn't work when I tried them.
>>>>> 
>>>>> Thanks in advance for any help. I hope there's a really simple answer
so I feel stupid but don't have to spend any more time on this than I have already. :)
>>>>> 
>>>>> - Mark Hull
>>>>> 
>>>>> /People say nothing is impossible, but I do nothing every day. - A. A.
Milne/
>>>> 
>>> 
>> 
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message