geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Juergen Weber" <webe...@gmail.com>
Subject Re: Where to store secret EJB properties?
Date Tue, 21 Oct 2008 19:31:30 GMT
David, thanks so far, "Locating your application specific
configuration files" is a step in the right direction. This helps in
organizing property files, which is better than directly loading them
from the file system.
I also was looking for a way to enhance the @Resource injection system.
Now it would be great if one could use a SystemPropertiesGBean to
inject @Resource into an EJB...

thanks,
Juergen


On Tue, Oct 21, 2008 at 7:42 PM, David Jencks <david_jencks@yahoo.com> wrote:
>
> On Oct 21, 2008, at 9:38 AM, Juergen Weber wrote:
>
>>
>> The canonical way to have properties for EJBs is IMHO to use <env-entry>
>> in
>> ejb-jar.xml and have them injected via @Resource.
>> ejb-jar.xml are like source and in source control and are put in the
>> ejb.jar
>> by ant.
>> Obviously this is not a good idea for passwords.
>>
>> Is there a way to save properties via the Geronimo Console (or deployer)
>> and
>> have them injected via @Resource?
>> I guess properties in .properties in a .jar cannot be injected, can they?
>>
>> Could this be done via javax.naming.spi.ObjectFactory as suggested in the
>> comment here:
>> http://www.jroller.com/agoncal/entry/configure_your_ejb_3_with#comments
>
> I'm sure that wouldn't work in geronimo naming (e.g. in a web app in
> geronimo, which only uses geronimo naming stuff) and doubt openejb has a way
> to make it work (IIRC openejb does some of its own jndi setup).  I also
> don't see how this  would conceal the secrets.  Wouldn't they now be in the
> source code of the ObjectFactory class?
>
> I can think of a couple approaches that you might find suitable.  One is
> having an application specific data file as explained here:
>  http://cwiki.apache.org/GMOxDOC21/locating-your-application-specific-configuration-files.html.
>  This also hints at the other, using a system property to store the secret,
> set up with a SystemPropertiesGBean in the geronimo plan for your app.  In
> this case however I would advise:
>
> - use maven :-)
> - deploy your app as a geronimo plugin using the car-maven-plugin
> - include a config.xml snippet in the geronimo-plugin.xml (generated from
> the car-maven-plugin configuration)
> - set up the property value as a config-substitutions.properties variable.
>
> Now you can either set the secret directly in
> var/config/config-substitutions.properties or on the command line, e.g. with
> gshell
> geronimo/start-server -G mySecret=foo
>
> hope this helps
> david jencks
>
>>
>>
>> Thanks,
>> Juergen
>> --
>> View this message in context:
>> http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20094408.html
>> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
>>
>
>

Mime
View raw message