geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Where to store secret EJB properties?
Date Tue, 21 Oct 2008 17:42:56 GMT

On Oct 21, 2008, at 9:38 AM, Juergen Weber wrote:

> The canonical way to have properties for EJBs is IMHO to use <env- 
> entry> in
> ejb-jar.xml and have them injected via @Resource.
> ejb-jar.xml are like source and in source control and are put in the  
> ejb.jar
> by ant.
> Obviously this is not a good idea for passwords.
> Is there a way to save properties via the Geronimo Console (or  
> deployer) and
> have them injected via @Resource?
> I guess properties in .properties in a .jar cannot be injected, can  
> they?
> Could this be done via javax.naming.spi.ObjectFactory as suggested  
> in the
> comment here:
> configure_your_ejb_3_with#comments

I'm sure that wouldn't work in geronimo naming (e.g. in a web app in  
geronimo, which only uses geronimo naming stuff) and doubt openejb has  
a way to make it work (IIRC openejb does some of its own jndi setup).   
I also don't see how this  would conceal the secrets.  Wouldn't they  
now be in the source code of the ObjectFactory class?

I can think of a couple approaches that you might find suitable.  One  
is having an application specific data file as explained here:

.  This also hints at the other, using a system property to store the  
secret, set up with a SystemPropertiesGBean in the geronimo plan for  
your app.  In this case however I would advise:

- use maven :-)
- deploy your app as a geronimo plugin using the car-maven-plugin
- include a config.xml snippet in the geronimo-plugin.xml (generated  
from the car-maven-plugin configuration)
- set up the property value as a  

Now you can either set the secret directly in var/config/config- or on the command line, e.g. with gshell
geronimo/start-server -G mySecret=foo

hope this helps
david jencks

> Thanks,
> Juergen
> -- 
> View this message in context:
> Sent from the Apache Geronimo - Users mailing list archive at  

View raw message