I am trying to modify out Java/Spring Framework web application to retrieve the Oracle database password from the JBOSS Password vault
Currently, Our mvc-dispatcher-servlet.xml file references a base.oracle.db.passWord key in the oracle.db.properties file.
mvc-dispatcher-servlet.xml file:
<bean id="dataSource"
class="com.mycompany.myorg.myapp.datasource.EncryptedDriverManagerDataSource" destroy-method="close">
<!-- <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />-->
<property name="URL" value="${base.oracle.db.url}" />
<property name="user" value="${base.oracle.db.userName}" />
<!-- <property name="password" value="${base.oracle.db.passWord}" /> commented out and tried the following line-->
<property name="password" value="${VAULT::oracle.db.password::password::}" />
<property name="connectionCachingEnabled" value="true"/>
<property name="connectionCacheProperties">
<props>
<prop key="MinLimit">2</prop>
<prop key="MaxLimit">10</prop>
<prop key="InitialLimit">10</prop>
<prop key="InactivityTimeout">2</prop>
</props>
</property>
</bean>
Oracle-db.properties file:
base.oracle.db.driver=oracle.jdbc.driver.OracleDriver
base.oracle.db.userName=myusercode
base.oracle.db.url=jdbc:oracle:thin:@ldap://oid.gtm.internal.mycompany.com:3060/ourtargetenv,cn=OracleContext,dc=mycompany,dc=com
base.oracle.db.passWord=mypassword
I am working under the assumption that the password value has been properly stored in the VAULT using the key base.oracle.db.passWord.
I was given an example of how to access the vault to get the password. The example entailed making a reference to the vault from within the context.xml file, not the oracle-db.properties file. The following was the example I was given.
context.xml file:
<Context>
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded. -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<Resource name="fds_ui" auth="Container"
type="javax.sql.DataSource"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@ldap://oid.gtm.internal.cigna.com:3060/fdsdev,cn=OracleContext,dc=mycompany,dc=com"
username="myusercode”
password="${VAULT::oracle.db.password::password::}"
removeAbandoned="true"
removeAbandonedTimeout="300"
logAbandoned="true"
/>
</Context>
However, given that I am not a Java developer and our Java developer doesn’t know how access the vault, I am trying to help find the answer. My attempt included modifying the above mvc-dispatcher-servlet.xml file to change this line
<property name="password" value="${base.oracle.db.passWord}" />
to
<property name="password" value="${VAULT::oracle.db.password::password::}" />
But when I tried this, I got an “invalid usercode/password error indicating that the password either was not properly stored in the vault (I believe it was) or VAULT reference that I added to the oracle-db.properties file does not work the same way as it presumably might from the context.xml file.
I’m well out of my comfort zone and don’t know what else to provide to help you help me but I would appreciate any suggestions.
I've looked at
Cyberark retrieve password from vault using JAVA
But this seems like it is a manual approach to retrieving the password from Cyberark. I know we use Cyberark internally. Could the VAULT statement that I was told to use within my context.xml file be a reference to some API that accesses Cyberark under the convers? I imagine that this might be the case and that I shouldn't be re-inventing functionality to do this if there is a more high level way to get it.
