Enable SecureVault Support for jndi.properties - WSO2 ESB - MB 3.x.x

When WSO2 ESB and WSO2 MB integrated together, we need to specify the connection  url at ESB side, so that it can connect to Message Broker. For that we use following configuration file.


Issue here is this connection url contains credentials to connect to broker. Hence, the server admins would not like to specify it pain text. To get over with this concern and encrypt it, we can use encryption.

We cannot use cipertool to automate encryption process for the selected elements in the jndi.properties file, because we can only specify Xpath notation here, but still we can use the manual process.

Sample [ESB_home]/repository/conf/jndi.properties file. Here admin:admin is the username and password to connect to Message Broker. 

# register some connection factories
# connectionfactory.[jndiname] = [ConnectionURL]
connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist

# register some queues in JNDI using the form
# queue.[jndiName] = [physicalName]
queue.MyQueue = example.MyQueue

# register some topics in JNDI using the form
# topic.[jndiName] = [physicalName]
topic.MyTopic = example.MyTopic
  1. Go to the [ESB_home]/bin and execute the following command to generate the encrypted value for the clear text  password.
    sh ciphertool.sh
  2. It will prompt following  console for input value.  Answer: wso2carbon
    [Please Enter Primary KeyStore Password of Carbon Server : ]
  3. Then it will appear second console for following input value. (Answer: According to our property file, the plain text is "amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:5672'".) 
    Encryption is done Successfully
    Encrypted value is :cpw74SGeBNgAVpryqj5/xshSyW5BDW9d1UW0xMZDxVeoa6xS6CFtU
  4. Open the cipher-text.properties file, which is under [ESB_home]/repository/conf/security and add the following entry.
  5. Open the [ESB_home]/repository/conf/jndi.properties file and update the key/value of connectionfactory field.

Hasitha Hiranya

No comments:

Post a Comment