This document covers how to leverage encrypted passwords in the openptk.xml configuration file. This document uses the MySQL Service as an example. The procedures defined in this document apply to all Services (unless otherwise specified).
The OpenPTK Services leverage a proxy user to establish a trusted connection to the "back end" repository. This proxy user needs to have rights to perform the configured operations (Create, Read, Update, Delete, Search, Authenticate, etc.).
The Services use properties in the openptk.xml to declare the proxy user. The <Defaults> section of the openptk.xml defines <Properties> that are used in the <Connections> section.
When a Service is started, it will look for an encrypted password first. If an encrypted password is not set, a "clear text" password is checked. The Framework looks for a <Property> named user.password.encrypted. If this value contains a valid encrypted value, it is decrypted and used to establish a connection to the back-end repository. If the user.password.encrypted property does not exist, the property user.password is checked. If this property exists, and contains a value, it will be used with the user.name property to initiate a connection.
When OpenPTK is used in a development environment, it may be easier to use a "clear text" password. The sample openptk.xml section below shows a configuration that leverages a "clear text" password:
When Project OpenPTK is used in a Test and Production environment, it is suggested that the "clear text" password be replaced with an encrypted password.
The ptkadmin utility is used to generate an encrypted value for a given String.
Save the encrypted output from the ptkadmin utility.
Here is a modified version of the openptk.xml sample file:
The Properties that were modified in the above section are used by the <Connection> section of the openptk.xml configuration file.
The <Connecction> must have the user.password.encrypted property that has a value which references the default <Property>.