Previous Topic: Customize the Datasource Configuration files for OracleNext Topic: Additional Information for Oracle Databases


Password Consumer Example: JDBC Database

In this example, the system administrator Steve uses a JBoss application server to run an application that contains a password in clear text. The application uses the clear-text password to authenticate a connection to a Microsoft SQL Server database. Steve wants to modify the JBoss application server so that the application gets the privileged account password from SAM each time the application connects to the database.

Steve has installed JBoss application server version 4.2.3.GA and Java Development Kit (JDK) 1.6.0_19 on the Windows endpoint. The endpoint is named JBossEndpoint. The user named JBossEndpoint\Administrator uses the run.bat file to start the JBoss application server, which runs the application that connects to the Microsoft SQL Server database. The application uses the sa account to connect to the database.

  1. Steve does the following on JBossEndpoint:
    1. Stops JBoss.
    2. Installs CA ControlMinder with the SAM Integration feature enabled.
    3. Navigates to the following directory:
      C:\Program Files\CA\Access Control\SDK\JDBC
      
    4. Locates the following files:
      • CAJDBCService.sar
      • CAJDBCDriver.jar
      • CAPUPMClientCommons.jar
      • jsafeFIPS.jar
    5. Copies the file CAJDBCService.sar to the following directory:
      C:\jboss-4.2.3.GA\server\default\deploy
      
    6. Copies the files CAJDBCDriver.jar, CAPUPMClientCommons.jar, and jsafeFIPS.jar to the following directory:
      C:\jboss-4.2.3.GA\server\default\lib
      
    7. Navigates to the following directory:
      C:\jboss-4.2.3.GA\server\default\deploy
      
    8. Opens the following files for editing:
      • imworkflowdb-ds.xml
      • objectstore-ds.xml
      • reportsnapshot-ds.xml
      • userstore-ds.xml
    9. Locates the <driver-class> tag and replaces the default value with the JDBC driver class properties. For example:
      <driver-class>com.ca.ppm.clients.jdbc.CAJDBCDriver</driver-class>
      
    10. Locates the <connection-url> tag and replaces the default value with the database connection settings. For example:
      <connection-url>>@@@com.microsoft.sqlserver.jdbc.SQLServerDriver@@@jdbc:sqlserver://SQLServer1:1433;selectMethod=cursor;DatabaseName=tempdb</connection-url>
      
    11. Saves and closes the files.
    12. Starts CA ControlMinder.
  2. Steve does the following in CA ControlMinder Enterprise Management:
    1. Creates an endpoint of type Windows Agentless named JBossEndpoint_PUPM.
    2. Discovers the sa privileged account on the JBossEndpoint_PUPM endpoint.
    3. Creates a database password consumer using the following parameters:
      • Name—JBossEndpoint MS SQL connection
      • Consumer Type—Database (ODBC/JDBC/OLEDB/OCI)
      • Application Path—C:\jboss-4.2.3.GA\bin\run.bat
      • Account—sa
      • Host—JBossEndpoint
      • User—JBossEndpoint\Administrator
  3. The JBossEndpoint\Administrator user starts the JBoss application server on the endpoint by running the run.bat file.

    The JBoss application server starts and the application attempts to connect to the SQL Server. The SAM Agent intercepts the connection attempt and provides the privileged account password to the application.

  4. Steve checks the JBoss log file in the following directory for errors:
    C:\jboss-4.2.3.GA\server\default\log