Previous Topic: Create a JDBC Data Source for JBoss Application Servers

Next Topic: Create a JDBC Data Source for WebLogic

Use a JBoss Security Realm for the JDBC Data Source

If you are creating a JDBC data source in a JBoss application server, you can configure the data source to use a user name and password, or configure it to use a security realm.

Important! A JBoss Security Realm option must be used if FIPS is being used.

To configure the JDBC data source to use a security realm

  1. Complete the steps in Create a JDBC Data Source for JBoss Application Servers.

    Do not specify a user name and password in the userstore-ds.xml as described in step 4.

  2. Open login-cfg.xml in jboss_home\server\default\conf.
  3. Locate the following entry in the file:
    <application-policy name="imobjectstoredb">
      <authentication>
        <login-module code="com.netegrity.jboss.datasource.PasswordEncryptedLogin" flag="required">
          <module-option name="userName">fwadmin</module-option>
          <module-option name="password">{PBES}:gSex2/BhDGzEKWvFmzca4w==</module-option>
          <module-option name="managedConnectionFactoryName">jboss.jca:name=jdbc/objectstore,service=NoTxCM</module-option>
        </login-module>
      </authentication>
    </application-policy>
    
  4. Copy the complete entry and paste it within the <policy> and </policy> tags in the login-cfg.xml file.
  5. In the entry you pasted in the file, make the following changes:
    1. Change the name attribute value from imobjectstoredb to imuserstoredb as follows:
      <application-policy name="imuserstoredb">
      
    2. Specify the name of the user used to authenticate against the user store as follows:
      <module-option name="userName">user_store_user</module-option>
      
    3. Specify the password for the user in the previous step as follows:
      <module-option name="password">user_store_user_password</module-option>
      

      Note: To encrypt the user store password, use the password tool (pwdtools) that is installed with CA Identity Manager.

    4. In the <module-option name="managedConnectionFactoryName"> element, provide the correct jdbc.jca:name as follows:
        <module-option name="managedConnectionFactoryName">
      
           jboss.jca:name=userstore,service=NoTxCM
      
        </module-option>
      
  6. Save the file.
  7. Restart the application server.