WSO2 AS - Secure Vault in webapp and jndi

Question

I want to store a password for an api endpoint that will be used for any webapps.

In the file catalina-server.xml I put the following configuration

...
<GlobalNamingResources>
    <Environment name="paci/connectionUrl" type="java.lang.String" value="http://10.0.0.1:1234/paci/v1.0"/>
    <Environment name="paci/adminUser" type="java.lang.String" value="admin"/>
    <Environment name="paci/adminPass" svns:secretAlias="Paci.AdminUser.Password" type="java.lang.String" value="password"/>
</GlobalNamingResources>

I configured secure vault using this doc for using the Cipher Tool.

cipher-tool.properties

Paci.AdminUser.Password=repository/conf/tomcat/catalina-server.xml//Server/GlobalNamingResources/Environment[@name='paci/adminPass'][@value],true

cipher-text.properties

Paci.AdminUser.Password=EnCrYpTeDvAlUe123

In the web-app I had to add link to the global resource in the META-INF/context.xml to make JNDI to resolve.

...
<Context>
    <ResourceLink global="paci/connectionUrl" name="paci/connectionUrl" type="java.lang.String" />
    <ResourceLink global="paci/adminUser" name="paci/adminUser" type="java.lang.String" />
    <ResourceLink global="paci/adminPass" name="paci/adminPass" type="java.lang.String" />
</Context>

Here is my code:

Context initCtx = new InitialContext();
String paciPass = (String) initialContext.lookup("java:comp/env/paci/adminPass");

The value of paciPass is "password" and not the encrypted password. I don't know why the vault is not returning the encrypted pass.

What I have to do to the secure vault in wso2 resolve the alias in the JNDI?

The last two sentences are not ver clear. Could you please explain little more? — notionquest, Nov 21 '16 at 19:11
I edited the question, see if it is clear now. The problem is to make the secret alias to work in catalina-server.xml and use it with jndi. — Rodolpho Freire, Nov 21 '16 at 23:27

WSO2 AS - Secure Vault in webapp and jndi

0 Answers0