1

In trying to get a Liberty container to work I'm encountering the following problem.

For a database connection I have an authData section like this in the server.xml:

<authData id="datasourceAuth" user="test" password="{xor}ABCD"/>

When I try to run the server with the password not encoded the database connection works as expected, but when the password is encoded I get this message: Connection refused (Connection refused). ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499

It looks like the password isn't being decoded when setting up the connection, but I don't understand why or if I am missing something in the configuration.

Anthon
  • 95
  • 7
  • I doubt that the xor encryption does not work, I think it is just a type-o from your side. Can you compare the password, a good tool for doing this is https://strelitzia.net/wasXORdecoder/wasXORdecoder.html ? – MrSimpleMind Apr 21 '20 at 20:07
  • I think the problem might be that there are a couple of special characters in the password, I'm trying to figure it out. I already found the website you mentioned and decoding there gave the correct password. – Anthon Apr 22 '20 at 10:20
  • Found the problem, it was pasting the password into iTerm2. See this link, bottom answer for the solution: https://stackoverflow.com/questions/25614613/how-to-disable-zsh-substitution-autocomplete-with-url-and-backslashes. – Anthon Apr 22 '20 at 11:06
  • If you use a terminal emulator, make sure that your session is configured to use the same code page as your server. And remember... user ID or password fields must be in US-ASCII, otherwise make sure that the file is saved by using UTF-8 character encoding. – MrSimpleMind Apr 22 '20 at 11:08

1 Answers1

1

Encoding of data source passwords is supported in Liberty and ought to be working. I'll provide a more complete example aligning with the style of config you are using, as well as a reference to an official knowledge center doc with its own example

Use the securityUtility to encode the password,

securityUtility encode --encoding=xor test123

output:

{xor}KzosK25tbA==

Configure the value on authData and use the authData on a dataSource,

<authData id="datasourceAuth" user="test" password="{xor}KzosK25tbA=="/>
<dataSource id="testdb" jndiName="jdbc/testdb" containerAuthDataRef="datasourceAuth">
  <jdbcDriver libraryRef="db2jcc"/>
  <properties.db2.jcc databaseName="TESTDB" serverName="localhost" portNumber="50000"/>
</dataSource>

The authentication data applies when using a resource reference with container authentication.

I'd recommend going back and trying all of the steps again to rule out the possibility of a typo or copy/paste error. If it still doesn't work, then raise a case against OpenLiberty here, https://github.com/OpenLiberty/open-liberty/issues/new/

njr
  • 3,399
  • 9
  • 7