My Oracle Support Banner

Password Indirection For ContextScanningResourceProvider (Doc ID 987857.1)

Last updated on JULY 03, 2020

Applies to:

Oracle Containers for J2EE - Version 10.1.3.0.0 and later
Information in this document applies to any platform.

Symptoms

Currently the password property of com.evermind.server.deployment.ContextScanningResourceProvider, can only use a plain text password field for authentication with the backend, it is not possible to use password indirection. For example:

<resource-provider 
class="com.evermind.server.deployment.ContextScanningResourceProvider" 
name="TibcoJMSReference"> 
       <property 
           name="java.naming.factory.initial" 
           value="com.tibco.tibjms.naming.TibjmsInitialContextFactory"> 
       </property> 
       <property 
           name="java.naming.provider.url" 
           value="jmsnaming://localhost:7222"> 
       </property> 
       <property 
           name="java.naming.security.principal" 
           value="<user>"> 
       </property> 
       <property 
           name="java.naming.security.credentials" 
           value="<password>"> 
       </property> 
   </resource-provider> 

Basic security standards require all passwords to be never stored in plain text.

Password indirection allows the resource to look up the encrypted password that is needed for the authentication with the external resource via OC4J's standard password indirection functionality -- would therefore be easy to maintain and use. With this setup, no plain text password need to be used in configuration setup.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.