tags:

views:

210

answers:

3

Hi,

I want to add SSL security in the Database layer. I am using Struts2.1.6, Spring 2.5, JBOSS 5.0 and Informix 11.5. Any idea how to do this?

I have researched through a lot on the internet but could not find any solution.

Please suggest!

Here is my datasource and entity manager beans which is working perfect without SSL:

<bean id="entityManagerFactory"  
    class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">  
    <property name="dataSource" ref="dataSource" />  
    <property name="jpaVendorAdapter">  
        <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">  
            <property name="database" value="INFORMIX" />  
            <property name="showSql" value="true" />  

        </bean>  
    </property>  
</bean>  

<bean id="dataSource"  
    class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">  
    <property name="driverClassName" value="com.informix.jdbc.IfxDriver" />  
    <property name="url"  
        value="jdbc:informix-sqli://SERVER_NAME:9088/DB_NAME:INFORMIXSERVER=SERVER_NAME;DELIMIDENT=y;" />  
    <property name="username" value="username" />  
    <property name="password" value="password" />  
    <property name="minIdle" value="2" />  
</bean>  

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean" lazy-init="false">  
    <property name="targetObject" ref="dataSource" />  
    <property name="targetMethod" value="addConnectionProperty" />  
    <property name="arguments">  
    <list>  
    <value>characterEncoding</value>  
    <value>UTF-8</value>  
    </list>  
    </property>  
</bean>  

<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate" scope="prototype">  
    <property name="dataSource" ref="dataSource" />  
</bean>  


<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">  
    <property name="entityManagerFactory" ref="entityManagerFactory" />  
</bean>  

<tx:annotation-driven transaction-manager="transactionManager" /> 
+1  A: 

Using SSL for the communication between an application and a database is something that has to be supported by the database server (and the JDBC driver).

According to the documentation, this is supported by Informix Dynamic Server (IDS) since version 11.50.

You can use SSL support in your Java applications if you use IBM Data Server Driver for JDBC and SQLJ type 4 connectivity to DB2® for z/OS® Version 9 or later, to DB2 Database for Linux®, UNIX®, and Windows® Version 9.1, Fix Pack 2 or later, or to IBM Informix® Dynamic Server (IDS) Version 11.50 or later.

(...)

To use SSL connections, you need to:

  • Configure connections to the data source to use SSL. (link)
  • Configure your Java Runtime Environment to use SSL. (link)

The documentation should help.

If you're using a version of IDS prior to 11.50, then I'm afraid you'll have to use SSH tunneling.

Pascal Thivent
A: 

Thankyou very much for your suggestion. So basically I need to set something like this in my applicationContext.xml, Please correct me if I am wrong:

<property name="username" value="username" />  
<property name="password" value="password" />
**<property name="sslConnection" value="true" />** 
<property name="minIdle" value="2" />  

But how do I set the SSL certificate in java runtime. The link which you have provided is good but for some reason I am not able to follow. Please put your suggestion.

Sameer Malhotra
Yes, that's it. Regarding the second part, what is not working exactly? What are you not able to follow?
Pascal Thivent
Hi Pascal, In the second link the 5th step says to set the java runtime parameter as shown below:<b>java -Djavax.net.ssl.trustStore=cacerts MySSL</b>I dont know what should I put in place of MySSL since its a web application I dont know the name of the class.
Sameer Malhotra
A: 

I got the following error when trying to set up the property sslConnection in the applicationContext.xml. Please suggest! Logs are shown below:

12:28:03,883 ERROR [ContextLoader] Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'dataSource' while setting bean property 'dataSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'sslConnection' of bean class [org.apache.commons.dbcp.BasicDataSource]: Bean property 'sslConnection' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter? at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) at java.security.AccessController.doPrivileged(Native Method) at Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'sslConnection' of bean class [org.apache.commons.dbcp.BasicDataSource]: Bean property 'sslConnection' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter? at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1279) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFacto

Sameer Malhotra