tags:

views:

210

answers:

3
+1  Q: 

How to Configure SSL over Database in Spring?

Hi,

I want to add SSL security in the Database layer. I am using Struts2.1.6, Spring 2.5, JBOSS 5.0 and Informix 11.5. Any idea how to do this?

I have researched through a lot on the internet but could not find any solution.

Please suggest!

Here is my datasource and entity manager beans which is working perfect without SSL: 

<bean id="entityManagerFactory"  
    class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">  
    <property name="dataSource" ref="dataSource" />  
    <property name="jpaVendorAdapter">  
        <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">  
            <property name="database" value="INFORMIX" />  
            <property name="showSql" value="true" />  

        </bean>  
    </property>  
</bean>  

<bean id="dataSource"  
    class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">  
    <property name="driverClassName" value="com.informix.jdbc.IfxDriver" />  
    <property name="url"  
        value="jdbc:informix-sqli://SERVER_NAME:9088/DB_NAME:INFORMIXSERVER=SERVER_NAME;DELIMIDENT=y;" />  
    <property name="username" value="username" />  
    <property name="password" value="password" />  
    <property name="minIdle" value="2" />  
</bean>  

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean" lazy-init="false">  
    <property name="targetObject" ref="dataSource" />  
    <property name="targetMethod" value="addConnectionProperty" />  
    <property name="arguments">  
    <list>  
    <value>characterEncoding</value>  
    <value>UTF-8</value>  
    </list>  
    </property>  
</bean>  

<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate" scope="prototype">  
    <property name="dataSource" ref="dataSource" />  
</bean>  


<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">  
    <property name="entityManagerFactory" ref="entityManagerFactory" />  
</bean>  

<tx:annotation-driven transaction-manager="transactionManager" />
+1  A: 

Using SSL for the communication between an application and a database is something that has to be supported by the database server (and the JDBC driver).

According to the documentation, this is supported by Informix Dynamic Server (IDS) since version 11.50.

You can use SSL support in your Java applications if you use IBM Data Server Driver for JDBC and SQLJ type 4 connectivity to DB2® for z/OS® Version 9 or later, to DB2 Database for Linux®, UNIX®, and Windows® Version 9.1, Fix Pack 2 or later, or to IBM Informix® Dynamic Server (IDS) Version 11.50 or later.

(...)

To use SSL connections, you need to:

  • Configure connections to the data source to use SSL. (link)
  • Configure your Java Runtime Environment to use SSL. (link)

The documentation should help.

If you're using a version of IDS prior to 11.50, then I'm afraid you'll have to use SSH tunneling.

Pascal Thivent  2010-04-24 22:50:46
A: 

Thankyou very much for your suggestion. So basically I need to set something like this in my applicationContext.xml, Please correct me if I am wrong:

<property name="username" value="username" />  
<property name="password" value="password" />
**<property name="sslConnection" value="true" />** 
<property name="minIdle" value="2" />

But how do I set the SSL certificate in java runtime. The link which you have provided is good but for some reason I am not able to follow. Please put your suggestion.

Sameer Malhotra  2010-04-25 00:23:39
Yes, that's it. Regarding the second part, what is not working exactly? What are you not able to follow?
Pascal Thivent  2010-04-26 05:21:14
Hi Pascal, In the second link the 5th step says to set the java runtime parameter as shown below:<b>java -Djavax.net.ssl.trustStore=cacerts MySSL</b>I dont know what should I put in place of MySSL since its a web application I dont know the name of the class.
Sameer Malhotra  2010-06-23 23:08:34
A: 

I got the following error when trying to set up the property sslConnection in the applicationContext.xml. Please suggest! Logs are shown below:

12:28:03,883 ERROR [ContextLoader] Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'dataSource' while setting bean property 'dataSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'sslConnection' of bean class [org.apache.commons.dbcp.BasicDataSource]: Bean property 'sslConnection' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter? at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) at java.security.AccessController.doPrivileged(Native Method) at Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'sslConnection' of bean class [org.apache.commons.dbcp.BasicDataSource]: Bean property 'sslConnection' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter? at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1279) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFacto

Sameer Malhotra  2010-06-22 16:40:46

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL