Search code examples
passwordswebsphereencode

Liberty encoded datasource password not working

I'm trying to secure a Liberty 20.0.0.3 docker image and can't get an encoded password for a datasource to work. The plain text password is working fine.

Here's what I've tried so far:

securityUtility encode --encoding=aes mypa$$word
{aes}ADPrOj1GfH/9Am3TSqT7MLN0+sRPkXHUAy7RIk+dbRmZR0fEQTEkzHv1lDTnGhGeaA==

In my datasource configuration I have:

<dataSource id="DS1" jndiName="jdbc/DS1" transactional="true">
    <jdbcDriver libraryRef="MSSQL"/>
    <properties.microsoft.sqlserver serverName="myserver" instanceName="myinstance" databaseName="mydatabase" user="myuser" password="{aes}ADPrOj1GfH/9Am3TSqT7MLN0+sRPkXHUAy7RIk+dbRmZR0fEQTEkzHv1lDTnGhGeaA==" />
</dataSource>

which gives:

### Cause: java.sql.SQLException: Login failed for user 'myuser'. ClientConnectionId:d521779d-9316-4adf-ab61-9118cf66a940 DSRA0010E: SQL State = S0001, Error Code = 18,456

I then changed the configuration to this:

<dataSource id="DS1" jndiName="jdbc/DS1" transactional="true">
    <jdbcDriver libraryRef="MSSQL"/>
    <containerAuthData user="myuser" password="{aes}ADPrOj1GfH/9Am3TSqT7MLN0+sRPkXHUAy7RIk+dbRmZR0fEQTEkzHv1lDTnGhGeaA==" />
    <properties.microsoft.sqlserver serverName="myserver" instanceName="myinstance" databaseName="mydatabase" />
</dataSource>

and I get

### Cause: java.sql.SQLException: Login failed for user ''. ClientConnectionId:34a029da-e38a-4d54-a943-9c975009ccba DSRA0010E: SQL State = S0001, Error Code = 18,456

Finally, I tried moving password to bootstrap.properties and using as a property

bootstrap.properties
pwd={aes}ADPrOj1GfH/9Am3TSqT7MLN0+sRPkXHUAy7RIk+dbRmZR0fEQTEkzHv1lDTnGhGeaA==

<dataSource id="DS1" jndiName="jdbc/DS1" transactional="true">
    <jdbcDriver libraryRef="MSSQL"/>
    <properties.microsoft.sqlserver serverName="myserver" instanceName="myinstance" databaseName="mydatabase" user="myuser" password="${pwd}" />
</dataSource>

### Cause: java.sql.SQLException: Login failed for user 'myuser'. ClientConnectionId:d521779d-9316-4adf-ab61-9118cf66a940 DSRA0010E: SQL State = S0001, Error Code = 18,456

I'm running the securityUtility command on the docker container so there shouldn't be any OS diffs that would cause an issue. My actual password does contain a $ character though so could that be throwing it off? I also read the code page compatibility should be checked, how do I do that on a docker image terminal?

Solution

  • According to this knowledge center doc for the securityUtility command, some operating systems require single quotes around the supplied arguments. I noticed that if I try the following on Mac,

    ./securityUtility encode --encoding=aes mypa$$word

    vs

    ./securityUtility encode --encoding=aes 'mypa$$word'

    they generate different output. And furthermore, when I decode them, the former decodes to:

    mypa15652word

    whereas the latter decodes to

    mypa$$word

    If you are wondering where the 15652 comes from, if I run

    echo $$

    from the Mac command prompt, I get back 15652, which looks to be the current proccess id.

    Try adding the single quotes when encoding the password and see if that helps.