Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 23

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

The Hibernate access layer is used for database access and therefore requires configuration files for credentials. The access information such as accounts, passwords and JDBC URLs etc. are specified in hibernate configuration files. These files can be used at the time of installation of JOC Cockpit and JobScheduler Master or and they can be created later on for individual jobs, e.g. the using of for use with the Job JobSchedulerManagedDatabaseJobSOSHibernate.

Generally it is preferable not to use passwords to access a database but to use Integrated Security, Oracle Wallet etc. However, should there be a need to specify passwords then instead of using a plain text password in a configuration file you can add your password to a Credential Store and add a reference to for the credential store to your Hibernate configuration file. 

...

  • Database accounts, passwords, and URLs are specified as plain text with the above Hibernate configuration files when they are provided at the time of installation using the option <entry key="databaseConfigurationMethod" value="withoutHibernateFile"/>To make the hibernate configuration file use the access data from the a Credential Store it is required to first create the hibernate configuration file and then to use the <entry key="databaseConfigurationMethod" value="withHibernateFile"/> at the time of installation and to provide the path to the Hibernate configuration file .with the <entry key="reporting.hibernateConfFile" value="jobscheduler.hibernate.cfg.xml"/> setting.
  • Support for use of a Credential Store with Hibernate configuration filesThe Hibernate configuration file also supports the Credential Store. 
    Display feature availability
    StartingFromRelease1.13.3

    Display feature availability
    StartingFromRelease1.12.12

Create a custom Hibernate file which accesses the Database accounts, password, and URL from the Credential Store.

...

Referencing a Credential Store

The SOSKeePassDatabase the class uses a parameter string that holds a URI and a number of query parameters:

...

  • The URI based syntax includes the protocol cs:// 
  • followed by the <entry_path> that specifies the directory structure folder hierarchy and entry name in the credentials store fileCredentials Store database.
  • followed by the @ character

  • followed by the <property_name> that should be retrieved:

    • frequently-used properties include credential store Credential Store field names such as title, user, password password, attachment Custom Custom field names are supported. 

...

  • file - required 
    the path to the credential store Credential Store database file. This file can be stored anywhere in the file system.

  • password - optional 
    the password for the credential store Credential Store database file. 
    It is recommended not to use this parameter and instead to use a key_file to access the credential storeCredential Store.

  • key_file - optional, default: <credential_store_database_filename_without_extension>.key 

Refer to the  Using a Credential Store for Jobs#SyntaxJobs article for a detailed description.

The

...

Syntax for Hibernate Configuration files

The Hibernate configuration file is introduced with different elements (properties) that can be used to retrieve the information from a Credential Store. It provides two types of syntax: 

...

The Full syntax is used when the complete URI is to be used with each property element of the Hibernate configuration file. The following syntax can be used to retrieve the information access data from a Credential Store: 

  • <property name="hibernate.connection.username">cs://<entry_path>@user?file=[path to *.kdbx file]</property> 
  • <property name="hibernate.connection.password">cs://<entry_path>@password?file=[path to *.kdbx file]</property>

  • <property name="hibernate.connection.url">cs://<entry_path>@url?file=[path to *.kdbx file]</property>

...

  • <property name="hibernate.sos.credential_store_file">[path to *.kdbx file]</property> → Stores the path to the credential store file
  • <property name="hibernate.sos.credential_store_key_file">[path to *.key file]</property> → Stores the path of the key file to open the credential store
  • <property name="hibernate.sos.credential_store_password">[some password]</property> → Stores the password of the credential store file
  • <property name="hibernate.sos.credential_store_entry_path">[/some/entry/path]</property> → specifies the directory structure and entry name in the credentials store file.

After adding the credential store the Credential Store reference to the Hibernate configuration file the database access data can be retrieved from the Credential Store by using the following property elements: 

  • <property name="hibernate.connection.username">cs://@user</property> 
  • <property name="hibernate.connection.password">cs://@password</property> 
  • <property name="hibernate.connection.url">cs://@url</property>     

Example

...

Hibernate Configuration File

Example of a Hibernate configuration file that makes use of a KeePass database that is secured

Code Block
languagexml
titleExample
collapsetrue
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<hibernate-configuration>
<session-factory>
<property name="hibernate.connection.url"><![CDATA[cs://server/test/reporting/MySQL@url?file=config/cs/kdbx-p-f.kdbx&password=test]]></property>
<property name="hibernate.connection.username"><![CDATA[cs://server/prod/reporting/MySQL@username?file=config/cs/kdbx-p-f.kdbx&password=test]]></property>
<property name="hibernate.connection.password"><![CDATA[cs://server/test/reporting/MySQL@password?file=config/cs/kdbx-p-f.kdbx&password=test]]></property>
<property name="hibernate.connection.driver_class">org.mariadb.jdbc.Driver</property>
<property name="hibernate.dialect">org.hibernate.dialect.MySQLInnoDBDialect</property>
<property name="hibernate.show_sql">false</property>
<property name="hibernate.connection.autocommit">false</property>
<property name="hibernate.format_sql">true</property>
<property name="hibernate.temp.use_jdbc_metadata_defaults">false</property>
</session-factory>
</hibernate-configuration>

Explanations

  • The Hibernate file makes use of a KeePass database (*.kdbx) for database credentials.
  • cs://server/test/reporting/MySQL is the <entry_path> path where the MySQL database credential stores.
  • file - File path of the KeePass database (*.kdbx).
  • password- Password for accessing the KeePass database (kdbx)

Example of a hibernate file that uses the KeePass database (kdbx) with a key file (same name as of the kdbx KeePass database but with extension .key) to access database credentials.:

Code Block
languagexml
titleExample
collapsetrue
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
<hibernate-configuration> 
  <session-factory> factory>
    <property name="hibernate.connection.url"><![CDATA[cs://server/test/reporting/MySQL@url?file=config/cs/kdbx-p-f.kdbx]]></property>
    <property name="hibernate.connection.username"><![CDATA[cs://server/prod/reporting/MySQL@usernameMySQL@user?file=config/cs/kdbx-p-f.kdbx]]></property>
    <property name="hibernate.connection.password"><![CDATA[cs://server/test/reporting/MySQL@password?file=config/cs/kdbx-p-f.kdbx]]></property>
    <property name="hibernate.connection.driver_class">org.mariadb.jdbc.Driver</property> 
    <property name="hibernate.dialect">org.hibernate.dialect.MySQLInnoDBDialect</property> 
    <property name="hibernate.show_sql">false</property> 
    <property name="hibernate.connection.autocommit">false</property>  
    <property name="hibernate.format_sql">true</property> 
    <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property> 
  </session-factory> 
</hibernate-configuration> 


Explanations

  • The Hibernate file make makes use of KeePass database (kdbx) the KeePass database kdbx-p-f.kdbx located in the ./config/cs folder with Key File Authentication for accessing Database credentials.
  • cs://server/test/reporting/MySQL is the <entry_path> path path to the entry in the KeePass database where the MySQL database credential stores.
  • file- File path where the KeePass database (kdbx)

...

  • credentials are stored.

Notes:

  • If the base names of the KeePass database and of the key file are the same and if the files are

...

  • stored in the same location

...

  • then it is not required to specify the key file as it will automatically be looked up.
  • It is possible to secure a KeePass database with a password, however, this makes no sense in this context. A key file can better be secured by OS permissions that rule access to the key file.

Downloads

...

Using the Example

  • Unzip the archive to the ./config/live folder of JobScheduler installation Master
  • Add the database configuration according to your environment in to the KeePass file database kdbx-p-f.kdbx.
  • To access Secure the KeePass file use database with a key file kdbx-p-f.key as a key file.
  • Make the changes for the Database database access (URL, Username, Password)
  • The file hibernate-cs.syntax.full.cfg.xml includes the elements to access kdbxthe KeePass database.
  • The Databasejob includes the command (database query) to be executed
  • Run the order hibernate_order from the JOC Cockpit
  • The output of the command will be displayed

...