Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a connection pool set in the tomcat server context.xml (connection used by several webapps so seems the best place for it).
However, I don’t like having passwords hard-coded in the file. Is there any way for me to retrieve the password from elsewhere (secure password store) and set it pragmatically at the time the pooled connections are established?
Thank you
Ryan
I believe you are looking for Custom Resource Factory, you can code your factory to create javax.sql.DataSource object or a DBCP (or such) based connection pooling facade object, and have your custom code for getting and setting the username/password for the connection.
Do note that if you’re looking for extra security — the pragmatic way would be to use filesystem security for securing your context.xml file, as adding extra layers (such as your custom implementation for the resource factory), won’t make the system more secure, as you still need the password for the secure password store configured somewhere — you’ll end up getting the chicken or the egg problem.