password consumer via CAJDBCDriver.jat for JBoss EAP

Document ID : KB000043963
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How to configure JBoss EAP to use the CAJDBCDriver to obtain the password for a SQL Server JDBC connection user via a password consumer?

 

Answer:

Assumptions:

1. The Privileged Account, Endpoint and Password Consumer are already set up and working in the ENTM

2. A PIM Endpoint is set up with PUPM integration to the ENTM (and is working) on the server hosting JBoss EAP

3. JBoss EAP is running under a user that is also an Access Control user, i.e. in selang, e.g. local\Administrator.

4. This is tested with with JBoss EAP7 developer edition

5. You have obtained the correct SQL Server driver (sqljdbc*.jar) for the version of Java JBoss EAP is running under. At the time of writing this is explained here: https://msdn.microsoft.com/en-us/library/ms378422(v=sql.110).aspx

 

To configure:

<JbossEAP> is the base path of JBoss EAP,

<AccessControl> is the base install path for the PIM agent:

 

1. Create folder <JBossEAP>\modules\com\ca\main

 

2. Copy the following files to <JBossEAP>\modules\com\ca\main

<AccessControl>\SDK\JDBC\CAJDBCDriver.jar
<AccessControl>\SDK\JDBC\CAPUPMClientCommons.jar
<AccessControl>\SDK\JDBC\jsafeFIPS.jar

 

3. Copy the SQL Server JDBC Driver jar file (sqljdbc*.jar) to <JBossEAP>\modules\com\ca\main

 

4. Create <JBossEAP>\modules\com\ca\main\module.xml with the following contents replacing <SQLJDBC.JAR> with the name of the jar file from step 3:

<module xmlns="urn:jboss:module:1.1" name="com.ca">  
  <resources>  
    <resource-root path="CAJDBCDriver.jar"/>  
    <resource-root path="CAPUPMClientCommons.jar"/>  
    <resource-root path="jsafeFIPS.jar"/>  
    <resource-root path="<SQLJDBC.JAR>"/>
  </resources>  
  <dependencies>  
    <module name="javax.api"/>  
    <module name="javax.transaction.api"/>
  </dependencies>  
</module>  

5. Edit <JbossEAP>\standalone\configuration\standalone.xml and add the following between <datasources>...</datasources> replacing the following:

<JNDINAME> with the correct jndi name, e.g. java:/CASQLDS

<USER> with the user name for the database connection

<JDBCURL> with the jdbc url, e.g. jdbc:sqlserver://mysqlserver;databaseName=mydatabase

<DNSNAME> with want you want to call your datasource

 

<datasource jndi-name="<JNDINAME>" pool-name="<DSNAME>">  
  <connection-url>@@@com.microsoft.sqlserver.jdbc.SQLServerDriver@@@<JDBCURL></connection-url>  
  <driver>CAJDBC</driver>  
  <security>  
    <user-name><USER></user-name>  
    <password></password>  
  </security>  
  <pool>  
    <min-pool-size>5</min-pool-size>  
    <max-pool-size>50</max-pool-size>  
    <prefill>false</prefill>  
    <use-strict-min>false</use-strict-min>  
    <flush-strategy>FailingConnectionOnly</flush-strategy>  
  </pool>                   
  <validation>  
    <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mssql.MSSQLValidConnectionChecker">

    </valid-connection-checker>  
  </validation>
</datasource>                    
<drivers>                    
  <driver name="CAJDBC" module="com.ca">  
    <driver-class>com.ca.ppm.clients.jdbc.CAJDBCDriver</driver-class>  
  </driver>                      
</drivers>

6. Restart JBoss. 

There will be a new Datasource called <DSNAME>.  Testing the connection of <DSNAME> should be successful (if all the assumptions at the beginning are correct)