\\
\\
\\
\\
==== Jboss encryption module and web frontend for TIM===
------
TIM encoder uses a Jboss module for encryption and to validate keys. The encryption is used e.g. for database connections and third-party applications within the configuration files in order to hide sensitive information like usernames and passwords from plain sight.
To use this module the following steps need to be done:
- Add the encoder.war of the TIM Encryption Webarchive
- Modiy the standalone-tim.xml
- Generating a java key with web-interface or console
- Use encryption with TIM
\\
==== Add the encoder.war of the TIM Encryption Webarchive ====
----
To enable TIM to encrypt usernames and passwords and to use those encrypted values insert the encoder.war to the standalone\deployments folder in your %JBOSS_HOME% e.g. C:\tim\jboss-eap-7.1\standalone\deployments. Upon JBoss startup it will deploy automatically.
\\
==== Modify the standalone-tim.xml ====
----
{{ :en:software:tim:encryption_datascource.png?800|}}
Changes in the //standalone.xml// are made accordingly. In your //subsystem datasource// below your database
implemet:
secDomDS
as can be seen in the first screenshot.
In the //subsystem security// add:
as can be seen in the screenshot below.
\\
\\
{{:en:software:tim:encryption_securitydomain.png?600|}}
\\
\\
==== Generating a java key with web-interface or console====
-----
There are two ways to encrypt your credentials. Either with the web-interface or with via the console.
The module can be called via the web-interface e.g. http://your_tim_url:port/encoder/ . In oder to encrypt a secret insert use the text field and hit the //encrypt secret// button. To validate a encrypted secret past the secret in the correct text field and hit the //validate encrypted secret// button. This method can as well be used to encrypt any secret in e.g tim.properties.
{{:en:software:tim:encryption_encoder.png?600 |}}{{ :en:software:tim:encryption_encoder2.png?600 |}}
To encode your credentials via console use the following commands:
\\
\\
to generate a key:
java -cp modules/system/layers/base/org/picketbox/main/tim-encoder-module.jar:modules/system/layers/base/org/picketbox/main/picketbox-4.1.1.Final-redhat-1.jar org.picketbox.datasource.security.TimSecureIdentityLoginModule '123'
\\
to validate password-key combination:
java -cp modules/system/layers/base/org/picketbox/main/tim-encoder-module.jar:modules/system/layers/base/org/picketbox/main/picketbox-4.1.1.Final-redhat-1.jar org.picketbox.datasource.security.TimSecureIdentityLoginModule '123' '$enc$b530c41fe274111'
\\
to validate the key:
java -cp modules/system/layers/base/org/picketbox/main/tim-encoder-module.jar:modules/system/layers/base/org/picketbox/main/picketbox-4.1.1.Final-redhat-1.jar org.picketbox.datasource.security.TimSecureIdentityLoginModule '' '$enc$b530c41fe274111'
\\
====TIM Properties====
-----
In //tim.properties// credentials can be encrpyted with the encoder or the console and replace plain text usernames and passwords. As an example the image shows setting and editing the superuser and client-administrator passwords: \\
{{:en:software:tim:encryption_timproperties.png?400|}}
\\
====E-Mail Configuration====
-----
In the properties of the client unter the category //mail server// are the paramters //SmtpUser// and //SmtpPassword//.\\
These credentials can be encrypted accordingly to the methods above and as shown in the example. {{ :en:software:tim:encryption_mailserver.png?600 |}}
\\
====Actionhandler====
-----
Actionhandler like HTTPRequestHandler or RunSqlScriptHandler use credentials that can be encrypted by said methods. The example shows the RunSqlScriptHandler where ${user} and ${pass} are passed on encrypted via smartform:
{{:en:software:tim:encryption_runsqlscripthandler2.png?600 |}}{{ :en:software:tim:encryption_runsqlscripthandler.png?1000 |}}
\\
\\
\\
====Timer====
-----
Just like //actionhandler// TIM can encrypt nessesary credentials for //timer// as well and hide them from plain text. The example shows the Timer signalByMailReply:
{{ :en:software:tim:encryption_signal.png |}}
\\