Issue:
After executing ./js-install.sh (or js-install.bat) for installation of TIBCO JasperReports® Server version 7.9, plain-text passwords that were set in the configuration files were not encrypted after the installation. This is despite setting the propsToEncrypt property appropriately in the default_masters.properties file.
As a use-case example, we have set the following :
propsToEncrypt=dbPassword,external.dbPassword
encrypt=true
but after installation, the external.jdbc.password in the configuration file, js.externalAuth.properties, was not encrypted.
In the previous version, TIBCO JasperReports® Server 7.5.1, we were getting encrypted passwords in the corresponding configuration files with the same default_master.properties settings.
Solution:
This is a regression defect that was reported for TIBCO JasperReports® Server versions 7.8 and 7.9 under the following incident reference:
JS-59995: buildomatic does not encrypt more than one password at a time
The defect is fixed for TIBCO JasperReports® Server 7.8 as a hotfix.
To obtain this hotfix, download the latest 7.8 cumulative hotfix from Support Portal and apply the hotfix as per the instructions.
Note: When reviewing the included readme.txt file, the reference incident will be listed as:
"JS-59995 Update MasterPropertiesObfuscator to split propsToEncrypt by a comma"
At this time of writing, the defect is formally fixed in the upcoming major release after TIBCO JasperReports® Server version 7.9 but there is no equivalent hotfix for TIBCO JasperReports® Server version 7.9.
For users affected by this issue in TIBCO JasperReports® Server version 7.9, below are the steps to workaround this defect.
Workaround for TIBCO JasperReports® Server version 7.9 only
Before executing ./js-install.sh (or js-install.bat):
1> Edit default_master.properties file and only set one property to encrypt starting with dbPassword:
propsToEncrypt=dbPassword encrypt=true
2> At the command line under buildomatic directory, run:
cd <js-install>/buildomatic js-ant clean-config js-ant gen-config
Note: The first js-ant command deletes all the files (and even default directory itself) in buildomatic/build_conf/default directory. The second re-builds the configuration settings and files are recreated in this directory.
3> Edit default_master.properties file and only set the next property to encrypt :
propsToEncrypt=external.dbPassword encrypt=true
Important note: This file was changed from step 2 so that encrypt.done=true appears. This needs to be changed back into encrypt=true
4> At the command line under buildomatic directory, run:
js-ant gen-config
Note: do not run "js-ant clean-config" otherwise the first encrypted password will be invalidated.
After performing the above steps, navigate to buildomatic/build_conf/default and check the following files to verify the passwords are encrypted:
js.jdbc.properties - for validation of property dbPassword
js.externalAuth.properties - for validation of property external.dbPassword
Note: the default_master.properties file was updated as well to reflect on the encrypted passwords and encrypt=true becomes encrypt.done=true
You can then execute ./js-install.sh to carry out the installation. Post-installation, you can check the context.xml under /META-INF and js.externalAuth.properties under ../WEB-INF directory for the above two encrypted passwords.
Note: The workaround provides for a use-case where propsToEncrypt is set to two specific properties (dbPassword, external.dbPassword) but the workaround is applicable to all valid properties set as long as there are more than one properties set (which is what the issue was caused by).
ref: 02042496
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now