Introduction
The Hibernate configuration files are the Database configuration files. The database information like database users, passwords, and jdbc URLs etc are specified in the hibernate configuration files. These files configuration files can be used at the time of installation or can be created for the using with the ManagedDatabaseJobJSAdapterClass job.
The Hibernate configuration files used by installation are:
- The following hibernate configuration files are available with JobScheduler Master and JOC Cockpit:
- JobScheduler run-time database: hibernate.cfg.xml for JobScheduler and jobscheduler.hibernate.cfg.xml for JOC Cockpit
Reporting database: reporting.hibernate.cfg.xml
- Database accounts, passwords, and URLs are specified as plain text with the above hibernate configuration files when they are provided at the time of installation using option <entry key="databaseConfigurationMethod" value="withoutHibernateFile"/>. To make the hibernate configuration file to use the database information from the Credential Store it is required to first create the hibernate configuration files and then use the <entry key="databaseConfigurationMethod" value="withHibernateFile"/> at the time of installation and provide the path to the Hibernate configurations file.
- Hibernate configuration file also supports Credential Store.
Display feature availability StartingFromRelease 1.13.3 Display feature availability StartingFromRelease 1.12.12
Create a custom hibernate file which accesses the Database accounts, password, and URL from the Credential Store.
Parameter String to retrieve the data from Credential Store
The SOSKeePassDatabase class uses a parameter string that holds a URI and a number of query parameters:
URI
cs://<entry_path>@<property_name> - required
- The URI based syntax includes the protocol cs://
- followed by the <entry_path> that specifies the directory structure and entry name in the credentials store file.
- followed by the @ character
followed by the <property_name> that should be retrieved:
- frequently used properties include credential store field names such as title, user, password,attachment Custom field names are supported.
Query Parameters
file - required
the path to the credential store database file. This file can be stored anywhere in the file system.password - optional
the password for the credential store database file.
It is recommended not to use this parameter and instead to use a key_file to access the credential store.key_file - optional, default: <credential_store_database_filename_without_extension>.key
Refer to the Knowledge base article Using a Credential Store for Jobs#Syntax for detailed description.
Syntax for hibernate Configuration files
The hibernate configuration file is introduced with different elements (property options) which can be used to retrieve the information from Credential Store.
It provides two types of syntax:
Full Syntax
The Full syntax is used when the complete URI is to be used with each property element of the Hibernate configuration file. The following syntax can be used to retrieve the information from Credential Store:
- <property name="hibernate.connection.username">cs://<entry_path>@user?file=<path to database kdbx file></property>
- <property name="hibernate.connection.password">cs://<entry_path>@password?file=<path to database kdbx file></property>
<property name="hibernate.connection.url">cs://<entry_path>@url?file=<path to database kdbx file></property>
Short Syntax
The Short syntax is used when the credential store items are to be used in the hibernate configuration to provide the details about the credential store:
- <property name="hibernate.sos.credential_store_file">some/path/database.kdbx</property> → Stores the path to the credential store file
- <property name="hibernate.sos.credential_store_key_file">some/path/database.key</property> → Stores the path of the key file to open the credential store
- <property name="hibernate.sos.credential_store_password">some password</property> → Stores the password of the credential store file
- <property name="hibernate.sos.credential_store_entry_path">/some/entry/path</property> → specifies the directory structure and entry name in the credentials store file.
After adding the credential store items in the hibernate configuration file the database information can be retrieved from the credential store by using following property element:
- <property name="hibernate.connection.username">cs://@user</property>
- <property name="hibernate.connection.password">cs://@password</property>
- <property name="hibernate.connection.url">cs://@url</property>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save the custom hibernate.cfg.xml file on any location and assign the path of the hibernate file in the job parameter.
Example of hibernate file that uses KeePass for access database credential
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <hibernate-configuration> <session-factory> <property name="hibernate.connection.url"><![CDATA[cs://server/test/reporting/MySQL@url?file=config/cs/kdbx-p-f.kdbx&password=test]]></property> <property name="hibernate.connection.username"><![CDATA[cs://server/prod/reporting/MySQL@username?file=config/cs/kdbx-p-f.kdbx&password=test]]></property> <property name="hibernate.connection.password"><![CDATA[cs://server/test/reporting/MySQL@password?file=config/cs/kdbx-p-f.kdbx&password=test]]></property> <property name="hibernate.connection.driver_class">org.mariadb.jdbc.Driver</property> <property name="hibernate.dialect">org.hibernate.dialect.MySQLInnoDBDialect</property> <property name="hibernate.show_sql">false</property> <property name="hibernate.connection.autocommit">false</property> <property name="hibernate.format_sql">true</property> <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property> </session-factory> </hibernate-configuration> |
Explanations
- Hibernate file make use of kdbx KeePass database for accessing Database credential
- <entry_path> of the kdbx database of KeePass Credential Store
- file-File path of kdbx keePass database.
- password- Password for accessing kdbx database where credentials store
Example of hibernate file with a key file for the credential store database file.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <hibernate-configuration> <session-factory> <property name="hibernate.connection.url"><![CDATA[cs://kdbx-p-f/MySQL@url?file=./config/live/keepass/kdbx-p-f.kdbx]]></property> <property name="hibernate.connection.username"><![CDATA[cs://kdbx-p-f/MySQL@username?file=./config/live/keepass/kdbx-p-f.kdbx]]></property> <property name="hibernate.connection.password"><![CDATA[cs://kdbx-p-f/MySQL@password?file=./config/live/keepass/kdbx-p-f.kdbx]]></property> <property name="hibernate.connection.driver_class">org.mariadb.jdbc.Driver</property> <property name="hibernate.dialect">org.hibernate.dialect.MySQLInnoDBDialect</property> <property name="hibernate.show_sql">false</property> <property name="hibernate.connection.autocommit">false</property> <property name="hibernate.format_sql">true</property> <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property> </session-factory> </hibernate-configuration> |
Explanations
- Hibernate file make use of kdbx Key File Authentication for accessing Database credential
- <entry_path> path where the MySQL database credential stores.
- file- is the file path where the kdbx key file stores.
Downloads
- Download the attached archive:
- For Windows Operating System credential_store_using_hibernate_Key_file_example.zip
- For Linux Operating System credential_store_using_hibernate_key_file_example.tar
- Unzip the archive to the live folder of JobScheduler installation
- Add the database configuration according to your environment in the KDBX database (present in the example folder) for using the kdbx with the key file which accesses the credential to log in to the database.
References
- Links to Change Management System
Jira server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JITL-587