Introduction
Usually, a user name and password are specified when connecting to a database.
- Such configurations are considered insecure as passwords are stored in clear text in external files or in job parameters.
- The SQL Server® provides a means to connect to a database without specifying a user account and password.
Integrated Security
This authentication scheme is based on the fact that the account that a component is operated for is already authenticated by the OS and therefore can access a database without specifying user/password credentials.
Use of Integrated Security during Installation
There are two prerequisites:
- to set up a domain account before installation for the user account that performs the installation.
- to set up a Hibernate configuration file, see JS7 - Database:
- Users can create an individual Hibernate configuration file and make the installer use this file. The
hibernate.connection.url
property in this file should include theIntegratedSecurity=true
setting, no user name and password must be specified. - This configuration will implicitly use the domain account that JOC Cockpit is operated for.
- Add IntegratedSecurity=true property
<property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]</property>
- Users can create an individual Hibernate configuration file and make the installer use this file. The
Use of Integrated Security for an existing Installation
If you want to use a connection to an SQL Server with a Windows domain account then it might happen that during installation you receive an error message like this:
SQLException: Login failed for user 'DOMAIN\USER'
The given userid that is used by this connection presents itself as a SQL\USER account, instead of a DOMAIN\USER account.
A check of SQL Server logs will indicate that the given User ID that tried to establish the connection presented itself as an SQL\USER
account, instead of a DOMAIN\USER
account.
Apply the following modification to your Hibernate configuration file:
modify
JETTY_BASE/resources/joc/hibernate.cfg.xml
:Add IntegratedSecurity=true property<property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]</property>