Encrypt a Jackrabbit Repository Password for Spectrum Spatial

These instructions will require restarting the Spectrum Technology Platform server.

The Password Management Utility generates the encrypted strings for a repository password by taking a password as input and encrypting it. This is a Spectrum Technology Platform utility that is located under SpectrumDirectory/server/bin directory. Supported entity types are neo4j for changing and encrypting a new password to the Spectrum Technology Platform Neo4j database and spatial for encrypting the password to the Spectrum Spatial Apache Jackrabbit repository.

For the Spectrum Spatial Jackrabbit repository there are two variations depending on whether the repository is held in:

  • the standard Apache Derby database on the file system, which is the default setup after installation; or
  • a fully configured relational database management system (RDBMS), such as SQL, Oracle, or PostGreSQL, as described in Setting Up a Common Repository Database.

The Password Management Utility only applies to the second case where a full RDBMS is used.

In the first case, the Apache Derby database is deployed in embedded mode, so that only the Spectrum Spatial Java virtual machine (JVM) can access it.

In the second case, you created a database user and password when setting up the RDBMS as the common repository database. We recommend using a strong password with over 10 characters that follows your organization's password rules. The Password Management Utility does not change the database password. It creates an encrypted version so that it is not stored in plain text on the Spectrum Technology Platform server.

To encrypt the password to Spectrum Spatial’s Apache Jackrabbit database follow these steps:

  1. Run the Password Management Utility to encrypt a repository password.
    1. Stop the Spectrum Technology Platform server.
      For instructions on how to stop the Spectrum Technology Platform server, see the Spectrum Administration Guide.
    2. On Windows, run a command prompt window as administrator (select Run as administrator).
      On Linux, open a Linux Terminal with execute permission to Spectrum Technology Platform file directories.
    3. Navigate to SpectrumDirectory/server/bin.
    4. On Windows, type pmu.bat spatial
      On Linux, type pmu.sh spatial
    5. At the prompt, enter the repository password to encrypt. The Password Management Utility uses the default encryption key for the Spectrum Technology Platform installation. There is no step for entering a custom key.
    To check the password encryption, open SpectrumDirectory/server/modules/spatial/bootstrap.properties in a text editor. The bootstrap.properties file includes the properties:
    • repository.password.isencrypted which indicates the jackrabbit repository password is encrypted and
    • repository.password which is the jackrabbit repository password.
    Note: On a clustered environment, run the Password Management Utility on all nodes (that have the same password to encrypt) to update the bootstrap.properties file on each node. An encrypted copy of the password may vary between nodes, but the copy will decrypt to the original password.
  2. Modify SpectrumDirectory\server\modules\spatial\jackrabbit\repository.xml to hold the password as a variable called ${rep.password} as shown below for PostgreSQL. This is similar for SQL Server and Oracle.
    	<DataSource name="spatialrepo">
    		<param name="databaseType" value="postgresql"/>
    		<param name="driver" value="org.postgresql.Driver"/>
    		<param name="url" value="jdbc:postgresql://[server]:[port]/[database]"/>
    		<param name="user" value="[user]"/>
    		<param name="password" value="${rep.password}"/>
    		<param name="validationQuery" value="select 1"/>
    Note: On a clustered environment, modify the repository.xml file on all nodes of the Spectrum Technology Platform configuration.
  3. Restart the Spectrum Technology Platform server.
    For instructions on how to restart the Spectrum Technology Platform server, see the Spectrum Administration Guide.

The repository password is now encrypted to Spectrum Spatial’s Apache Jackrabbit.

For information about Spectrum Technology Platform Neo4j database password encryption, see the Spectrum Administration Guide.