Encrypt a Jackrabbit Repository Password for Spectrum Spatial
These instructions will require restarting the Spectrum Technology Platform server.
The Password Management Utility generates the encrypted strings for a repository password by taking a password as input and encrypting it. This is a Spectrum Technology Platform utility that is located under SpectrumDirectory/server/bin directory. Supported entity types are neo4j for changing and encrypting a new password to the Spectrum Technology Platform Neo4j database and spatial for encrypting the password to the Spectrum Spatial Apache Jackrabbit repository.
For the Spectrum Spatial Jackrabbit repository there are two variations depending on whether the repository is held in:
- the standard Apache Derby database on the file system, which is the default setup after installation; or
- a fully configured relational database management system (RDBMS), such as SQL, Oracle, or PostGreSQL, as described in Setting Up a Common Repository Database.
The Password Management Utility only applies to the second case where a full RDBMS is used.
In the first case, the Apache Derby database is deployed in embedded mode, so that only the Spectrum Spatial Java virtual machine (JVM) can access it.
In the second case, you created a database user and password when setting up the RDBMS as the common repository database. We recommend using a strong password with over 10 characters that follows your organization's password rules. The Password Management Utility does not change the database password. It creates an encrypted version so that it is not stored in plain text on the Spectrum Technology Platform server.
To encrypt the password to Spectrum Spatial’s Apache Jackrabbit database follow these steps:
-
Run the Password Management Utility to encrypt a repository password.
To check the password encryption, open SpectrumDirectory/server/modules/spatial/bootstrap.properties in a text editor. The bootstrap.properties file includes the properties:
repository.password.isencryptedwhich indicates the jackrabbit repository password is encrypted andrepository.passwordwhich is the jackrabbit repository password.
Note: On a clustered environment, run the Password Management Utility on all nodes (that have the same password to encrypt) to update the bootstrap.properties file on each node. An encrypted copy of the password may vary between nodes, but the copy will decrypt to the original password. -
Modify SpectrumDirectory\server\modules\spatial\jackrabbit\repository.xml to hold the password as a variable called
${rep.password}as shown below for PostgreSQL. This is similar for SQL Server and Oracle.<DataSources> <DataSource name="spatialrepo"> <param name="databaseType" value="postgresql"/> <param name="driver" value="org.postgresql.Driver"/> <param name="url" value="jdbc:postgresql://[server]:[port]/[database]"/> <param name="user" value="[user]"/> <param name="password" value="${rep.password}"/> <param name="validationQuery" value="select 1"/> </DataSource> </DataSources>Note: On a clustered environment, modify the repository.xml file on all nodes of the Spectrum Technology Platform configuration. -
Restart the Spectrum Technology Platform server.
For instructions on how to restart the Spectrum Technology Platform server, see the Spectrum Administration Guide.
The repository password is now encrypted to Spectrum Spatial’s Apache Jackrabbit.
For information about Spectrum Technology Platform Neo4j database password encryption, see the Spectrum Administration Guide.