[Download] | [Documentation Home] | [Release Note]

Secure Passwords in DataService Configuration


WSO2 Data Services Server provides the feature to secure passwords fields using the Secure Vault functionality. Users can encript their passwords using tokens instead of the actual password inside the data service configuration file and decript the actual password using password provider class. This example will guide you how to secure your password for a relational database.

Step 1 - Creating the password provider

To embed the encryption/description logic you need to write your own PasswordProvider class. Following example uses a simple PasswordProvider class to demonstrate how a PasswordProvider can be used.

Sample PasswordProvider Class

package org.wso2.test.passwordProvider.secretResolver;

import org.apache.synapse.securevault.secret.SecretCallback;
import org.apache.synapse.securevault.secret.SecretCallbackHandler;
import org.apache.synapse.securevault.secret.SingleSecretCallback;

public class DefaultSecretProvider implements SecretCallbackHandler {
        public void handle(SecretCallback[] secretCallBack) {
                //for each token set the secret to wso2ds
                // you can give your own logic to encript the password
            for(int i = 0; i< secretCallBack.length; i++){      
                        ((SingleSecretCallback) secretCallBack[i]).setSecret("wso2ds");

The class file of the Password Provider should be archived as a jar file according to the package structure and placed inside CARBON_HOME/repository/components/lib folder.

Step 2 - Edit Data Service

In order to configure the password provider, you need to edit the data service and under Data Service Service Details you can give the Password Manager details. For the password provider field you need to give the class name along with package structure. When securing the passwords tokens can be used, tokens represents the password field. You can give more than one token inside tokens fields in comma separated manner.

Password Provider :- org.wso2.test.passwordProvider.secretResolver.DefaultSecretProvider.


Figure 1: Configuring Password Provider

Step 3 - Configure Data Source

Once the password manager is configured, you can replace your actual password by the given token in password manager.


Figure 2: Configure Data Source

After data source configuration is done click on Finish to re-deploy the service. You can invoke your service using try it to test the service.


Figure 3: Invoke the Service

You can click on "Edit Data Service (XML Edit)" and view the created data service as a XML.


Figure 7: Edit Data Service