2.5.6. Database Configuration

The default database HSQLDB that the Enterprise Application Platform ships with must be disabled as it is not supported. Additional configuration is also required for JDBC drivers and supporting This section will outline how this can be done and then refer you to information on how to configure supported databases. This must be done in the production server profile.

Procedure 2.3. Configure Database

Create DefaultDS file
Create a default DS file for the desired database. Examples of this file are located in JBOSS_HOME/docs/examples/jca.
Important
A DefaultDS file must be supplied in the JBOSS_HOME/server/production/deploy directory.
Delete HSQLDB files
Delete the following files as they refer to the HSQLDB database:
- JBOSS_HOME/server/production/deploy/hsqldb-ds.xml
- JBOSS_HOME/common/lib/hsqldb.jar
- JBOSS_HOME/common/lib/hsqldb-plugin.jar
- JBOSS_HOME/server/production/deploy/messaging/hsqldb-persistence-service.xml

Remove HSQLDB Security Domain

Comment out the security domain for HsqlDbRealm in the JBOSS_HOME/server/production/conf/login-config.xml file as shown.

<!-- Security domains for testing new jca framework
<application-policy name = "HsqlDbRealm">
  <authentication>
    <login-module 
      code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" 
      flag = "required">
      <module-option name = "principal">sa</module-option>
      <module-option name = "userName">cctest</module-option>
      <module-option name = "password">cc1248</module-option>
      <module-option name = "managedConnectionFactoryName">
        jboss.jca:service=LocalTxCM,name=DefaultDS
      </module-option>
    </login-module>
  </authentication>
</application-policy>
-->

Copy persistence service configuration file
The [database]-persistence-service.xml file contains the persistence service definition for JBoss Messaging, for the database specified by the [database] in the filename.
Copy the [database]-persistence-service.xml file that corresponds to the database you are using from the JBOSS_HOME/docs/examples/jms directory to JBOSS_HOME/server/production/deploy.
Note
The table definitions in any [database]-persistence-service.xml are not optimized for performance.
Relocate JDBC driver libraries
Place the supported JDBC driver libraries in the directory JBOSS_HOME/server/production/lib/.
Important
Ensure you follow the policy guidelines in Section 2.5.5, “Java Security Manager Policy File ” and choose a supported JDBC driver from Table 2.1, “Allowed 5.1.0 Database and JDBC Driver Versions” or Table 2.2, “Allowed 5.1.1 Database and JDBC Driver Versions”to maintain an evaluated configuration.
Add JDBC Grant Statement
Add the following grant statement for the JDBC driver you are using to the Java Security Manager policy file. The policy file is located in JBOSS_HOME/bin/security_cc.policy. Substitute the directory name of the JDBC driver where [cc.jdbc.driver] is specified in the code sample.
Important
Each JDBC driver can use different permissions. Check the JDBC driver documentation and replace java.security.AllPermission; with a secure permission scheme supported by the driver.
```
// granting permissions to JDBC driver 
grant codeBase "file:${jboss.server.home.dir}/lib/[cc.jdbc.driver]" { 
  permission java.security.AllPermission; 
};
```

Oracle Database Persistence Plugin Optimization

When using the Oracle Database, the database persistence plugin definition must be changed in JBOSS_HOME/server/production/deploy/ejb2-timer-service.xml from being:

<attribute name="DatabasePersistencePlugin">
org.jboss.ejb.txtimer.GeneralPurposeDatabasePersistencePlugin
</attribute>

to being:

<attribute name="DatabasePersistencePlugin">
org.jboss.ejb.txtimer.OracleDatabasePersistencePlugin
</attribute>

Note

JBoss Enterprise Application Platform requires a database to store its operational state. The JNDI name referring to the database is java:/DefaultDS. The database has to be separated from all application databases: user applications must not provide additional tables to the java:/DefaultDS database, but must use their own dedicated databases to store their objects.

This setup prevents attacks with SQL injection through user applications and information leaks from java:/DefaultDS database, as such injections are always limited to the connected database.

Note

The Installation and Configuration Guide contains specific information about the supported databases, and their configuration. Read this information in conjunction with the Common Criteria Configuration Guide overrides to ensure you maintain an evaluated configuration.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

2.5.6. Database Configuration

Where did the comment section go?