VERIFIED SOLUTION i
X

Hiding the password defined in the spectrum-override-container-ssl.xml file when setting up secure communications with Spectrum

UPDATED: December 21, 2018


To use an obfuscated password with Spectrum Technology Platform:
1. Run the Jetty Utility packaged with the Spectrum installation to generate the obfuscated password.  The Jetty Utility can be found in the ../server/app/lib/ directory and will be named "jetty-util-9.2.3.v20140905.jar" (where the highlighted numbers in this .jar filename correlate to version and build details and may be different with each version of Spectrum).  The following screen capture shows the jetty utility run from a Windows Java /bin directory pointing to a copy of the Jetty Utility .jar file pulled over from a Linux Spectrum installation:

How to create obfuscated Password

In the above example the command to create the obfuscated password is: 
java -cp jetty-utili-9.2.3.v20140905.jar org.eclipse.jetty.util.security.Password root password

Where 'root' is the userid associated with the obfuscated password, and should be the userid that owns the Spectrum installation.  And 'password', in this example, is the actual password that is to be used.

The string returned after 'OBF:' is the obfuscated version of 'password' in this example.  And this obfuscated string is what should be used in the 'spectrum-override-container-ssl.xml' file when setting up secure communications for Spectrum.

2.  In the 'spectrum-override-container-ssl.xml' file that is set up in the /server/app/conf/spring directory, the XML should be set up as shown here:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/util
       http://www.springframework.org/schema/util/spring-util-3.0.xsd">
    
    <bean id="defaultWebServerConnector" class="org.eclipse.jetty.server.ServerConnector">
        <constructor-arg ref="webServer"/>
        <constructor-arg>
            <bean class="org.eclipse.jetty.util.ssl.SslContextFactory"> 
                <property name="keyStorePath" value="C:\Pathto\keystore.jks"/> 
                <property name="keyManagerPassword"> 
                    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> 
                        <property name="targetClass" value="org.eclipse.jetty.util.security.Password" /> 
                        <property name="targetMethod" value="deobfuscate" /> 
                        <property name="arguments"> 
                            <list> 
                                <value>OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</value> 
                            </list> 
                        </property> 
                    </bean> 
                </property> 
                <property name="keyStorePassword" > 
                    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> 
                        <property name="targetClass" value="org.eclipse.jetty.util.security.Password" /> 
                        <property name="targetMethod" value="deobfuscate" /> 
                        <property name="arguments"> 
                            <list> 
                                <value>OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</value> 
                            </list> 
                        </property> 
                    </bean> 

In the above XML, lines have been added to identify that the provided values will have to go through a 'deobfuscate' process to conform to the actual password.  And the obfuscated password provided in Step 1 is to be used for the actual values defined in the <list> values of the XML.

3.  Restart Spectrum to utilize the obfuscated value for secure communications.  The actual value of 'password' will now be an unseen value.  Only the obfuscated password will be visible.  
(For instructions on restarting Spectrum for your specific platform, review the installation instructions available from the Pitney Bowes Spectrum Documentation site:  http://www.pitneybowes.com/us/support/products/spectrum-technology-platform-support.html).



 

Environment Details


Products Affected:  Pitney Bowes Spectrum Technology Platform

Product Feature: Installation/Upgrade

Operating System: Windows (All), Linux, UNIX
 

Downloads

  • No Downloads