Why does an encoded password not work in Liberty

Question

In trying to get a Liberty container to work I'm encountering the following problem.

For a database connection I have an authData section like this in the server.xml:

<authData id="datasourceAuth" user="test" password="{xor}ABCD"/>

When I try to run the server with the password not encoded the database connection works as expected, but when the password is encoded I get this message: Connection refused (Connection refused). ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499

It looks like the password isn't being decoded when setting up the connection, but I don't understand why or if I am missing something in the configuration.

Answer 1

Encoding of data source passwords is supported in Liberty and ought to be working. I'll provide a more complete example aligning with the style of config you are using, as well as a reference to an official knowledge center doc with its own example

Use the securityUtility to encode the password,

securityUtility encode --encoding=xor test123

output:

{xor}KzosK25tbA==

Configure the value on authData and use the authData on a dataSource,

<authData id="datasourceAuth" user="test" password="{xor}KzosK25tbA=="/>
<dataSource id="testdb" jndiName="jdbc/testdb" containerAuthDataRef="datasourceAuth">
  <jdbcDriver libraryRef="db2jcc"/>
  <properties.db2.jcc databaseName="TESTDB" serverName="localhost" portNumber="50000"/>
</dataSource>

The authentication data applies when using a resource reference with container authentication.

I'd recommend going back and trying all of the steps again to rule out the possibility of a typo or copy/paste error. If it still doesn't work, then raise a case against OpenLiberty here, https://github.com/OpenLiberty/open-liberty/issues/new/