Java 以编程方式从server.xml读取解密的值
我有一个WebSphereLiberty服务器,具有以下Java 以编程方式从server.xml读取解密的值,java,websphere-liberty,server.xml,Java,Websphere Liberty,Server.xml,我有一个WebSphereLiberty服务器,具有以下server.xml: <managedThreadFactory jndiName="concurrent/threadFactory" maxPriority="5" /> <openidConnectClient id="AppID" inboundPropagation="required" clientId="${APPID_CLIENT_ID}" clientSecret="${APPID_CLI
server.xml
:
<managedThreadFactory jndiName="concurrent/threadFactory" maxPriority="5" />
<openidConnectClient id="AppID"
inboundPropagation="required"
clientId="${APPID_CLIENT_ID}"
clientSecret="${APPID_CLIENT_SECRET}"
authorizationEndpointUrl="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}/authorization"
tokenEndpointUrl="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}/token"
jwkEndpointUrl="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}/publickeys"
issuerIdentifier="https://${APPID_HOST}/oauth/v4/${APPID_TENANT_ID}"
tokenEndpointAuthMethod="basic"
signatureAlgorithm="none"
trustAliasName="${APPID_HOST}"
trustStoreRef="appidtruststore"
audiences="${APPID_CLIENT_ID}" />
是否可以从Java应用程序代码中以编程方式读取
clientSecret=“${APPID\u CLIENT\u SECRET}”的解密值?这取决于值的编码方式。如果它是加密的,根据定义,没有办法轻松解密它(否则它将破坏加密的目的)
如果您只是在进行可逆编码(例如XOR或AES),则可以使用Liberty功能对其进行解密
首先,确保在server.xml中启用了以下功能:
<feature>passwordUtilities-1.0</feature>
String rawValue = // get from System properties or env var
String decodedValue = PasswordUtil.decode(rawValue);