Instructions for Local Deployments
Step 1: Update to the our versions of local_policy.jar and US_export_policy.jar files
The existing copies of local_policy.jar and US_export_policy.jar files in your active JVM must be replaced with the version downloaded from here
Windows
On a windows box, these files are to be copied under \jre\lib\security folder of your active java installation
Ubuntu
On an Ubuntu box, these files would typically go under a locations similar to /usr/lib/jvm/java-7-oracle/jre/lib/security inside your active Java installation
Mac OSX
On an OS X box, these files would typically go under a location similar to /Library/Java/JavaVirtualMachines/jdk1.8.0_40.jdk/Contents/Home/jre/lib/security
Step 2 : Copy Encryption related libraries to tomcat
Copy the following libraries under the lib folder of tomcat
a) tomcat-connector.jar
b) commons-codec-1.9.jar
c) spring-security-core-3.2.5.RELEASE.jar
These libraries are shared at Encryption related libraries
Step 2: Add a new tenant
Query for adding the new tenant details is INSERT INTO `tenants` ( `identifier`, `name`, `timezone_id`, `oltp_id`, `report_id`, `tenant_key`) VALUES ('default', 'Default Demo Tenant', 'Asia/Kolkata',1,1,null);
| # | Column name | Values | Description |
|---|---|---|---|
| 1. | identifier | default | This is a column to enter the tenant name that is used by application, This field is mandatory |
| 2. | name | Default Demo Tenant | This is a column to enter name of the tenant for user identification, This field is mandatory |
| 3. | timezone_id | Asia/Kolkata | This is a column to enter time zone of the tenant that need to be used by application, This field is mandatory |
| 4. | oltp_id | 1 | This is a column to enter the id from tenant_server_connections, this database details entered here will be used by application, This field is mandatory |
| 5. | report_id | 1 | This is a column to enter the id from tenant_server_connections, this database details entered here will be used by application for executing reports, This field is mandatory |
| 6 | tenant_key | null | This column is used for holding the tenant specific encryption key which is used for decryption of the server details entered in "tenant_server_connections" table. If "is_server_connection_details_encrypted" in "tenant_server_connections" table is set to 0 then "tenant_key" will be generated and updated automatically by the application, This field is mandatory |
Step 3: Configure encrypted data source for the new tenant
The query for adding the new tenant server details is INSERT INTO `mifosplatform-tenants`.`tenant_server_connections` (`schema_server`, `schema_name`, `schema_username`, `schema_password`, `server_connection_details_for_encryption`) VALUES (localhost, ‘conflux’, root, mysql, ‘localhost|root|mysql’);
Note that the last column is a concatenation of schema_server | schema_username | schema_password
| # | Column name | Sample Values | Description |
|---|---|---|---|
| 1. | schema_server | 127.0.0.1 | This is a column contains the encrypted MySQL server IP address |
| 2. | schema_name | conflux_db | This is a column to enter the database name that needed to be used by the application, This field is mandatory |
| 3. | schema_username | root | This is a column to enter the database username, This field is mandatory |
| 4. | schema_password | mysql | This is a column to enter the database password, This field is mandatory |
| 5. | server_connection_details_for_encryption | 127.0.0.1|root|mysql (consistent with the details of other details) | This is a column to enter connection details for encryption to connect with the server. Here the value should be given as schema_server|schema_username|schema_password, This field is mandatory |
| 6 | is_server_connection_details_encrypted | 0 or 1 | if the value is 0 then the application will be encrypting the details entered in "server_connection_details_for_encryption" column and storing the details in the respective columns. if the value is 1 then it indicates the details are encrypted and application will be taking the values from the respective columns required and try to decrypt it to connect to MySQL. |
Step 4 : Start your Tomcat Server
Starting the server would replace the non encrypted values in tenant_server_connections table and also set the tenant_key in the tenants table
Note : Encryption utilizes the values of the "identifier" and "name" columns in "tenants" table. If the values in these two columns are changed, then the MySQL server details need to be encrypted by freshly entering the connection details in "server_connection_details_for_encryption" and setting "is_server_connection_details_encrypted" column in "tenant_server_connections" to 0.