documentation/9.4.x/configuring-security-secure-passwords.html - www.eclipse.org/jetty - Git at Google

 <html><head>
       <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Secure Password Obfuscation</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="configuring-security.html" title="Chapter&nbsp;7.&nbsp;Configuring Security"><link rel="prev" href="serving-aliased-files.html" title="Aliased Files and Symbolic links"><link rel="next" href="setting-port80-access.html" title="Setting Port 80 Access for a Non-Root User"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
       hljs.initHighlightingOnLoad();
     </script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
             Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Secure Password Obfuscation</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="serving-aliased-files.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><th width="60%" align="center">Chapter&nbsp;7.&nbsp;Configuring Security<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right">&nbsp;<a accesskey="n" href="setting-port80-access.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
           <span class="website">www.webtide.com</span></a></h5><p>
  private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
  scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
       </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuring-security-secure-passwords"></a>Secure Password Obfuscation</h2></div></div></div><p>There are many places where you might want to use and store a password, for example for the SSL connectors and user passwords in realms.</p><p>Passwords can be stored in clear text, obfuscated, checksummed or encrypted in order of increasing security.
 The choice of method to secure a password depends on where you are using the password.
 In some cases, such as keystore passwords and <code class="literal">DIGEST</code> authentication, the system must retrieve the original password, which requires the obfuscation method.
 The drawback of the obfuscation algorithm is that it protects passwords <span class="strong"><strong>from casual viewing only.</strong></span></p><p>When the stored password is compared to one a user enters, the handling code can apply the same algorithm that secures the stored password to the user input and compare results, making password authentication more secure.</p><p>The class <code class="literal">org.eclipse.jetty.util.security.Password</code> can be used to generate all varieties of passwords.</p><p>Run it without arguments to see usage instructions:</p><div class="screenexample"><pre class="screen">$ java -cp lib/jetty-util-9.4.28-SNAPSHOT.jar org.eclipse.jetty.util.security.Password

 Usage - java org.eclipse.jetty.util.security.Password [&lt;user&gt;] &lt;password&gt;
 If the password is ?, the user will be prompted for the password</pre></div><p>For example, to generate a secured version of the password <code class="literal">password</code> for the user <code class="literal">username</code>:</p><div class="screenexample"><pre class="screen">$ java -cp ../lib/jetty-util-9.4.28-SNAPSHOT.jar org.eclipse.jetty.util.security.Password username password
 2017-12-13 11:19:27.928:INFO::main: Logging initialized @95ms to org.eclipse.jetty.util.log.StdErrLog
 password
 OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v
 MD5:5f4dcc3b5aa765d61d8327deb882cf99
 CRYPT:usjRS48E8ZADM</pre></div><p>If using a external tool to create/verify the MD5 hash (such as <code class="literal">md5sum</code> or <code class="literal">md5</code>), be sure to verify a carriage return (CR) or new line is not added.
 For example:</p><div class="screenexample"><pre class="screen">//With a CR included
 $ echo password | md5sum
 286755fad04869ca523320acce0dc6a4 *-

 //Using the `-n` option to exclude a new line from being added.
 $ echo -n password | md5sum
 5f4dcc3b5aa765d61d8327deb882cf99 *-</pre></div><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-plus" aria-hidden="true"></i> Important</h3><p>When using the <code class="literal">DIGEST</code> method in tandem with an MD5 hash, you must hash the entire <code class="literal">user:realm:password</code> string or you will encounter issues with authenticating.</p></div></blockquote></div><div class="screenexample"><pre class="screen">$ java -cp ../lib/jetty-util-9.4.7.v20170914.jar org.eclipse.jetty.util.security.Password username username:realm:password
 2017-12-13 11:34:33.263:INFO::main: Logging initialized @97ms to org.eclipse.jetty.util.log.StdErrLog
 username:realm:password
 OBF:1w281yf41v1x1z7e1xmi1v1p1tvv1v901c3j1x8k1ugo1ri71uh21x8a1c3j1v9m1tv71v2p1xms1z7o1v2h1yf21w1a
 MD5:66999343281b2624585fd58cc9d36dfc
 CRYPT:usulxZfApLefk

 $ echo -n username:realm:password | md5sum
 66999343281b2624585fd58cc9d36dfc *-</pre></div><p>You can now cut and paste whichever secure version you choose into your configuration file or Java code.</p><p>For example, the last line below shows how you would implement the encrypted password generated above into the properties file for a <code class="literal">LoginService</code>:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>admin: CRYPT:ad1ks..kc.1Ug,server-administrator,content-administrator,admin
 other: OBF:1xmk1w261u9r1w1c1xmq
 guest: guest,read-only
 me:CRYPT:me/ks90E221EY</code></pre><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-lightbulb-o" aria-hidden="true"></i> Tip</h3><p>Don&#8217;t forget to also copy the OBF:, MD5: or CRYPT: prefix on the generated password. It will not be usable by Jetty without it.</p></div></blockquote></div><p>You can also use obfuscated passwords in Jetty xml files where a plain text password is required.
 Here&#8217;s an example setting the password for a JDBC Datasource with obfuscation:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>  &lt;New id="DSTest" class="org.eclipse.jetty.plus.jndi.Resource"&gt;
      &lt;Arg&gt;&lt;/Arg&gt;
      &lt;Arg&gt;jdbc/DSTest&lt;/Arg&gt;
      &lt;Arg&gt;
        &lt;New class="com.jolbox.bonecp.BoneCPDataSource"&gt;
          &lt;Set name="driverClass"&gt;com.mysql.jdbc.Driver&lt;/Set&gt;
          &lt;Set name="jdbcUrl"&gt;jdbc:mysql://localhost:3306/foo&lt;/Set&gt;
          &lt;Set name="username"&gt;dbuser&lt;/Set&gt;
          &lt;Set name="password"&gt;
             &lt;Call class="org.eclipse.jetty.util.security.Password" name="deobfuscate"&gt;
                   &lt;Arg&gt;OBF:1ri71v1r1v2n1ri71shq1ri71shs1ri71v1r1v2n1ri7&lt;/Arg&gt;
             &lt;/Call&gt;
          &lt;/Set&gt;
          &lt;Set name="minConnectionsPerPartition"&gt;5&lt;/Set&gt;
          &lt;Set name="maxConnectionsPerPartition"&gt;50&lt;/Set&gt;
          &lt;Set name="acquireIncrement"&gt;5&lt;/Set&gt;
          &lt;Set name="idleConnectionTestPeriod"&gt;30&lt;/Set&gt;
       &lt;/New&gt;
     &lt;/Arg&gt;
   &lt;/New&gt;</code></pre></div><script type="text/javascript">
       SyntaxHighlighter.all()
     </script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="serving-aliased-files.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="configuring-security.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="setting-port80-access.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Aliased Files and Symbolic links&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top">&nbsp;Setting Port 80 Access for a Non-Root User</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
             See an error or something missing?
             <span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
                 <span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>
	<html><head>
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<title>Secure Password Obfuscation</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="configuring-security.html" title="Chapter 7. Configuring Security"><link rel="prev" href="serving-aliased-files.html" title="Aliased Files and Symbolic links"><link rel="next" href="setting-port80-access.html" title="Setting Port 80 Access for a Non-Root User"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
	hljs.initHighlightingOnLoad();
	</script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
	Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Secure Password Obfuscation</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="serving-aliased-files.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><th width="60%" align="center">Chapter 7. Configuring Security<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right"> <a accesskey="n" href="setting-port80-access.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
	<span class="website">www.webtide.com</span></a></h5><p>
	private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
	scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
	</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuring-security-secure-passwords"></a>Secure Password Obfuscation</h2></div></div></div><p>There are many places where you might want to use and store a password, for example for the SSL connectors and user passwords in realms.</p><p>Passwords can be stored in clear text, obfuscated, checksummed or encrypted in order of increasing security.
	The choice of method to secure a password depends on where you are using the password.
	In some cases, such as keystore passwords and <code class="literal">DIGEST</code> authentication, the system must retrieve the original password, which requires the obfuscation method.
	The drawback of the obfuscation algorithm is that it protects passwords <span class="strong"><strong>from casual viewing only.</strong></span></p><p>When the stored password is compared to one a user enters, the handling code can apply the same algorithm that secures the stored password to the user input and compare results, making password authentication more secure.</p><p>The class <code class="literal">org.eclipse.jetty.util.security.Password</code> can be used to generate all varieties of passwords.</p><p>Run it without arguments to see usage instructions:</p><div class="screenexample"><pre class="screen">$ java -cp lib/jetty-util-9.4.28-SNAPSHOT.jar org.eclipse.jetty.util.security.Password

	Usage - java org.eclipse.jetty.util.security.Password [<user>] <password>
	If the password is ?, the user will be prompted for the password</pre></div><p>For example, to generate a secured version of the password <code class="literal">password</code> for the user <code class="literal">username</code>:</p><div class="screenexample"><pre class="screen">$ java -cp ../lib/jetty-util-9.4.28-SNAPSHOT.jar org.eclipse.jetty.util.security.Password username password
	2017-12-13 11:19:27.928:INFO::main: Logging initialized @95ms to org.eclipse.jetty.util.log.StdErrLog
	password
	OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v
	MD5:5f4dcc3b5aa765d61d8327deb882cf99
	CRYPT:usjRS48E8ZADM</pre></div><p>If using a external tool to create/verify the MD5 hash (such as <code class="literal">md5sum</code> or <code class="literal">md5</code>), be sure to verify a carriage return (CR) or new line is not added.
	For example:</p><div class="screenexample"><pre class="screen">//With a CR included
	$ echo password \| md5sum
	286755fad04869ca523320acce0dc6a4 *-

	//Using the `-n` option to exclude a new line from being added.
	$ echo -n password \| md5sum
	5f4dcc3b5aa765d61d8327deb882cf99 *-</pre></div><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-plus" aria-hidden="true"></i> Important</h3><p>When using the <code class="literal">DIGEST</code> method in tandem with an MD5 hash, you must hash the entire <code class="literal">user:realm:password</code> string or you will encounter issues with authenticating.</p></div></blockquote></div><div class="screenexample"><pre class="screen">$ java -cp ../lib/jetty-util-9.4.7.v20170914.jar org.eclipse.jetty.util.security.Password username username:realm:password
	2017-12-13 11:34:33.263:INFO::main: Logging initialized @97ms to org.eclipse.jetty.util.log.StdErrLog
	username:realm:password
	OBF:1w281yf41v1x1z7e1xmi1v1p1tvv1v901c3j1x8k1ugo1ri71uh21x8a1c3j1v9m1tv71v2p1xms1z7o1v2h1yf21w1a
	MD5:66999343281b2624585fd58cc9d36dfc
	CRYPT:usulxZfApLefk

	$ echo -n username:realm:password \| md5sum
	66999343281b2624585fd58cc9d36dfc *-</pre></div><p>You can now cut and paste whichever secure version you choose into your configuration file or Java code.</p><p>For example, the last line below shows how you would implement the encrypted password generated above into the properties file for a <code class="literal">LoginService</code>:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>admin: CRYPT:ad1ks..kc.1Ug,server-administrator,content-administrator,admin
	other: OBF:1xmk1w261u9r1w1c1xmq
	guest: guest,read-only
	me:CRYPT:me/ks90E221EY</code></pre><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-lightbulb-o" aria-hidden="true"></i> Tip</h3><p>Don’t forget to also copy the OBF:, MD5: or CRYPT: prefix on the generated password. It will not be usable by Jetty without it.</p></div></blockquote></div><p>You can also use obfuscated passwords in Jetty xml files where a plain text password is required.
	Here’s an example setting the password for a JDBC Datasource with obfuscation:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code> <New id="DSTest" class="org.eclipse.jetty.plus.jndi.Resource">
	<Arg></Arg>
	<Arg>jdbc/DSTest</Arg>
	<Arg>
	<New class="com.jolbox.bonecp.BoneCPDataSource">
	<Set name="driverClass">com.mysql.jdbc.Driver</Set>
	<Set name="jdbcUrl">jdbc:mysql://localhost:3306/foo</Set>
	<Set name="username">dbuser</Set>
	<Set name="password">
	<Call class="org.eclipse.jetty.util.security.Password" name="deobfuscate">
	<Arg>OBF:1ri71v1r1v2n1ri71shq1ri71shs1ri71v1r1v2n1ri7</Arg>
	</Call>
	</Set>
	<Set name="minConnectionsPerPartition">5</Set>
	<Set name="maxConnectionsPerPartition">50</Set>
	<Set name="acquireIncrement">5</Set>
	<Set name="idleConnectionTestPeriod">30</Set>
	</New>
	</Arg>
	</New></code></pre></div><script type="text/javascript">
	SyntaxHighlighter.all()
	</script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="serving-aliased-files.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="configuring-security.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="setting-port80-access.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Aliased Files and Symbolic links </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top"> Setting Port 80 Access for a Non-Root User</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
	See an error or something missing?
	<span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
	<span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>