Institutions wishing to bootstrap their databases, and encrypt sensitive values afterwards will find great value in the post-load-encrypt target provided in build.xml.
The import tool provided with the distribution does not handle encryption of data. It takes the values in the XML files and inserts them literally into the database. So, if you have data which needs to be encrypted, you can either pre-encrypt it before creating the XML files (or insert using your own mechanism/tools) or use this post-load encryption process.
| Note | ||
|---|---|---|
| ||
Institutions planning on implementing a encryption algorithm different than the demonstration-grade encryption, must be implement the custom algorithm before performing the Post Data-Load Encryption. |
Usage of the target is very straightforward:
...
KFS data access objects (DAOs) utilize OJB for most database operations. OJB has built-in support for several different database platforms, so we start by leveraging that. There are places, though, where we need functionality not provided by OJB (or that OJB does not perform quickly or easily enough). For DAOs which contain direct SQL (via JDBC statements), you will find that these statements will be subclasses of the PlatformAwareDaoBaseJdbc class.
KFS has the concept of the database platform for those cases where we were unable to rely on OJB and the supported databases deviate. This is represented by the org.kuali.rice.core.database.platform.DatabasePlatform interface. There are currently two primary implementations of this interface: org.kuali.rice.core.database.platform.OracleDatabasePlatform and org.kuali.rice.core.database.platform.MySQLDatabasePlatform. These classes provide information and functionality used by other parts of the application to compensate for differences between the two platforms. As you are developing your own DAOs, you may need to use the DatabasePlatform methods. As long as your DAO subclasses org.kuali.rice.kns.dao.impl.PlatformAwareDaoBaseOjb or org.kuali.rice.kns.dao.
...
impl.
...
File Structure
post-load-encrypt uses a standard .properties file to load its set of attributes to encrypt. The format followed is as such:
...
| title | fieldsToEncrypt.properties |
|---|
...
PlatformAwareDaoBaseJdbc as the KFS DAOs do, you can use the getDbPlatform() method of the super class to obtain the configured instance of DatabasePlatform. You can also obtain the DatabasePlatform object as needed by calling NSServiceLocator.getDatabasePlatform().
KFS can be adapted to work with other databases by adding appropriate DatabasePlatform implementations. Adding support for other databases may uncover the need for additional methods on this interface.
If you use Oracle or MySQL, platform-related settings will be taken care of for you at build time, based on the value of the datasource.ojb.platform property in kfs-build.properties. The build script uses this property to configure OJB and determine the appropriate driver, JDBC URL, and DatabasePlatform implementation to use. If you choose to add support for another database platform, you will also want to review and supplement this build logic.
There are also special classes for OJB's handling of sequences. Since MySQL does not have sequences, we had to implement a subclass of OJB's SequenceManager: org.apache.ojb.broker.platforms.KualiMySQLSequenceManagerImpl which will be used if you configure a MySQL database. If you will be using a non Oracle or MySQL database, you will need to set the datasource.ojb.sequence.manager configuration property to the appropriate value.
| Include Page | ||||
|---|---|---|---|---|
|