You might decide to encode or encrypt sensitive information that is stored in properties files with the class atg.core.util.Base64, or another method. In this case, you must be able to access the encrypted information.
Note: The Oracle ATG Web Commerce distribution currently supports BASE64 decryption only.
The atg.nucleus.PropertyValueDecoder class defines a component that can decode the value of properties encoded with Base64. You can use a component of this type to protect properties that should remain encoded until their value is used. For example, DataSource components can use a PropertyValueDecoder component to decrypt user and password properties before using them to create a database connection. These sensitive pieces of information are protected in the DataSource’s properties file until they are needed
To use a PropertyValueDecoder, modify the original component to use the decoder for the encoded property. Do not make the decoded value visible to any public method or property. The PropertyValueDecoder’s decode() method should be called and its return value used directly (apart from type casting). This lets your component use different implementations of the PropertyValueDecoder interface without modification.
As installed, the atg.service.jdbc.FakeXADataSource class supports this feature. To use it, follow these steps:
Create an
atg.service.jdbc.SimpleLoginDecodercomponent that implementsPropertyValueDecoder—for example,MySimpleLoginDecoder.Set the
loginDecoderproperty ofFakeXADataSourcetoMySimpleLoginDecoder.Set the values of the
userandpasswordproperties inFakeXADataSourcewith Base64-encoded values. You can rely on the decoder to pass the decoded login to the database when connections are created.
If you need more robust security, you can subclass LoginDecoder and override its decode() methods, or implement your own PropertyValueDecoder.
