Hi,
We have a context.xml under $TOMCAT_HOME/conf that looks like this:
<Resource name="jdbc/theDB"
auth="Container"
type="javax.sql.DataSource"
username="${DB_USERNAME}"
password="${DB_PASSWORD}"
driverClassName="oracle.jdbc.OracleDriver"
validationQuery="select 1 from dual"
testOnBorrow="true"
url="${DB_URL}"
/>
if we do something like this in setenv.sh, the substitution works great
export DB_USERNAME=xyz
export DB_PASSWORD=vvv
export JAVA_OPTS="$JAVA_OPTS -DDB_USERNAME=$DB_USERNAME"
export JAVA_OPTS="$JAVA_OPTS -DDB_PASSWORD=$DB_PASSWORD"
However, if on a linux box, if someone did a "ps -ef | grep java", they
would be able to see the actual values of these parameters.
theuser 127734 1 0 Jan19 ? 00:04:39 /opt/java/bin/java
-Djava.util.logging.config.file=/opt/mis/apps/jaspersoft/tomcat/apache-tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-DDB_USERNAME=xyz
-DDB_PASSWORD=vvv
Which our operations team does not want....
Is there any syntax that Tomcat can recognize to substitute true
environment variables (i.e. export DB_USERNAME=xyz) as opposed to Java
properties injected into the JVM by -D (i.e. export
DB_USERNAME=$DB_USERNAME) ? Haven't been able to find any documentation on
it, but thought would ask.
Thanks in advance,
Al
