Skip to main content
Pentaho Documentation

Setting up password encryption after upgrading

Parent article

If you want to establish password encryption, after upgrading your Pentaho Server from 9.0 to 9.1, you must first set up the server to work with password encryption before applying it.

Perform the following actions if you want to set up your system for password encryption:

  1. Modify the Tomcat Context XML file.
  2. Update the Jackrabbit Repository XML file.
  3. Verify your Quartz properties.
  4. Update your Hibernate configuration.

Modify the Tomcat context XML file

Database connection and network information for your Pentaho Repository database are stored in the context.xml file.

Perform the following steps to modify the context.xml file to reflect encryption password changes for your database connection and network information.

Procedure

  1. If you had any previous customizations to the context.xml file before upgrading and you have not already applied these customizations to the 9.1 version of the file, merge your customizations into the 9.1 version of the context.xml file. See Apply customizations for instructions.

    NotePassword encryption requires the 9.1 version of the context.xml file.
  2. Stop the Pentaho Server.

  3. Navigate to the pentaho/server/pentaho-server/tomcat/webapps/pentaho/META-INF directory and open the context.xml file with any file editor.

  4. Locate all occurrences of the following factory setting:

    factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
  5. Replace every occurrence of the factory setting with the following value:

    factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory"
  6. Locate the type of database you are using as the Pentaho Repository and add the following lines of code to the end of the Resource block to include Jackrabbit, which handles password encryption:

    • Postgres

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/jackrabbit" validationQuery="select 1"/>
    • MySQL

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost:3306/jackrabbit" validationQuery="select 1"/>
    • Oracle

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@localhost:1521/XE" validationQuery="select 1 from dual"/>

      Replace XE in the URL setting to reflect the name of your schema.

    • MS SQL Server

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" url="jdbc:sqlserver://localhost:1433;DatabaseName=jackrabbit" validationQuery="select 1"/>
  7. Save and close the context.xml file.

  8. Restart the server and confirm no errors occurred.

    Depending on the error, you may need to contact Support for help.

Results

The context.xml is now modified to reflect encryption password changes for your database connection and network information.

Update the Jackrabbit Repository XML file

The Jackrabbit component contains the solution repository, examples, security data, and content data from reports that you create in Pentaho. You must use the Pentaho 9.1 version of the repository.xml file if you plan to apply password encryption.

Perform the following steps to update the repository.xml file to use password encryption.

Procedure

  1. If you do not already have the Pentaho 9.1 version of the repository.xml file, download the pentaho-optional-configs-9.1.0.0.zip file and retrieve the repository.xml file from the ZIP file. See Download the configuration files for instructions on how to retrieve this ZIP file.

  2. If you are using a database other than Postgres for your Pentaho Repository, perform the following substeps:

    1. Open the Pentaho 9.1 version of the repository.xml file with any file editor.

    2. Comment out any references to databases other than the database you are using for the Pentaho Repository in each of the following sections, and uncomment the sections that pertain to your database:

      • Repository
      • DataStore
      • Workspaces
      • PersistenceManager (1st part)
      • Versioning
      • PersistenceManager (2nd part)
      • DatabaseJournal
    3. Save and close the repository.xml file.

  3. If you had any previous customizations to the repository.xml file before upgrading and you have not already applied these customizations to the 9.1 version of the file, merge your customizations into the 9.1 version of the repository.xml file. See Merge customizations into the configuration files for instructions.

  4. Copy the Pentaho 9.1 version to the repository.xml into your pentaho/server/pentaho-server/pentaho-solutions/system/jackrabbit directory.

  5. Stop and restart the server to confirm no errors occurred.

    Depending on the error, you may need to contact Support for help.

Verify your Quartz properties

Event information, such as scheduled reports, is stored in the Quartz JobStore. Quartz must be set up with JNDI for password encryption to work.

Perform the following steps to verify the quartz.properties file has the correct JNDI information:

Procedure

  1. Stop the Pentaho Server.

  2. Navigate to the pentaho/server/pentaho-server/pentaho-solutions/system/quartz directory and open the quartz.properties file with any file editor.

  3. Verify the following line of code appears in the file:

    org.quartz.dataSource.myDS.jndiURL = Quartz

  4. Close the quartz.properties file.

  5. If the line of code associated with JNDI does not appear in the quartz.properties file, perform the following action depending on whether you have any previous customizations to the quartz.properties file:

    • If you have not customized the quartz.properties file, replace the existing version of the file with the 9.1 version from the pentaho-optional-configs-9.1.0.0.zip file. See Download the configuration files for instructions about how to retrieve this ZIP file.
    • If you have customized the quartz.properties file before upgrading and you have not already applied these customizations to the 9.1 version of the file, merge your customizations into the 9.1 version of the quartz.properties file. See Apply customizations for instructions.
  6. Restart the server and confirm no errors occurred.

    Depending on the error, you may need to contact Support for help.

Results

Quartz is now set up with JNDI for password encryption to work.

Update your Hibernate configuration

The Hibernate configuration file specifies driver and connection information, as well as dialects and how to handle connection closes and timeouts. You must have the 9.1 Pentaho version of this file for password encryption to work.

Perform the following steps to update the Hibernate configuration file for Pentaho 9.1.

Procedure

  1. Stop the Pentaho Server.

  2. Navigate to the pentaho/server/pentaho-server/pentaho-solutions/system/hibernate directory.

  3. Perform the following action depending on whether you have any previous customizations to the hibernate.cfg.xml file per your database type:

    • If you have not customized the hibernate.cfg.xml file, replace the existing version of the file with the 9.1 version from the pentaho-optional-configs-9.1.0.0.zip file. See Download the configuration files for instructions on how to retrieve this ZIP file.
    • If you have customized the hibernate.cfg.xml file before upgrading and you have not already applied these customizations to the 9.1 version of the file, merge your customizations into the 9.1 version of the quartz.properties file. See Apply customizations for instructions.
  4. Restart the server and confirm no errors occurred.

    Depending on the error, you may need to contact Support for help.

Results

Hibernate now has the 9.1 Pentaho version of this file for password encryption to work.

Next steps

With Tomcat, Quartz, and Hibernate set up to work with password encryption, you can now use encrypted passwords with Pentaho 9.1 products. See Use password encryption with Pentaho for instructions.