Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Overview

In order to implement Aes 256 bit encryption is was necessary override the existing encryption service. To accomplish this we re-referenced the "encryptionService"  spring bean to point to the new encryption service edu.uconn.kuali.rice.core.service.impl.AesEncryptionServiceImpl.

Wiring it All Together.

Rice 2.x no longer uses the rice config parameter "rice.additionalSpringFiles"  to list override spring files instead each module requires a parameter rice.[module].additionalSpringFiles that lists the override files for that particular module. The encryption service is part of the "kr" module as such we added the following line <param name="rice.kr.additionalSpringFiles">classpath:edu/uconn/kuali/rice/config/UConnKrOverrideSpringBeans.xml</param> to the Rice and KFS configuration files.

 

Encryption Service

Encryption is located in 2 places - inside the KFS application and inside the oracle schemas. For the system to properly function, the key in oracle should match the key in the application, and the encrypted data must be encrypted with that key.

 

Application Server

AES Encryption Service

security key

 

Database

Each KFS schema has the EncryptionService included. Encryption on the database is used only for 2 reasons - the data mart and the cleanse process. The data mart only uses the production schemas. The cleanse process is only used in non-production schemas. The encryption service in oracle is referenced through a function, decrypt_string(). The encrypted field is passed to the decrypt_string function.

EncryptionService

Java objects

apache commons 

loading java objects

to verify java objects are valid 

 

encrypted fields

 

 

 

 

  • No labels