Search Site
Request A Demo
Back to All Blog Articles

Tomcat Configuration for CyberArk Integration

Chandresh Patel

December 30, 2019

Although this blog post is setup in context of a FlexDeploy installation, it will be useful for anyone using Java web applications on Tomcat who wants to integrate Tomcat with CyberArk for data source passwords.

As you can see on FlexDeploy installation, the password for database is defined in context.xml file and is in clear text. There are two ways to configure Tomcat to get password during connection request from CyberArk.

  1. Use property source configuration, you will need to write java code to get password from CyberArk.
  2. Use Application Server Credential Provider utility from CyberArk.

Let’s discuss Application Server Credential Provider configuration.

First copy CACredTCMapper550.jar and javapasswordsdk.jar to Tomcat lib directory. In case of FlexDeploy, this would be <FlexDeploy Home>/apache-tomcat-flexdeploy/lib folder. You will need to download these files from CyberArk site.

Integrate with any of the tools you use today or maybe tomorrow.

By using FlexDeploy, organizations establish an automated and repeatable process for building, packaging, and safely deploying code, APIs, meta-data changes, and data migrations from development through test to production environments.

Find Your Tools

Now configure context.xml as shown below. Keep in mind that credential query syntax is slightly different for this setup. For example, I am normally using query as safe=Database%20Accounts;folder=root;object=fd_admin but in case of context.xml setup, I need to use safe:Database%20Accounts,folder:Root,object:fd_admin. Basically = is replaced by : and ; is replaced by comma(,).

Additionally this example is for PostgreSQL database, if you are using other database then just replace driver appropriately.

<Resource name="jdbc/flexdbDS" auth="Container"
        type="javax.sql.DataSource"
        factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
        driverClassName="com.cyberark.aim.v550.tomcat.ASCPDriver"
        vendorDriver="org.postgresql.Driver"

        userPropertyName="user"
        passwordPropertyName="password"

        connectionProperties="appId=App_FlexDeploy;query=safe:Database%20Accounts,folder:Root,object:fd_admin"

        url="vendorDriver=org.postgresql.Driver;jdbc:postgresql://dbpostgres1:5432/flexdeploy"

        maxTotal="100"
        maxIdle="20"

        validationQuery="select 1"
        testOnBorrow="true"

        defaultTransactionIsolation="READ_COMMITTED"
        useLocalSessionState="true"
        defaultAutoCommit="false"/>

Now start Tomcat and you will never have to worry about setting password in context.xml file!

Learn more about FlexDeploy and its out-of-the-box support for over 100 tools and technologies and download the datasheet today.

Download the Datasheet

Topics in this article: Extensibility & Integrations

A Comprehensive, Integrated Approach to DevOps

Tell us about your integration challenges. We’ve got you covered.

Request a Demo

Related Resources

Unlock the Power of DevOps Compliance for Your Enterprise Software

In today’s fast-paced software development environment, ensuring compliance with regulatory standards and policies is not just a necessity—it’s a strategic ...
Learn More

Integrating Tricentis Tosca (DEX) with FlexDeploy for Test Automation

Tricentis Tosca is a software testing tool that is used to automate end-to-end testing for software applications. Tricentis Tosca combines ...
Learn More

Integrating ACCELQ with FlexDeploy for Seamless Test Automation

ACCELQ is a cloud-based, continuous testing platform that offers codeless test automation for web, mobile, API, desktop, and packaged applications. ...
Learn More

Join DevOps leaders across the globe who receive analysis, tips, and trends in their inbox

Request a Demo

Get Professional Services

Request a Quote