Request A Demo
Back to All Blog Articles

Tomcat Configuration for CyberArk Integration

Although this blog post is setup in context of a FlexDeploy installation, it will be useful for anyone using Java web applications on Tomcat who wants to integrate Tomcat with CyberArk for data source passwords.

As you can see on FlexDeploy installation, the password for database is defined in context.xml file and is in clear text. There are two ways to configure Tomcat to get password during connection request from CyberArk.

  1. Use property source configuration, you will need to write java code to get password from CyberArk.
  2. Use Application Server Credential Provider utility from CyberArk.

Let’s discuss Application Server Credential Provider configuration.

First copy CACredTCMapper550.jar and javapasswordsdk.jar to Tomcat lib directory. In case of FlexDeploy, this would be <FlexDeploy Home>/apache-tomcat-flexdeploy/lib folder. You will need to download these files from CyberArk site.

Integrate with any of the tools you use today or maybe tomorrow.

By using FlexDeploy, organizations establish an automated and repeatable process for building, packaging, and safely deploying code, APIs, meta-data changes, and data migrations from development through test to production environments.

Find Your Tools

Now configure context.xml as shown below. Keep in mind that credential query syntax is slightly different for this setup. For example, I am normally using query as safe=Database%20Accounts;folder=root;object=fd_admin but in case of context.xml setup, I need to use safe:Database%20Accounts,folder:Root,object:fd_admin. Basically = is replaced by : and ; is replaced by comma(,).

Additionally this example is for PostgreSQL database, if you are using other database then just replace driver appropriately.

<Resource name="jdbc/flexdbDS" auth="Container"
        type="javax.sql.DataSource"
        factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
        driverClassName="com.cyberark.aim.v550.tomcat.ASCPDriver"
        vendorDriver="org.postgresql.Driver"

        userPropertyName="user"
        passwordPropertyName="password"

        connectionProperties="appId=App_FlexDeploy;query=safe:Database%20Accounts,folder:Root,object:fd_admin"

        url="vendorDriver=org.postgresql.Driver;jdbc:postgresql://dbpostgres1:5432/flexdeploy"

        maxTotal="100"
        maxIdle="20"

        validationQuery="select 1"
        testOnBorrow="true"

        defaultTransactionIsolation="READ_COMMITTED"
        useLocalSessionState="true"
        defaultAutoCommit="false"/>

Now start Tomcat and you will never have to worry about setting password in context.xml file!

Learn more about FlexDeploy and its out-of-the-box support for over 100 tools and technologies and download the datasheet today.

Download the Datasheet

A Comprehensive, Integrated Approach to DevOps

Tell us about your integration challenges. We’ve got you covered.

Related Resources

Mastering Source Control: Streamlining Functional Setup Data Sync with FlexDeploy and Git Integration in Oracle FSM

Effective source control management (SCM) is pivotal in ensuring the seamless tracking and management of functional setup data. In this ...

New in 7.0: Release Work Items

Work item tracking tools play a crucial role in the DevOps process, helping teams plan new features, resolve bugs efficiently, ...

Analyze Source Code Using PMD in FlexDeploy

PMD is a static source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object ...

Join DevOps leaders across the globe who receive analysis, tips, and trends in their inbox