The encryption extension point plug-in is installed with the following products in the specified locations:
To extend the encryption extension point plug-in, you must implement both the encrypt and decrypt methods in the IEncryptionProvider interface, shown in
Listing 2-1.
The rest of this topic uses Information Object Designer to refer to both the IO design perspective in BIRT Designer Professional and standalone Information Object Designer.
When Information Object Designer is launched, it detects the encryption extension point plug-in. This plug-in is used for all connection types, for example Oracle and DB2. When the data modeler enters connection property values such as username, password, host name, and port on the Data source connection properties page, Information Object Designer determines if the property is tagged as masked. If so, the value entered for that property is passed to the encrypt method. The encrypt method returns the String value you programmed it to return, and this return value is stored in the data connection definition (.dcd) file. The encrypt method is called only when the value of a masked property is modified. When an information object is executed in Information Object Designer or on iServer, the values of the connection properties that are tagged as masked are read from the DCD file and passed to the decrypt method. The decrypt method returns the String value you programmed it to return.
You can have the encrypt method return an encrypted version of the string that a data modeler enters on the Data source connection properties page. This encrypted value is then stored in the DCD file and passed to the decrypt method when an information object is executed.
You can also program the encrypt and decrypt methods to implement lookup mechanisms to retrieve the actual property values, such as the username and password, from an external LDAP source. The values that the data modeler enters on the Data source connection properties page serve as tokens to identify the actual values. This approach can handle multiple data sources.
For example, the encrypt method can simply return any string value the data modeler provides without modification, and this token is stored in the DCD file. So, if a data modeler enters the password for an Oracle connection definition as Password_OracleDevelopment, the encrypt method returns Password_OracleDevelopment, and Password_OracleDevelopment is stored in the DCD file. When the decrypt method receives Password_OracleDevelopment, the decrypt method logic uses this token to query an external data source or to search a local encrypted file to retrieve the actual password.