If you use a database or an LDAP for user authentication, etc, it’s easy to end up with clear text credentials in your configuration or properties files. This tutorial shows how to use Jasypt to replace those values with encrypted strings that get decrypted at run time.
Thus instead of having password in your properties file, you may find it beneficial to encrypt it and keep it in properties file so that all developers who have access to code base wont be able to know production database credentials.
Following configuration is done in order to achieve jasypt integration.
1> maven dependency
<!– https://mvnrepository.com/artifact/org.jasypt/jasypt-spring3 –>
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt-spring3</artifactId>
<version>1.9.2</version>
</dependency>
2>set environment in eclipse : CAS_PBE_PASSWORD=master password
3> Encrypt your credentials
Jasypt provides a command line utility that can be used to encrypt the values of your properties. Download the Jasypt distribution and unpack it. The utilities reside in the bin directory.
encrypt input=”pa55word” password=”master password” algorithm=”PBEWITHMD5ANDDES”
4>Read credentials in a properties file i.e. database.properties
dataSource.password=ENC(PGmc8eTazTl6bQQ1sffj26VlhyeEgAe4)
dataSource.username=root
5>
a>
package com.surya.common;
import java.sql.SQLException;
import javax.sql.DataSource;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
import org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.core.io.ClassPathResource;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
@Configuration
@ComponentScan(basePackages = "com.surya")
public class AnnoAppConfig {
@Value("${dataSource.username}")
private String username;
@Value("${dataSource.password}")
private String password;
@Bean
public DataSource dataSource() throws SQLException {
DriverManagerDataSource ds = new DriverManagerDataSource();
ds.setDriverClassName("com.mysql.jdbc.Driver");
ds.setUsername(username);
ds.setPassword(password);
ds.setUrl("jdbc:mysql://localhost:3306/testDb");
return ds;
}
@Bean
public static EnvironmentStringPBEConfig environmentVariablesConfiguration() {
EnvironmentStringPBEConfig environmentVariablesConfiguration = new EnvironmentStringPBEConfig();
environmentVariablesConfiguration.setAlgorithm("PBEWITHMD5ANDDES");
//environmentVariablesConfiguration.setPasswordEnvName("CAS_PBE_PASSWORD");
//super.setPassword(System.getenv(passwordEnvName));
environmentVariablesConfiguration.setPassword("master password");
return environmentVariablesConfiguration;
}
@Bean
public static StringEncryptor configurationEncryptor() {
StandardPBEStringEncryptor configurationEncryptor = new StandardPBEStringEncryptor();
configurationEncryptor.setConfig(environmentVariablesConfiguration());
return configurationEncryptor;
}
@Bean
public static PropertyPlaceholderConfigurer propertyConfigurer() {
EncryptablePropertyPlaceholderConfigurer propertyConfigurer = new EncryptablePropertyPlaceholderConfigurer(configurationEncryptor());
propertyConfigurer.setLocation(new ClassPathResource("database.properties"));
// propertyConfigurer.setLocation(resource);
return propertyConfigurer;
}
}
You can find full source code in git repository .
a>Or you can have it old way in a xml.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<!-- <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" /> <property
name="url" value="jdbc:mysql://localhost:3306/springdatabase" /> <property
name="username" value="root" /> <property name="password" value="pa55word"
/> </bean> -->
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/springdatabase" />
<property name="username" value="${dataSource.username}" />
<property name="password" value="${dataSource.password}" />
</bean>
<bean id="propertyPlaceholderConfigurer"
class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="classpath:database.properties" />
</bean>
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config" ref="environmentVariablesConfiguration" />
</bean>
<bean id="environmentVariablesConfiguration"
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWITHMD5ANDDES" />
<property name="passwordEnvName" value="CAS_PBE_PASSWORD" />
<!-- <property name="password" value="actual password here for testing
ONLY" /> -->
</bean>
</beans>
Surya Narayan Jenaoi I 