Spring - Jasypt Integration XML Config

Hi guys,
I just want to ask, how can I externalize into a property file the "algorithm", "password", "stringOutputType" of SimpleStringPBEConfig? Because whenever I try to, I keep having this exception:

Exception:

org.jasypt.exceptions.EncryptionInitializationException: java.security.NoSuchAlgorithmException:${TEST_JASYPT_ALGO} SecretKeyFactory not available
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.initialize(StandardPBEByteEncryptor.java:708)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.initialize(StandardPBEStringEncryptor.java:553)

Here is my configuration:

jasypt.properties:
TEST_JASYPT_ALGO=PBEWithMD5AndDES
TEST_JASYPT_PASS=Password
TEST_JASYPT_STROUT_TYPE=hexadecimal

database.properties
DB_DRIVER=<driver class here>
DB_URL=<url here>
DB_USER=<user here>
DB_PWD=ENC(<encrypted pass here>)

application-context.xml:
<bean id="springPropertyHolder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="location" value="classpath:jasypt.properties"/> </bean> <bean id="encConfig" class="org.jasypt.encryption.pbe.config.SimpleStringPBEConfig" > <property name="algorithm" value="${TEST_JASYPT_ALGO}"/> <property name="password" value ="${TEST_JASYPT_PASS}"/> <property name="stringOutputType" value="${TEST_JASYPT_STROUT_TYPE}"/> </bean> <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config" ref="encConfig"/> </bean> <bean id="jasyptPropHolder" class="org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref="configurationEncryptor"/> <property name="location" value="classpath:database.properties"/> </bean>

Any ideas?

Thanks,
Vincent

Well I guess my first question has nothing to do with the problem but with this type of configuration are you not still storing your password in clear text in a properties file?

maybe consider something like this instead

<bean id="environmentConfig" class= "org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig" p:algorithm="PBEWithMD5AndDES" p:passwordEnvName="ENCRYPTION_PWD" /

Here you would set ENCRYPTION_PWD as an environment variable then once the application has started up you would remove it. Now there is truly no way to get the unencrypted value.


Anyway back to your question..

I assume you have read the jasypt page about spring 3 integration but if you haven't take a look

http://www.jasypt.org/spring3.html


What I see is you have two PropertyPlaceholderConfigurers. Jasypts version is a drop in replacement you don't need 2 in your case. However if you do have two I would almost expect you would have some exceptions in your log. You can configure more than one but you need to take additional steps to handle different scenarios. For example you can set the order, and the ignoreUnresolvablePlaceholders to true on all but the last loaded PropertyPlaceholderConfigurer. Alternatively you can set the prefix and suffix on the configurer from ${ and } respectively to something different and access them accordingly using your new prefix/suffix and this also can help avoid conflicts.

However in our case I would just get rid of

<bean id="springPropertyHolder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name=" location" value="classpath:jasypt.properties"/> </bean>

and add that location to your other configurer.

on a side note (this is not applicable to EncryptablePropertyPlaceholderConfigurer) but for future reference, you can use a short hand context namespace for declaring this
<context:property-placeholder location="classpath:jasypt.properties" />

Hi Bill,

Thanks for the prompt reply, I haven't read the whole thing just some few important notes on how to configure jasypt - spring, but because of this exception I'm trying to read the whole thing.

I totally agree with you on the EnvironmentStringPBEConfig, but as per requirement I need to place all configurations in property files.

So I tried to add order and ignoreUnresolvablePlaceholders in my application context:

application-context.xml
<bean id="springPropertyHolder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="location" value="classpath:jasypt.properties"/> <property name="order" value="1"/> <property name="placeholderPrefix" value="$A{"/> <property name="ignoreUnresolvablePlaceholders" value="true"/> </bean> <bean id="encConfig" class="org.jasypt.encryption.pbe.config.SimpleStringPBEConfig" > <property name="algorithm" value="$A{TEST_JASYPT_ALGO}"/> <property name="password" value ="$A{TEST_JASYPT_PASS}"/> <property name="stringOutputType" value="$A{TEST_JASYPT_STROUT_TYPE}"/> </bean> <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config" ref="encConfig"/> </bean> <bean id="jasyptPropHolder" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref="configurationEncryptor"/> <property name="locations" value="classpath:database.properties"/> <property name="order" value="2"/> <property name="placeholderPrefix" value="$B{"/> </bean>

and when I started my application I saw this same exception upon initialization:

org.jasypt.exceptions.EncryptionInitializationException: java.security.NoSuchAlgorithmException: $A{TEST_JASYPT_ALGO} SecretKeyFactory not available
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.initialize(StandardPBEByteEncryptor.java:708)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.initialize(StandardPBEStringEncryptor.java:553)

Is it ignoring the order of placeholder?

Thanks,
Vincent

Well since you are referencing it with the new prefix I don't know that order would matter for this particular scenario anyway. Nothing is standing out at me as incorrect but lets try something else just to rule out this being the issue. Lets remove the springPropertyHolder as I think you can get by fine with just the one.

remove this place holder

<bean id="springPropertyHolder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="location" value="classpath:jasypt.properties"/> <property name="order" value="1"/> <property name="placeholderPrefix" value="$A{"/> <property name="ignoreUnresolvablePlaceholders" value="true"/> </bean>

and replace your jasyptPropHolder with

<bean id="jasyptPropHolder" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref="configurationEncryptor"/> <property name="locations"> <list> <value>classpath:jasypt.properties</value> <value>classpath:database.properties</value> </list> </property> </bean>

If you are still getting errors even with this please scroll up and down in your console and make sure there are not other exceptions your missing and post the entire stack trace back here. (Of course you will have to put your references back to ${} as well)

Hi Bill,

Sorry it took me a while to reply. I tried your advice, but unfortunately the same exception happened, I posted the whole exception below.

I'm starting to think that before other property placeholders are loaded the decryption of text comes first along with the configurations of it, that's just an assumption based on tests.

application-context.xml

<bean id="encConfig" class="org.jasypt.encryption.pbe.config.SimpleStringPBEConfig" > <property name="algorithm" value="${TEST_JASYPT_ALGO}"/> <property name="password" value ="${TEST_JASYPT_PASS}"/> <property name="stringOutputType" value="${TEST_JASYPT_STROUT_TYPE}"/> </bean> <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config" ref="encConfig"/> </bean> <bean id="jasyptPropHolder" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref="configurationEncryptor"/> <property name="locations"> <list> <value>classpath:jasypt.properties</value> <value>classpat:database.properties</value> </list> </property> </bean> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"> <property name="driverClassName" value="${DB_DRIVER}" /> <property name="url" value="${DB_URL}" /> <property name="username" value="${DB_USER}" /> <property name="password" value="${DB_PWD}" /> </bean>

Whole Exception:

STATUS | wrapper | 2012/07/24 09:38:05 | Launching a JVM...
INFO | jvm 1 | 2012/07/24 09:38:06 | Wrapper (Version 3.2.0) http://wrapper.tanukisoftware.org
INFO | jvm 1 | 2012/07/24 09:38:06 |
INFO | jvm 1 | 2012/07/24 09:38:06 | Jul 24, 2012 9:38:06 AM org.apache.catalina.startup.Catalina load
INFO | jvm 1 | 2012/07/24 09:38:06 | INFO: Initialization processed in 475 ms
INFO | jvm 1 | 2012/07/24 09:38:08 | SLF4J: Class path contains multiple SLF4J bindings.
INFO | jvm 1 | 2012/07/24 09:38:08 | SLF4J: Found binding in [jar:file:/D:/lib/slf4j-jdk14-1.6.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
INFO | jvm 1 | 2012/07/24 09:38:08 | SLF4J: Found binding in [jar:file:/D:/lib/slf4j-simple-1.5.6.jar!/org/slf4j/impl/StaticLoggerBinder.class]
INFO | jvm 1 | 2012/07/24 09:38:08 | SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
INFO | jvm 1 | 2012/07/24 09:38:09 | ERROR [WrapperSimpleAppMain] (ContextLoader.java:227) - Context initialization failed
INFO | jvm 1 | 2012/07/24 09:38:09 | org.jasypt.exceptions.EncryptionInitializationException: java.security.NoSuchAlgorithmException: ${TEST_JASYPT_ALGO} SecretKeyFactory not available
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.initialize(StandardPBEByteEncryptor.java:708)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.initialize(StandardPBEStringEncryptor.java:553)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:705)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.jasypt.properties.PropertyValueEncryptionUtils.decrypt(PropertyValueEncryptionUtils.java:72)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer.convertPropertyValue(EncryptablePropertyPlaceholderConfigurer.java:111)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.beans.factory.config.PropertyResourceConfigurer.convertProperty(PropertyResourceConfigurer.java:112)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.beans.factory.config.PropertyResourceConfigurer.convertProperties(PropertyResourceConfigurer.java:95)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.beans.factory.config.PropertyResourceConfigurer.postProcessBeanFactory(PropertyResourceConfigurer.java:72)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:663)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:638)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:407)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:282)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:204)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4206)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.StandardContext.start(StandardContext.java:4705)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:623)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:941)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:778)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:504)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1322)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.StandardHost.start(StandardHost.java:862)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.StandardService.start(StandardService.java:525)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
INFO | jvm 1 | 2012/07/24 09:38:09 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO | jvm 1 | 2012/07/24 09:38:09 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
INFO | jvm 1 | 2012/07/24 09:38:09 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO | jvm 1 | 2012/07/24 09:38:09 | at java.lang.reflect.Method.invoke(Method.java:601)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
INFO | jvm 1 | 2012/07/24 09:38:09 | at net.covalent.tomcat.wrapper.ThreadDumpWrapper.main(ThreadDumpWrapper.java:74)
INFO | jvm 1 | 2012/07/24 09:38:09 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO | jvm 1 | 2012/07/24 09:38:09 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
INFO | jvm 1 | 2012/07/24 09:38:09 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO | jvm 1 | 2012/07/24 09:38:09 | at java.lang.reflect.Method.invoke(Method.java:601)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:197)
INFO | jvm 1 | 2012/07/24 09:38:09 | at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/07/24 09:38:09 | Caused by: java.security.NoSuchAlgorithmException: ${TEST_JASYPT_ALGO} SecretKeyFactory not available
INFO | jvm 1 | 2012/07/24 09:38:09 | at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:121)
INFO | jvm 1 | 2012/07/24 09:38:09 | at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:159)
INFO | jvm 1 | 2012/07/24 09:38:09 | at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.initialize(StandardPBEByteEncryptor.java:695)
INFO | jvm 1 | 2012/07/24 09:38:09 | ... 44 more

I guess after looking at this again you are passing encConfig (in another object) to the constructor of the placeholder. It looks like what is happening here is the SimpleStringPBEConfig is being instantiated before the placeholder (since it is needed for the constructor) so the values are not being substituted, In light of this I think my last post will not work. That does not really explain why our first attempt did not work though. I think I would set some break points and see what is going on. If I get some time later I might investigate it further but I won't have time tonight.

Hi Bill,

Yeah that's what I noticed when doing tests on this.

I also tried posting questions in Jasypt Forum but unfortunately no one has replied.

http://forum.jasypt.org/Spring-Jasypt-Integration-XML-Config-org-jasypt-exceptions-EncryptionInitializationException-td5706242.html

If I ever fix this I'll post my solution here.

This can't be done they way we were trying. You are going to have to register those 2 variables in a PropetySource and access them with SpEL. See this jira https://jira.springsource.org/browse/SPR-490, particularly the last comment that was made.

Ignore the previous Jira link I posted the wrong wrong one my apologies. Your solution can be found here:
https://jira.springsource.org/browse/SPR-6428

The first link should have been

https://jira.springsource.org/browse/SPR-4902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

you can take a look at that one as well.