Unable to encrypt username/password from properties file using jasypt

1
votes

I am developing project using Spring3.1 and hibernate4.

Now I want to encrypt the sensitive data like username, password of database from properties file.

Here are the steps which I followed : (ref http://www.jasypt.org/spring31.html)

1.Configuring placeholder :

<bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
    <constructor-arg ref="configurationEncryptor" />
    <property name="locations">
      <list>
          <value>/WEB-INF/classes/connection.properties</value>
      </list>
   </property> 
   <property name="ignoreUnresolvablePlaceholders" value="true"/>
</bean>

2.Configuration for encryptor

<bean id="encryptorConfig" class="org.jasypt.encryption.pbe.config.SimplePBEConfig">
    <property name="algorithm" value="PBEWithMD5AndDES" />
    <property name="password" value="MASTERPASSWORD" />
 </bean>
  <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
    <property name="config" ref="encryptorConfig" />
</bean>

3.Database connection

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"  destroy-method="close"> 
    <property name="driverClassName" value="${data.driver}"/>
    <property name="url" value="${data.url}"/>
    <property name="username" value="${data.user}"/>
    <property name="password" value="${data.password}"/>
</bean>

4.Generated encrypted values using jasypt by command : 

encrypt input="MY_DATABASE_PASSWORD" password="MASTERPASSWORD" algorithm="PBEWithMD5ANDDES"

5.connection.properties file contains

data.user=ENC(VO0A3aXAu71CCgzGFa+nJO/7M/0b5MF2)
data.password=ENC(EogzgPllaXTDm7wq5kRp6uPmkWq6pmDV)

When I run application, I am still getting error as :

org.postgresql.util.PSQLException: FATAL: password authentication failed for user "ENC(VO0A3aXAu71CCgzGFa+nJO/7M/0b5MF2)"

These are the extra jars which I have included for integrating Spring application with jasypt:

commons-dbcp-1.1.jar

commons-lang-2.1.jar

commons-pool-1.2.jar

icu4j-3.4.4.jar

jasypt-1.9.0.jar

jasypt-1.9.0-lite.jar

jasypt-acegisecurity-1.9.0.jar

jasypt-hibernate4-1.9.0.jar

jasypt-spring3-1.9.0.jar

jasypt-spring31-1.9.0.jar

Am I missed any thing or is there any jar compatibility issue ?

1
javaspringhibernatejasypt

1 Answers

1
votes

Does not look like a missing jar issue. Jasypt is unable to decrypt the username/password. With Spring 3.1 i'd suggest the following config:

<encryption:encryptable-property-placeholder encryptor="stringEnc" propertie-ref="dbProperties" ignore-unresolvable="true"/>
<encryption:string-encryptor id="stringEnc" algorithm="PBEWithMD5AndDES" password="MASTERPASSWORD" />

<bean id="dbProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
 <value>/WEB-INF/classes/connection.properties</value>
</property>
</bean>