I am developing project using Spring3.1 and hibernate4.
Now I want to encrypt the sensitive data like username, password of database from properties file.
Here are the steps which I followed : (ref http://www.jasypt.org/spring31.html)
1.Configuring placeholder :
<bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="locations">
<list>
<value>/WEB-INF/classes/connection.properties</value>
</list>
</property>
<property name="ignoreUnresolvablePlaceholders" value="true"/>
</bean>
2.Configuration for encryptor
<bean id="encryptorConfig" class="org.jasypt.encryption.pbe.config.SimplePBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="password" value="MASTERPASSWORD" />
</bean>
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config" ref="encryptorConfig" />
</bean>
3.Database connection
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${data.driver}"/>
<property name="url" value="${data.url}"/>
<property name="username" value="${data.user}"/>
<property name="password" value="${data.password}"/>
</bean>
4.Generated encrypted values using jasypt by command :
encrypt input="MY_DATABASE_PASSWORD" password="MASTERPASSWORD" algorithm="PBEWithMD5ANDDES"
5.connection.properties file contains
data.user=ENC(VO0A3aXAu71CCgzGFa+nJO/7M/0b5MF2)
data.password=ENC(EogzgPllaXTDm7wq5kRp6uPmkWq6pmDV)
When I run application, I am still getting error as :
org.postgresql.util.PSQLException: FATAL: password authentication failed for user "ENC(VO0A3aXAu71CCgzGFa+nJO/7M/0b5MF2)"
These are the extra jars which I have included for integrating Spring application with jasypt:
commons-dbcp-1.1.jar
commons-lang-2.1.jar
commons-pool-1.2.jar
icu4j-3.4.4.jar
jasypt-1.9.0.jar
jasypt-1.9.0-lite.jar
jasypt-acegisecurity-1.9.0.jar
jasypt-hibernate4-1.9.0.jar
jasypt-spring3-1.9.0.jar
jasypt-spring31-1.9.0.jar
Am I missed any thing or is there any jar compatibility issue ?
Does not look like a missing jar issue.
Jasypt is unable to decrypt the username/password.
With Spring 3.1 i'd suggest the following config:
<encryption:encryptable-property-placeholder encryptor="stringEnc" propertie-ref="dbProperties" ignore-unresolvable="true"/>
<encryption:string-encryptor id="stringEnc" algorithm="PBEWithMD5AndDES" password="MASTERPASSWORD" />
<bean id="dbProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>/WEB-INF/classes/connection.properties</value>
</property>
</bean>
Related
I am using spring 3 but my configuration is xml based in which I am trying to convert my project into annotation based using #configuration annotation.
I am little confused how to add data source entry as #Bean for two below cases
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jdbc/myds" />
</bean>
<bean id="data_source" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="url" value="url1" />
<property name="username" value="user1" />
<property name="password" value="****" />
</bean>
I'm studying Spring MVC and Hibernate. I had no problems handling database connections and queries with Spring mvc (MySql DB).
Now, I'm trying to use Hibernate and I found it intricate:
create a hibernate configuration file, create a class for retrieving SessionFactory, create a xml file for any persistent object etc.
I'm sure there's a simplest way that allow me to do an easy configuration using just:
the Spring xml configuration file
annotation (in persistent object classes)
What iI want to reach is something like the following. I saw a similar code in an example, but now I'm no more able to find it on the internet
xxxx-servlet.xml
<bean id="SessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="com.springgestioneerrori.model" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.connection.autocommit">true</prop>
<prop key="hibernate.show_sql">false</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.use_sql_comments">false</prop>
</props>
</property>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="jdbcUrl" value="jdbc:mysql://localhost:3306/dbName" />
<property name="user" value="root" />
<property name="password" value="root" />
</bean>
In the code above, I suppose, that what it's not correct is my dataSource bean. Does anybody know the way to reach my goal?
Thank everybody!
i think your properties names inside the 'data source' bean should be like the following :
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/dbName" />
<property name="username" value="root" />
<property name="password" value="root" />
so instead of driverClass , it should be driverClassName and so on ..
and please refer to this answer here , it talks about using spring DriverManagerDataSource vs apache BasicDataSource .
Hope that Helps
Everything must be correct, but I'd want to offer you to use *.properties to keep connection configuration to your DB like that
in appContext.xml:
<!-- JDBC DataSource bean -->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}"/>
<property name="url" value="${jdbc.url}"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
</bean>
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:properties/database.properties</value>
</list>
</property>
</bean>
in database.properties:
jdbc.driverClassName = com.mysql.jdbc.Driver
jdbc.schema = schema
jdbc.url = jdbc:mysql://localhost:3306/schema
jdbc.username = root
jdbc.password = password
And what interferes you to use annotations in your classes?
in my applicationcontext.xml i have this :
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/dashboardsupervisor" />
<property name="username" value="root" />
<property name="password" value="1234" />
</bean>
here i am connecting with my database :
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"applicationContext.xml");
MySQLRdbHelper rdbHelper = (MySQLRdbHelper)
ctx.getBean("ManagerSupervisor");
What is want is to NOT read the password "1234" from my applicationcontext.xml
and read it from some properties file in my local drive .
as this will be running on different machines and every one have different passwords.
Can i achieve this .
thanks
Yes, you can, and the key to this is Springs PropertyPlaceholderConfigurer.
For example, you create a file on your file system called database.properties, containing your password (note, that you can also add more settings to this file, like username, JDBC url, etc).
jdbc.password=1234
Next, you need to declare a PropertyPlaceholderConfigurer bean and point it to the database.properties file:
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location">
<value>path/to/database.properties</value>
</property>
</bean>
Note that the path is interpreted as a classpath resource, unless it is prefixed with file:.
Finally, replace the configuration of your dataSource bean: replace
<property name="password" value="1234" />
with
<property name="password" value="${jdbc.password}" />
You could use profiles:
GenericXmlApplicationContext ctx = new GenericXmlApplicationContext();
ctx.getEnvironment().setActiveProfiles("dev1");
ctx.load("*Context.xml");
ctx.refresh();
<bean id="database1" profile="dev1"/>
<bean id="database2" profile="dev2">
The best way is to create the data source in application server and configure as below in application.xml
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName"><value>YourDSName</value></property>
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
.....
</bean>
Tried to follow the pattern on apache dbcp examples, I understand everything except how and where the database properties come from and in which bean they have to be placed in application context.
I used Spring Data Source instead, but as I recall I configured it in hurry and I remember having difficulties with configuring the original dataSource provided by apache dbcp itself. So I happen to have time to face the problem and fulfill the original intent of using PoolingDataSource.
The reason I used Spring implementation is because it provides means of setting up the parameters to connect to database.
http://static.springsource.org/spring/docs/2.0.x/api/org/springframework/jdbc/datasource/DriverManagerDataSource.html
According to http://commons.apache.org/dbcp/apidocs/org/apache/commons/dbcp/PoolingDataSource.html
There are no methods to populate configuration like url or load driver.
I tried to track it through the object pools etc. , but got really lost.
Replying upfront: Yes, I don't want to use apache basicDataSource.
So now I am returning to the problem and can't really understand where to fetch the parameters? Driver? Url? It seems that url, pw and username are set on connection factory. But where to fetch postgresql driver to be loaded?
Please help to complete the configuration.
(using spring for configuration)
<!-- the one I want to use now -->
<bean id="dataSource" class="org.apache.commons.dbcp.PoolingDataSource">
<constructor-arg><ref bean="pool"/></constructor-arg>
</bean>
<!-- the one I used before as a workaround
<bean id="ds" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.postgresql.Driver"/>
<property name="url" value="jdbc:postgresql:postgres"/>
<property name="username" value="magicUserName"/>
<property name="password" value="magicPassword"/>
</bean> -->
<bean id="pool" class="org.apache.commons.pool.impl.GenericObjectPool">
<property name="minEvictableIdleTimeMillis"><value>300000</value </property>
<property name="timeBetweenEvictionRunsMillis"><value>60000</value </property>
</bean>
<bean id="dsConnectionFactory" class="org.apache.commons.dbcp.DataSourceConnectionFactory">
<constructor-arg><ref bean="dataSource"/></constructor-arg>
</bean>
<bean id="poolableConnectionFactory" class="org.apache.commons.dbcp.PoolableConnectionFactory">
<constructor-arg index="0"><ref bean="dsConnectionFactory"/ </constructor-arg>
<constructor-arg index="1"><ref bean="pool"/></constructor-arg>
<constructor-arg index="2"><null/></constructor-arg>
<constructor-arg index="3"><null/></constructor-arg>
<constructor-arg index="4"><value>false</value></constructor-arg>
<constructor-arg index="5"><value>true</value></constructor-arg>
</bean>
<bean id="txManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<tx:annotation-driven transaction-manager="txManager" />
</beans>
I believe we are interested just in the first two, but I included everything just in case.
Seems to be there are many people using workarounds:
http://forum.springsource.org/showthread.php?10772-How-do-I-create-a-org-apache-commons-dbcp-PoolableConnection
You can config as below:
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="url" value="<put database connection url here>" />
<property name="username" value="XXXXXX" />
<property name="password" value="XXXXXXXX" />
<property name="driverClassName" value="<database driver here>" />
</bean>
<bean id="pool" class="org.apache.commons.pool.impl.GenericObjectPool">
<property name="minEvictableIdleTimeMillis"><value>300000</value></property>
<property name="timeBetweenEvictionRunsMillis"><value>60000</value></property>
</bean>
<bean id="dsConnectionFactory" class="org.apache.commons.dbcp.DataSourceConnectionFactory">
<constructor-arg><ref bean="dataSource"/></constructor-arg>
</bean>
<bean id="poolableConnectionFactory" class="org.apache.commons.dbcp.PoolableConnectionFactory">
<constructor-arg index="0"><ref bean="dsConnectionFactory"/></constructor-arg>
<constructor-arg index="1"><ref bean="pool"/></constructor-arg>
<constructor-arg index="2"><null/></constructor-arg>
<constructor-arg index="3"><null/></constructor-arg>
<constructor-arg index="4"><value>false</value></constructor-arg>
<constructor-arg index="5"><value>true</value></constructor-arg>
</bean>
<bean id="pooledDS" class="org.apache.commons.dbcp.PoolingDataSource"
depends-on="poolableConnectionFactory">
<constructor-arg><ref bean="pool"/></constructor-arg>
</bean>
And you can use "pooledDS" (PoolingDataSource) the same any orther DataSource.
Ortherwise, i think you should simply use BacsicDataSource, you still can config number of connections in pool by "initialSize" and "maxActive":
<bean id="basicDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${jdbc.driverClassName}"/>
<property name="url" value="${jdbc.url}"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
<property name="removeAbandoned" value="true"/>
<property name="initialSize" value="10" />
<property name="maxActive" value="50" />
</bean>
I am using Spring, ibatis for ORM. My app-config.xml look like
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://192.168.10.50/lmexdb_v1" />
<property name="username" value="lmexdba" />
<property name="password" value="lmexdba123#" />
</bean>
<bean id="sqlMapClient" class="org.springframework.orm.ibatis.SqlMapClientFactoryBean">
<property name="configLocation"
value="classpath:com/platysgroup/lmex/server/mobile/dao/ibatis/SqlMapConfig.xml" />
</bean>
<bean id="mobileController" class="com.platysgroup.lmex.server.controller.MobileController">
<property name="announcementService" ref="announcementService"></property>
<property name="courseService" ref="courseService"></property>
<property name="userService" ref="userService"></property>
</bean>
and I have my sqlmapconfig.xml file in src/webapp/spring.
But when I run my application on tomcat it show me a exception:
java.io.FileNotFoundException: class path resource [com/platysgroup/lmex/server/mobile/dao/ibatis/SqlMapConfig.xml] cannot be opened because it does not exist
put it in src , and it will be available
if you are using maven project then add it to resource