Configure encrypted DB password in spring

If still use XML to configure spring container, we have to put password with plain text in the spring configuration file which is not suitable for production env, this article will mix javaconfig with XML configuration file to use encrypted password in the configuration file.

1. add following bean to spring XML configuration file

<!-- be sure to include the JavaConfig bean post-processor -->
    <bean class="org.springframework.config.java.process.ConfigurationPostProcessor"/>

refer to http://docs.spring.io/spring-javaconfig/docs/1.0.0.M4/reference/html/ch06.html

2. specify a @configuration class for post processor

<bean id="txManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="myDataSource" />
<qualifier value="myDS" /> <!-- for multiple datasource -->
</bean>

<tx:annotation-driven transaction-manager="txManager" />
  <!-- this is post processor to retrieve encrypted password and decrypt it -->
<bean class="wx.poc.MyDataSourceConfig" />

3. implement the post processor class to use c3p0

package wx.poc;

import javax.sql.DataSource;
import ..........;

@Configuration
@Import(PropertyPlaceholderConfigurer.class)
public class MyDataSourceConfig
{

    @Value("${jdbc.url}")
    private String databaseUrl;

    @Value("${jdbc.driverClassName}")
    private String driverClass;

    @Value("${jdbc.username}")
    private String user;

    @Value("${jdbc.password}")
    private String password;

    @Value("${c3p0.acqincrement}")
    private int acqIncrement;

    @Value("${c3p0.acqretryattempts}")
    private int acqRetryAttempts;

   // omit other c3p0 settings

    @Bean(name = "myDataSource")
    public DataSource dataSource()
    {
        try
        {
            ComboPooledDataSource ds = new ComboPooledDataSource();
            ds.setJdbcUrl( databaseUrl );
            ds.setDriverClass( driverClass );
            ds.setUser( user );
            ds.setPassword( getDecryptedPassword() );

            // pool settings
            ds.setAcquireIncrement( acqIncrement );
            ds.setAcquireRetryAttempts( acqRetryAttempts );
            // omit other setters.

            return ds;
        }
        catch (Exception e)
        {
         }
    }

    private String getDecryptedPassword()
    {
        // decrypt the configured encrypted password
    }
}

4. property file 

# jdbc configuration

jdbc.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver

jdbc.url=jdbc:sqlserver://<server>:<port>;databaseName=<db name>;

jdbc.username=db_username

jdbc.password=<encrypted password>

c3p0.acqincrement=3

c3p0.acqretryattempts=5

// omit other c3p0 properties

Setup Tectia SSH Server/Client

------
OS: windows XP
Tectia server/client evaluation : download from http://www.ssh.com/index.php/evaluation-downloads.html
------
tectia client installation:
unzip the installation package tectia-client-6.3.0.76-windows-upgrd-eval.zip
run installer file ssh-tectia-client-6.3.0.76-windows.msi with admin permission
select Typical installation until the installation is completed.

The two new icons,'Tectia-SSH Terminal' and 'Tectia-Secur File Transfer', will be shown on the desktop if installation is successful.

------

tectia server installation:

unzip the installation package tectia-server-6.3.0.76-windows-upgrd-eval.zip

double click the installer file ssh-tectia-server-6.3.0.76-windows.msi

select Typical installation until the installation is completed.

reboot computer.

------

make connection to ftp server

double click icon 'Tectia - SSH Terminal' on the desktop

press enter or space key to prompt up 'connect to server' dialogue

input 127.0.0.1 for 'Host Name' and a username for 'User Name'

and select 'Proceed with the connection and save the key for the futuer use.'

key in password for above account.

------

create connection profile:

select menu Profiles - Add Profile...

key in 'TestProfile' for profile name, 127.0.0.1 for host name

click 'Save' button to save above configuration.

click 'Keys and Certificates' menu on the left navigation, 

click 'New Key...' button on tab 'Keys and Certificates'

click 'Next' button

click 'Upload' button to load the pub key generated.

------

test ftp connection:

the command useage:

> sftpg3 <profile name>    

take note profile name is case-sensitive.

------

use GUI to play FTP

double click 'Tectia - Secure File Transfer' icon on the desktop

select 'TestProfile' to make connection.

select menu 'Window' - 'New File Transfer'