Thursday, November 27, 2014

Configure encrypted DB password in spring

If still use XML to configure spring container, we have to put password with plain text in the spring configuration file which is not suitable for production env, this article will mix javaconfig with XML configuration file to use encrypted password in the configuration file.

1. add following bean to spring XML configuration file

<!-- be sure to include the JavaConfig bean post-processor -->
    <bean class="org.springframework.config.java.process.ConfigurationPostProcessor"/>

refer to http://docs.spring.io/spring-javaconfig/docs/1.0.0.M4/reference/html/ch06.html

2. specify a @configuration class for post processor

<bean id="txManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="myDataSource" />
<qualifier value="myDS" /> <!-- for multiple datasource -->
</bean>

<tx:annotation-driven transaction-manager="txManager" />
  <!-- this is post processor to retrieve encrypted password and decrypt it -->
<bean class="wx.poc.MyDataSourceConfig" />

3. implement the post processor class to use c3p0

package wx.poc;

import javax.sql.DataSource;
import ..........;

@Configuration
@Import(PropertyPlaceholderConfigurer.class)
public class MyDataSourceConfig
{

    @Value("${jdbc.url}")
    private String databaseUrl;

    @Value("${jdbc.driverClassName}")
    private String driverClass;

    @Value("${jdbc.username}")
    private String user;

    @Value("${jdbc.password}")
    private String password;

    @Value("${c3p0.acqincrement}")
    private int acqIncrement;

    @Value("${c3p0.acqretryattempts}")
    private int acqRetryAttempts;

   // omit other c3p0 settings

    @Bean(name = "myDataSource")
    public DataSource dataSource()
    {
        try
        {
            ComboPooledDataSource ds = new ComboPooledDataSource();
            ds.setJdbcUrl( databaseUrl );
            ds.setDriverClass( driverClass );
            ds.setUser( user );
            ds.setPassword( getDecryptedPassword() );

            // pool settings
            ds.setAcquireIncrement( acqIncrement );
            ds.setAcquireRetryAttempts( acqRetryAttempts );
            // omit other setters.

            return ds;
        }
        catch (Exception e)
        {
         }
    }

    private String getDecryptedPassword()
    {
        // decrypt the configured encrypted password
    }
}

4. property file 

# jdbc configuration
jdbc.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
jdbc.url=jdbc:sqlserver://<server>:<port>;databaseName=<db name>;
jdbc.username=db_username
jdbc.password=<encrypted password>

c3p0.acqincrement=3
c3p0.acqretryattempts=5
// omit other c3p0 properties
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)