Announcement Announcement Module
No announcement yet.
Converting bean types in a beans definition file Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Converting bean types in a beans definition file

    I am setting up some datasources in my beans definition file. This all works fine. My problem is I do not want the passwords to my databases showing up as clear text in the definition file.

    To get around this I thought I could use some existing encryption routines I have to unencrypt the password from the beans definition file. So to do this I made a java bean called Password that has a property called encryptedPassword. The setter method takes a string and uses my existing decryption routines to store the password internally as clear text. I then set up the Password bean in my bean definitions file and I set the property of the password on the datasource to the Password bean. The problem is the datasource expects the password to be of type String and the Password object is of type Password. Since String is final I can't subclass it.

    So.... How do I go about doing this? Can I use a PropertyEditor some how? If so are there any examples of how to do this? Better yet is there some best practice that I should be following for setting passwords in configuration files? It seems like I must be missing something trivial.


  • #2
    One option would be for you to use PropertyPlaceholderConfigurer to bring in the pass from an external properties files. Then the password would not be stored in the main config file in CVS, but would rather be written to this separate properties file by whoever is deploying the app.

    Alternately, if it is convenient for you to bind objects to JNDI, you could grab it from the JNDI tree with JndiObjectFactoryBean.

    As for the PropertyEditor approach, yes, it would work. Using PropertyEditors with Spring is described here:



    • #3
      You can create a BeanFactory PasswordResolver that implements org.springframework.aop.framework.ProxyFactoryBean and use it as follows:

      import org.springframework.beans.factory.FactoryBean;
      public class PasswordResolver implements FactoryBean
      	private String cryptedPassword;
      	public void setCryptedPassword (String cryptedPassword) { this.cryptedPassword = cryptedPassword; }
      	//implement your algorythm here
      	public Object getObject () throws Exception {
      		return cryptedPassword;
      	public Class getObjectType () {
      		return String.class;
      	public boolean isSingleton () {
      		return true;
        <bean id="passwordResolver" class="PasswordResolver">
          <property name="name"><value>Taha Irbouh</value></property>
          <property name="password">
            <ref local="passwordResolver"/>


      • #4
        You can also use a MethodInvokingFactoryBean to call a method on a bean that will decrypt your password.
        Setting a bean property as the result of a method invocation


        • #5
          Gee. I guess I need to put my glasses on before reading the docs. I don't know how I missed those sections.

          I'm all set now. Thanks guys


          • #6

            An even more flexible approach is something like the following:

            1. Create a general interface for cryption, which can be either
                 public interface Cryptor &#123;
                    String crypt&#40;String value&#41;;
            2. Create a resolver for a value, which takes any Cryptor implementation
                  public class CryptorResolver implements FactoryBean &#123; 
                     private String value; 
                     private Cryptor cryptor;
                     public void setValue&#40;String value&#41; &#123;
                          this.value = value;
                     public void setCryptor&#40;Cryptor cryptor&#41; &#123;
                          this.cryptor = cryptor;
                     public Object getObject &#40;&#41; throws Exception &#123; 
                          return cryptor.crypt&#40;value&#41;; 
                     public Class getObjectType &#40;&#41; &#123; 
                          return String.class; 
                     public boolean isSingleton &#40;&#41; &#123; 
                          return false; 
            3. Create encryptor and decryptor implementations

            public class EncryptorImpl implements Cryptor &#123; ... &#125;
                     public class DecryptorImpl implements Cryptor &#123; ... &#125;
            4. In your beans.xml, define system wide encryptor and decryptor

            <bean id="encryptor" class="EncryptorImpl" isSingleton="true"/>
                     <bean id="decryptor" class="DecryptorImpl" isSingleton="true" />
            5. When you want to decrypt, create an instance of the resolver

            <bean id="passwordDecrypter" class="EncryptionResolver"> 
                       <property name="cryptor"><ref bean="decryptor" /></property>
                       <property name="value"><value>$&#123;epwd&#125;</value></property> 
            This approach is much more generic, and allows your application internally to encrypt decrypt items. This is helpful if you store any passwords in the database, such as for external datasources which
            are not part of the static configuration, and so forth.