Announcement Announcement Module
Collapse
No announcement yet.
Converting bean types in a beans definition file Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Converting bean types in a beans definition file

    I am setting up some datasources in my beans definition file. This all works fine. My problem is I do not want the passwords to my databases showing up as clear text in the definition file.

    To get around this I thought I could use some existing encryption routines I have to unencrypt the password from the beans definition file. So to do this I made a java bean called Password that has a property called encryptedPassword. The setter method takes a string and uses my existing decryption routines to store the password internally as clear text. I then set up the Password bean in my bean definitions file and I set the property of the password on the datasource to the Password bean. The problem is the datasource expects the password to be of type String and the Password object is of type Password. Since String is final I can't subclass it.

    So.... How do I go about doing this? Can I use a PropertyEditor some how? If so are there any examples of how to do this? Better yet is there some best practice that I should be following for setting passwords in configuration files? It seems like I must be missing something trivial.

    Thanks

  • #2
    One option would be for you to use PropertyPlaceholderConfigurer to bring in the pass from an external properties files. Then the password would not be stored in the main config file in CVS, but would rather be written to this separate properties file by whoever is deploying the app.

    Alternately, if it is convenient for you to bind objects to JNDI, you could grab it from the JNDI tree with JndiObjectFactoryBean.

    As for the PropertyEditor approach, yes, it would work. Using PropertyEditors with Spring is described here:

    http://www.springframework.org/docs/...-customeditors
    http://www.springframework.org/docs/...alidation.html

    Regards,

    Comment


    • #3
      You can create a BeanFactory PasswordResolver that implements org.springframework.aop.framework.ProxyFactoryBean and use it as follows:

      1.PasswordResolver:
      Code:
      import org.springframework.beans.factory.FactoryBean;
      
      public class PasswordResolver implements FactoryBean
      {
      	private String cryptedPassword;
      
      	public void setCryptedPassword (String cryptedPassword) { this.cryptedPassword = cryptedPassword; }
      
      	//implement your algorythm here
      	public Object getObject () throws Exception {
      		return cryptedPassword;
      	}
      
      	public Class getObjectType () {
      		return String.class;
      	}
      
      	public boolean isSingleton () {
      		return true;
      	}
      }
      1.applicationContext.xml:
      Code:
        ...
        <bean id="passwordResolver" class="PasswordResolver">
          <property name="name"><value>Taha Irbouh</value></property>
        </bean>
        ...
          <property name="password">
            <ref local="passwordResolver"/>
          </property>
        ...
      HTH

      Comment


      • #4
        You can also use a MethodInvokingFactoryBean to call a method on a bean that will decrypt your password.
        Setting a bean property as the result of a method invocation

        Comment


        • #5
          Gee. I guess I need to put my glasses on before reading the docs. I don't know how I missed those sections.

          I'm all set now. Thanks guys

          Comment


          • #6
            Encryptors/Decryptors

            An even more flexible approach is something like the following:

            1. Create a general interface for cryption, which can be either
            direction
            Code:
                 public interface Cryptor &#123;
                    String crypt&#40;String value&#41;;
                 &#125;
            2. Create a resolver for a value, which takes any Cryptor implementation
            Code:
                  public class CryptorResolver implements FactoryBean &#123; 
                     private String value; 
                     private Cryptor cryptor;
            
                     public void setValue&#40;String value&#41; &#123;
                          this.value = value;
                     &#125; 
               
                     public void setCryptor&#40;Cryptor cryptor&#41; &#123;
                          this.cryptor = cryptor;
                     &#125;
            
                     public Object getObject &#40;&#41; throws Exception &#123; 
                          return cryptor.crypt&#40;value&#41;; 
                     &#125; 
            
                     public Class getObjectType &#40;&#41; &#123; 
                          return String.class; 
                     &#125; 
            
                     public boolean isSingleton &#40;&#41; &#123; 
                          return false; 
                     &#125; 
                 &#125;
            3. Create encryptor and decryptor implementations

            Code:
            public class EncryptorImpl implements Cryptor &#123; ... &#125;
             
                     public class DecryptorImpl implements Cryptor &#123; ... &#125;
            4. In your beans.xml, define system wide encryptor and decryptor

            Code:
            <bean id="encryptor" class="EncryptorImpl" isSingleton="true"/>
             
                     <bean id="decryptor" class="DecryptorImpl" isSingleton="true" />
            5. When you want to decrypt, create an instance of the resolver

            Code:
            <bean id="passwordDecrypter" class="EncryptionResolver"> 
                       <property name="cryptor"><ref bean="decryptor" /></property>
                       <property name="value"><value>$&#123;epwd&#125;</value></property> 
                     </bean>
            This approach is much more generic, and allows your application internally to encrypt decrypt items. This is helpful if you store any passwords in the database, such as for external datasources which
            are not part of the static configuration, and so forth.

            Comment

            Working...
            X