Converting bean types in a beans definition file

**davidcnoel** · Aug 24th, 2004, 11:26 AM

I am setting up some datasources in my beans definition file. This all works fine. My problem is I do not want the passwords to my databases showing up as clear text in the definition file.

To get around this I thought I could use some existing encryption routines I have to unencrypt the password from the beans definition file. So to do this I made a java bean called Password that has a property called encryptedPassword. The setter method takes a string and uses my existing decryption routines to store the password internally as clear text. I then set up the Password bean in my bean definitions file and I set the property of the password on the datasource to the Password bean. The problem is the datasource expects the password to be of type String and the Password object is of type Password. Since String is final I can't subclass it.

So.... How do I go about doing this? Can I use a PropertyEditor some how? If so are there any examples of how to do this? Better yet is there some best practice that I should be following for setting passwords in configuration files? It seems like I must be missing something trivial.

Thanks

**Colin Sampaleanu** · Aug 24th, 2004, 01:06 PM

One option would be for you to use PropertyPlaceholderConfigurer to bring in the pass from an external properties files. Then the password would not be stored in the main config file in CVS, but would rather be written to this separate properties file by whoever is deploying the app.

Alternately, if it is convenient for you to bind objects to JNDI, you could grab it from the JNDI tree with JndiObjectFactoryBean.

As for the PropertyEditor approach, yes, it would work. Using PropertyEditors with Spring is described here:

http://www.springframework.org/docs/...-customeditors
http://www.springframework.org/docs/...alidation.html

Regards,

**irbouho** · Aug 24th, 2004, 01:58 PM

You can create a BeanFactory PasswordResolver that implements org.springframework.aop.framework.ProxyFactoryBean and use it as follows:

1.PasswordResolver:

Code:

import org.springframework.beans.factory.FactoryBean;

public class PasswordResolver implements FactoryBean
&#123;
	private String cryptedPassword;

	public void setCryptedPassword &#40;String cryptedPassword&#41; &#123; this.cryptedPassword = cryptedPassword; &#125;

	//implement your algorythm here
	public Object getObject &#40;&#41; throws Exception &#123;
		return cryptedPassword;
	&#125;

	public Class getObjectType &#40;&#41; &#123;
		return String.class;
	&#125;

	public boolean isSingleton &#40;&#41; &#123;
		return true;
	&#125;
&#125;

1.applicationContext.xml:

Code:

  ...
  <bean id="passwordResolver" class="PasswordResolver">
    <property name="name"><value>Taha Irbouh</value></property>
  </bean>
  ...
    <property name="password">
      <ref local="passwordResolver"/>
    </property>
  ...

HTH

**irbouho** · Aug 24th, 2004, 02:11 PM

You can also use a MethodInvokingFactoryBean to call a method on a bean that will decrypt your password.
Setting a bean property as the result of a method invocation

**davidcnoel** · Aug 24th, 2004, 02:32 PM

Gee. I guess I need to put my glasses on before reading the docs. I don't know how I missed those sections.

I'm all set now. Thanks guys

**mattinger** · Oct 11th, 2004, 10:46 AM

An even more flexible approach is something like the following:

1. Create a general interface for cryption, which can be either
direction

Code:

     public interface Cryptor &#123;
        String crypt&#40;String value&#41;;
     &#125;

2. Create a resolver for a value, which takes any Cryptor implementation

Code:

      public class CryptorResolver implements FactoryBean &#123; 
         private String value; 
         private Cryptor cryptor;

         public void setValue&#40;String value&#41; &#123;
              this.value = value;
         &#125; 
   
         public void setCryptor&#40;Cryptor cryptor&#41; &#123;
              this.cryptor = cryptor;
         &#125;

         public Object getObject &#40;&#41; throws Exception &#123; 
              return cryptor.crypt&#40;value&#41;; 
         &#125; 

         public Class getObjectType &#40;&#41; &#123; 
              return String.class; 
         &#125; 

         public boolean isSingleton &#40;&#41; &#123; 
              return false; 
         &#125; 
     &#125;

3. Create encryptor and decryptor implementations

Code:

public class EncryptorImpl implements Cryptor &#123; ... &#125;
 
         public class DecryptorImpl implements Cryptor &#123; ... &#125;

4. In your beans.xml, define system wide encryptor and decryptor

Code:

<bean id="encryptor" class="EncryptorImpl" isSingleton="true"/>
 
         <bean id="decryptor" class="DecryptorImpl" isSingleton="true" />

5. When you want to decrypt, create an instance of the resolver

Code:

<bean id="passwordDecrypter" class="EncryptionResolver"> 
           <property name="cryptor"><ref bean="decryptor" /></property>
           <property name="value"><value>$&#123;epwd&#125;</value></property> 
         </bean>

This approach is much more generic, and allows your application internally to encrypt decrypt items. This is helpful if you store any passwords in the database, such as for external datasources which
are not part of the static configuration, and so forth.

Thread: Converting bean types in a beans definition file

Thread Tools

Display

Converting bean types in a beans definition file

Encryptors/Decryptors

Similar Threads

Order of Bean definitions matters?

Spring container fails with no exception

EHCaching Hibernate

could not satisfy dependencies

Exceptions while creating application and service beans

Posting Permissions