encrypt password with c3p0

**tdelesio** · Nov 29th, 2010, 03:22 PM

We have a requirement for all clear text passwords to be encrypted in the context.xml file. Has anyone done this with c3p0? I found an example on how to do it with dbcp but we are using c3p0 in our app.

http://stackoverflow.com/questions/1...-resource-defi

I know you can not extend ComboPooledDataSource as it is final but is there another way?

**shoaibrazakhan** · Dec 31st, 2012, 04:24 AM

Hi,

I'm facing the same issue. I'm trying to encrypt the password by overriding ComboPooledDataSource so that i can read it from a property file where its encrypted.

Kindly suggest if you have a solution for the same.

Originally Posted by tdelesio

We have a requirement for all clear text passwords to be encrypted in the context.xml file. Has anyone done this with c3p0? I found an example on how to do it with dbcp but we are using c3p0 in our app.

http://stackoverflow.com/questions/1...-resource-defi

I know you can not extend ComboPooledDataSource as it is final but is there another way?

**tdelesio** · Jan 2nd, 2013, 02:45 PM

Originally Posted by shoaibrazakhan

Hi,

I'm facing the same issue. I'm trying to encrypt the password by overriding ComboPooledDataSource so that i can read it from a property file where its encrypted.

Kindly suggest if you have a solution for the same.

I wrapped the c3p0 datasource with my own encrypted one.

Code:

public class EncryptedDataSource implements PooledDataSource, Serializable, Referenceable {



	private ComboPooledDataSource dataSource;

private String decrypt(String encrypted) {
		try {
			Cipher cipher = Cipher.getInstance(EncryptionConstants.algorithm);
			cipher.init(Cipher.DECRYPT_MODE, EncryptionConstants.key);
			return new String(cipher.doFinal(Base64.decodeBase64(encrypted)));
		}
		catch(Exception e) {
			e.printStackTrace();
			return null;
		}
	}
	
	public void setUser(String user) {
		dataSource.setUser(decrypt(user));
	}
	
	public void setPassword(String password) {
		dataSource.setPassword(decrypt(password));
	}
.....

Code:

<Resource  
		acquireIncrement="5" 
		auth="Container" 
		scope="Shareable" 
		name="jdbc/com/iDB" 
		type="com.ecom.framework.EncryptedDataSource" 
		driverClass="com.ibm.db2.jcc.DB2Driver" 
		factory="org.apache.naming.factory.BeanFactory" 
		jdbcUrl="jdbc:db2://qual:60000/db"
		maxIdleTime="10" initialPoolSize="5" maxPoolSize="20" minPoolSize="5" 
		user="encrypted-user"
		password="encrypted-pass" 		
	/>

**saltnlight5** · Jan 2nd, 2013, 11:56 AM

You can try define your c3p0 pool as Spring bean and set the password as encrypted value using the "${/decrypt/blah}" format, then in the same xml context file, you can define your own custom "org.springframework.beans.factory.config.Property PlaceholderConfigurer#convertPropertyValue" to check for "/decrypt/" prefix and decrypt "blah" value. Basically you are translating a encrypted "blah" value into an decrypted value for Spring to inject when creating your c3p0 pool instance.

Thread: encrypt password with c3p0

Thread Tools

Display

Hybrid View

encrypt password with c3p0

Did you find the solution to extend ComboPooledDataSource

Tags for this Thread

Posting Permissions