Developer
System Administrator
Jahia 8
How to integrate Jasypt encryption in Jahia
Question
How to use encrypted values in Jahia properties file at platform and module level and have them decrypted on-the-fly when used in Spring beans?
Answer
How to encrypt a value
Here is a simple code to encrypt a value:
String password = "jasypt";
String value = "Jahia confidential value";
StandardPBEStringEncryptor encryptorTest = new StandardPBEStringEncryptor();
encryptorTest.setAlgorithm("PBEWithMD5AndDES");
encryptorTest.setPassword(password);
System.out.println(encryptorTest.encrypt(value));
This value needs to be set in the Jahia properties file like that:
confidential.property=ENC(dfsdkQ9FREwRfggdfqhImBGJB82ImcoTf42rn)
Decrypting at platform level
Steps to follow:
- Integrate the following libraries in TOMCAT_HOME/webapps/ROOT/WEB-INF/lib/ :
- jasypt-1.9.3.jar
- jasypt-spring3-1.9.3.jar
- Add the following content in JAHIA_HOME/digital-factory-config/jahia/applicationcontext-jahiaproperties.xml:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd"> <bean id="placeholderConfig" class="org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer"> <property name="ignoreUnresolvablePlaceholders" value="true"/> <property name="ignoreResourceNotFound" value="true" /> <constructor-arg> <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config"> <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithMD5AndDES" /> <!-- <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" /> --> <property name="password" value="jasypt" /> </bean> </property> </bean> </constructor-arg> <property name="properties"> <ref bean="jahiaProperties" /> </property> </bean> <bean id="pathResolver" class="org.jahia.utils.WebAppPathResolver"/> <bean name="jahiaProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="ignoreResourceNotFound" value="true"/> <property name="locations"> <list> <value>classpath*:org/jahia/defaults/config/properties/jahia*.properties</value> <value>/WEB-INF/etc/config/jahia.properties</value> <value>/WEB-INF/etc/config/jahia.advanced.properties</value> <value>/WEB-INF/etc/config/jahia.node.properties</value> <value>/WEB-INF/etc/config/jahia.custom.properties</value> <value>classpath*:org/jahia/config/jahia*.properties</value> <value>classpath*:jahia/jahia.properties</value> <value>classpath*:jahia/jahia.node.properties</value> <value>classpath*:jahia/jahia*.properties</value> <value>file:${jahia.config}</value> </list> </property> <property name="localOverride" value="true"/> <property name="properties" ref="jahiaSystemProperties"/> </bean> <bean id="jahiaSystemProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="propertiesArray"> <list> <bean class="org.jahia.settings.SystemPropertiesFactoryBean"> <property name="prefix" value="jahiaConfig."/> </bean> <bean class="org.jahia.settings.EnvironmentVariablesPropertiesFactoryBean"> <property name="prefix" value="jahia_cfg_"/> </bean> </list> </property> </bean> <util:list id="licensesList"> <!-- we will take the first found license file --> <value>file:/${jahia.license}</value> <value>classpath*:jahia/license*.xml</value> <value>classpath*:org/jahia/config/license*.xml</value> <value>WEB-INF/etc/config/license*.xml</value> </util:list> <util:map id="startupOptionsMapping" key-type="java.lang.String" value-type="java.util.Set"> <description> The key represents the marker file on the file system, whereas the value represents a set of "actions" to be taken on startup when such marker file is detected </description> <entry key="#jahia.jackrabbit.home#/index-check" value="index-check"/> <entry key="#jahia.jackrabbit.home#/index-fix" value="index-fix"/> <entry key="#jahia.jackrabbit.home#/reindex" value="reindex"/> <entry key="#jahia.data.dir#/disable-mail-service" value="disable-mail-service"/> <entry key="#jahia.data.dir#/reset-discovery-info" value="reset-discovery-info"/> <entry key="#jahia.data.dir#/rolling-upgrade" value="reset-discovery-info"/> <entry key="#jahia.data.dir#/backup-restore"> <set> <value>disable-mail-service</value> <value>reset-discovery-info</value> </set> </entry> <entry key="#jahia.data.dir#/safe-env-clone"> <set> <value>disable-mail-service</value> <value>reset-discovery-info</value> </set> </entry> </util:map> </beans>
Decrypting at module level
Steps to follow:
- Integrate the following libraries in TOMCAT_HOME/webapps/ROOT/WEB-INF/lib/ :
- jasypt-1.9.3.jar
- jasypt-spring3-1.9.3.jar
- Update your pom.xml so it's similar to this one:
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <artifactId>jahia-modules</artifactId> <groupId>org.jahia.modules</groupId> <version>8.1.0.0</version> </parent> <groupId>org.foo.modules</groupId> <artifactId>sample</artifactId> <name>sample</name> <version>1.0.0-SNAPSHOT</version> <packaging>bundle</packaging> <description>This is the custom module (sample) for running on a Jahia server.</description> <properties> <import-package>org.jasypt.encryption.*</import-package> <require-capability>osgi.extender;filter:="(osgi.extender=org.jahia.bundles.blueprint.extender.config)"</require-capability> </properties> <dependencies> <dependency> <groupId>org.jasypt</groupId> <artifactId>jasypt-spring3</artifactId> <version>1.9.3</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.jasypt</groupId> <artifactId>jasypt</artifactId> <version>1.9.3</version> <scope>provided</scope> </dependency> </dependencies> <repositories> <repository> <id>jahia-public</id> <name>Jahia Public Repository</name> <url>https://devtools.jahia.com/nexus/content/groups/public</url> <releases> <enabled>true</enabled> <updatePolicy>never</updatePolicy> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories> <build> <plugins> <plugin> <groupId>org.apache.felix</groupId> <artifactId>maven-bundle-plugin</artifactId> <extensions>true</extensions> <configuration> <instructions> <Jahia-Depends>default</Jahia-Depends> </instructions> </configuration> </plugin> </plugins> </build> </project> - Add the following bean in the Spring XML of your module
<bean id="modulePlaceholderConfig"
class="org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer">
<property name="ignoreUnresolvablePlaceholders" value="true"/>
<property name="ignoreResourceNotFound" value="true" />
<constructor-arg>
<bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config">
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<!-- <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" /> -->
<property name="password" value="jasypt" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="properties">
<ref bean="jahiaProperties" />
</property>
</bean>