Developer System Administrator

How to integrate Jasypt encryption in Jahia

Question

How to use encrypted values in Jahia properties file at platform and module level and have them decrypted on-the-fly when used in Spring beans?

Answer

How to encrypt a value

Here is a simple code to encrypt a value:

String password = "jasypt";
String value = "Jahia confidential value";
StandardPBEStringEncryptor encryptorTest = new StandardPBEStringEncryptor();
encryptorTest.setAlgorithm("PBEWithMD5AndDES");
encryptorTest.setPassword(password);
System.out.println(encryptorTest.encrypt(value)); 

This value needs to be set in the Jahia properties file like that:

confidential.property=ENC(dfsdkQ9FREwRfggdfqhImBGJB82ImcoTf42rn)

Decrypting at platform level

Steps to follow:

  • Integrate the following libraries in TOMCAT_HOME/webapps/ROOT/WEB-INF/lib/ :
    • jasypt-1.9.3.jar
    • jasypt-spring3-1.9.3.jar
  • Add the following content in JAHIA_HOME/digital-factory-config/jahia/applicationcontext-jahiaproperties.xml:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:util="http://www.springframework.org/schema/util"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
    
        <bean id="placeholderConfig" class="org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer">
            <property name="ignoreUnresolvablePlaceholders" value="true"/>
            <property name="ignoreResourceNotFound" value="true" />
            <constructor-arg>
            <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
                <property name="config">
                    <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                        <property name="algorithm" value="PBEWithMD5AndDES" />
                        <!-- <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" /> -->
                        <property name="password" value="jasypt" />
                    </bean>
                </property>
            </bean>
    		</constructor-arg>
    		<property name="properties">
    			<ref bean="jahiaProperties" />
    		</property>
        </bean>
        
        <bean id="pathResolver" class="org.jahia.utils.WebAppPathResolver"/>
    
        <bean name="jahiaProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
            <property name="ignoreResourceNotFound" value="true"/>
            <property name="locations">
                <list>
                    <value>classpath*:org/jahia/defaults/config/properties/jahia*.properties</value>
                    <value>/WEB-INF/etc/config/jahia.properties</value>
                    <value>/WEB-INF/etc/config/jahia.advanced.properties</value>
                    <value>/WEB-INF/etc/config/jahia.node.properties</value>
                    <value>/WEB-INF/etc/config/jahia.custom.properties</value>
                    <value>classpath*:org/jahia/config/jahia*.properties</value>
                    <value>classpath*:jahia/jahia.properties</value>
                    <value>classpath*:jahia/jahia.node.properties</value>
                    <value>classpath*:jahia/jahia*.properties</value>
                    <value>file:${jahia.config}</value>
                </list>
            </property>
            <property name="localOverride" value="true"/>
            <property name="properties" ref="jahiaSystemProperties"/>
        </bean>
    
        <bean id="jahiaSystemProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
            <property name="propertiesArray">
                <list>
                    <bean class="org.jahia.settings.SystemPropertiesFactoryBean">
                        <property name="prefix" value="jahiaConfig."/>
                    </bean>
                    <bean class="org.jahia.settings.EnvironmentVariablesPropertiesFactoryBean">
                        <property name="prefix" value="jahia_cfg_"/>
                    </bean>
                </list>
            </property>
        </bean>
    
        <util:list id="licensesList">
            <!-- we will take the first found license file -->
            <value>file:/${jahia.license}</value>
            <value>classpath*:jahia/license*.xml</value>
            <value>classpath*:org/jahia/config/license*.xml</value>
            <value>WEB-INF/etc/config/license*.xml</value>
        </util:list>
    
        <util:map id="startupOptionsMapping" key-type="java.lang.String" value-type="java.util.Set">
    
            <description>
                The key represents the marker file on the file system,
                whereas the value represents a set of "actions" to be taken on
                startup when such marker file is detected
            </description>
    
            <entry key="#jahia.jackrabbit.home#/index-check" value="index-check"/>
            <entry key="#jahia.jackrabbit.home#/index-fix" value="index-fix"/>
            <entry key="#jahia.jackrabbit.home#/reindex" value="reindex"/>
    
            <entry key="#jahia.data.dir#/disable-mail-service" value="disable-mail-service"/>
            <entry key="#jahia.data.dir#/reset-discovery-info" value="reset-discovery-info"/>
            <entry key="#jahia.data.dir#/rolling-upgrade" value="reset-discovery-info"/>
    
            <entry key="#jahia.data.dir#/backup-restore">
                <set>
                    <value>disable-mail-service</value>
                    <value>reset-discovery-info</value>
                </set>
            </entry>
            <entry key="#jahia.data.dir#/safe-env-clone">
                <set>
                    <value>disable-mail-service</value>
                    <value>reset-discovery-info</value>
                </set>
            </entry>
        </util:map>
    
    </beans>
    

     

Decrypting at module level

Steps to follow:

  • Integrate the following libraries in TOMCAT_HOME/webapps/ROOT/WEB-INF/lib/ :
    • jasypt-1.9.3.jar
    • jasypt-spring3-1.9.3.jar
  • Update your pom.xml so it's similar to this one:
    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
                          http://maven.apache.org/xsd/maven-4.0.0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <parent>
            <artifactId>jahia-modules</artifactId>
            <groupId>org.jahia.modules</groupId>
            <version>8.1.0.0</version>
        </parent>
        <groupId>org.foo.modules</groupId>
        <artifactId>sample</artifactId>
        <name>sample</name>
        <version>1.0.0-SNAPSHOT</version>
        <packaging>bundle</packaging>
        <description>This is the custom module (sample) for running on a Jahia server.</description>
        <properties>
            <import-package>org.jasypt.encryption.*</import-package>
            <require-capability>osgi.extender;filter:="(osgi.extender=org.jahia.bundles.blueprint.extender.config)"</require-capability>
        </properties>
    
        <dependencies>
            <dependency>
                <groupId>org.jasypt</groupId>
                <artifactId>jasypt-spring3</artifactId>
    	        <version>1.9.3</version>
                <scope>provided</scope>
            </dependency>
    	    <dependency>
                <groupId>org.jasypt</groupId>
                <artifactId>jasypt</artifactId>
                <version>1.9.3</version>
                <scope>provided</scope>
            </dependency>
        </dependencies>
        <repositories>
            <repository>
                <id>jahia-public</id>
                <name>Jahia Public Repository</name>
                <url>https://devtools.jahia.com/nexus/content/groups/public</url>
                <releases>
                    <enabled>true</enabled>
                    <updatePolicy>never</updatePolicy>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </repository>
        </repositories>
    
        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.felix</groupId>
                    <artifactId>maven-bundle-plugin</artifactId>
                    <extensions>true</extensions>
                    <configuration>
                        <instructions>
                            <Jahia-Depends>default</Jahia-Depends>
                        </instructions>
                    </configuration>
                </plugin>
            </plugins>
        </build>
    </project>
    

     

  • Add the following bean in the Spring XML of your module
    <bean id="modulePlaceholderConfig"
	    class="org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer">
	     <property name="ignoreUnresolvablePlaceholders" value="true"/>
        <property name="ignoreResourceNotFound" value="true" />
        <constructor-arg>
        <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
            <property name="config">
                <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                    <property name="algorithm" value="PBEWithMD5AndDES" />
                    <!-- <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" /> -->
                    <property name="password" value="jasypt" />
                </bean>
            </property>
        </bean>
                </constructor-arg>
                <property name="properties">
                        <ref bean="jahiaProperties" />
                </property>

    </bean>