I am trying to add encryption in properties file, The content is not getting decrypt
My Spring DSL looks like:
<bean id="jasypt" class="org.apache.camel.component.jasypt.JasyptPropertiesParser">
<property name="password" value="test"/>
<property name="algorithm" value="PBEWithMD5AndDES"/>
</bean>
<!-- define the camel properties component -->
<bean id="properties" class="org.apache.camel.component.properties.PropertiesComponent">
<!-- the properties file is in the classpath -->
<property name="location" value="classpath:my-properties.properties"/>
<!-- and let it leverage the jasypt parser -->
<property name="propertiesParser" ref="jasypt"/>
</bean>
<bean class="org.apache.activemq.ActiveMQConnectionFactory" id="jmsFactory">
<property name="brokerURL" value="tcp://localhost:61616"/>
<property name="userName" value="${jboss.fuse.username}"/>
<property name="password" value="${jboss.fuse.password}"/>
</bean>
my-properties.properties
jboss.fuse.username=ENC(D0hnlLDZfGPiC6DtU+NKog==)
jboss.fuse.password=ENC(D0hnlLDZfGPiC6DtU+NKog==)
Error message : java.lang.SecurityException: User name [ENC(D0hnlLDZfGPiC6DtU+NKog==)] or password is invalid.
PropertiesComponent doesn't work.It should be BridgePropertyPlaceholderConfigurer if you are using Spring DSL
<bean
class="org.apache.camel.spring.spi.BridgePropertyPlaceholderConfigurer" id="bridgePropertyPlaceholder">
<property name="location" value="classpath:my-properties.properties"/>
<property name="parser" ref="jasypt"/>
</bean>
Related
I my web application ,BoneCP DB connection pool configuration as following, it is creating too may DB connection
I need to know what is the default number of DB connection below configuration created
What is the optimal BoneCP configuration( avoiding unwanted connection)
<bean id="appDataSource" class="com.jolbox.bonecp.BoneCPDataSource" destroy-method="close">
<property name="driverClass" value="${database.driverClassName}" />
<property name="jdbcUrl" value="${database.url}" />
<property name="username" value="${database.username}"/>
<property name="password" value="${database.password}"/>
<!--<property name="idleConnectionTestPeriodInMinutes" value="2"/>-->
<property name="maxConnectionsPerPartition" value="15"/>
<property name="minConnectionsPerPartition" value="1"/>
<property name="partitionCount" value="4"/>
<property name="acquireIncrement" value="2"/>
<property name="statementsCacheSize" value="100"/>
<property name="releaseHelperThreads" value="5"/>
</bean>
We are using Jasypt in one of our Spring based project to encrypt our database properties. As per Jasypt documentation we need to make algorith and password (secret) entry in our application context.
<bean id="environmentVariablesConfiguration"
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="passwordEnvName" value="secret" />
</bean>
<bean id="configurationEncryptor"
class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config" ref="environmentVariablesConfiguration" />
</bean>
<bean id="propertyConfigurer"
class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="classpath*:*.properties" />
</bean>
If we do that, any one can easily decrypt our properties by decrypt property provided by Jasypt only. For example
sh decrypt.sh input=pYmd0m1m2nEAGIeTtfdfdfdl/e3W49e password=sdsdfsf algorithm=PBEWithMD5AndDES
So how we can ensure the security of our property files.
I am attempting to go through the Spring Security SAML Quick Start at:
http://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html
I've gone through the four steps listed, done the two simple edits to sample/src/main/webapp/WEB-INF/securityContext.xml, and attempt to start the app as described in step 5.
I receive this error:
Bean property 'signMetadata' is not writable or has an invalid setter method.
Does the parameter type of the setter match the return type of the getter?
I have only changed the few lines of XML as described in the QuickStart.
That section of the relevant file looks like this:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="urn:test:chazlarson:waconia" />
<property name="signMetadata" value="false" />
</bean>
</constructor-arg>
</bean>
compared to the QuickStart's suggestion of:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="replaceWithUniqueIdentifier"/>
<property name="signMetadata" value="false"/>
</bean>
</constructor-arg>
</bean>
What have I missed? I am sure this is simple, but I've gone through this simple process on two different machines with the same result.
Did you try this example?
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="replaceWithUniqueIdentifier"/>
<property name="extendedMetadata">
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="signMetadata" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
</bean>
</property>
</bean>
</constructor-arg></bean>
I looked into MetadataGenerator class and there is no property signMetadata.
I would recommend you to follow this doc
I have been using myBatis with org.apache.commons.dbcp.BasicDataSource as the data source.
for some reason, even under an impossible load, myBatis uses only a few connections from the pool (around 23).
As you can see below my initial size of connections is 50, but some of them just stay idle.
Any ideas what could be causing this?
<bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="#{'jdbc:mysql://' + mysql + ':3306/mydb?autoReconnect=true'}"/>
<property name="username" value="user"/>
<property name="password" value="pass"/>
<property name="validationQuery" value="SELECT 1"/>
<property name="testOnBorrow" value="true"/>
<property name="maxWait" value="5000"/>
<property name="initialSize" value="50"/>
<property name="maxIdle" value="50"/>
<property name="maxActive" value="1000"/>
</bean>
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="myDataSource"/>
<property name="configLocation" value="classpath:mybatisConfiguration.xml"/>
</bean>
I need to do spring security authentication where users whose passwords are stored in LDAP MD5 Hex encoding format using password comparison. For LDAP SHA encoding I can use LDAPShaPasswordEncoder. Which encoder should I use for LDAP MD5 encoding ?
<bean id="ldapAuthenticationProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator">
<constructor-arg ref="contextSource" />
<property name="passwordEncoder">
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
</property>
<property name="userDnPatterns">
<list>
<value>uid={0},ou=people</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=groups" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="ROLE_" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="true" />
</bean>
</constructor-arg>
</bean>
There isn't one that supports MD5. You'd have to implement PasswordEncoder yourself. You can use LdapShaPasswordEncoder as a guide. It should be pretty straightforward, especially without salt involved.
You should probably start looking at migrating to a more secure system which includes salt in the hashes. For example, perhaps your directory can support multiple formats and you can use SSHA for new users or password changes.