3

I am currently using a UserDetailsService to get values from a user file:

<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <property name="userProperties" value="users.properties"/> </bean>

My properties file is meant to be edited by the admin and the username passwords are not encrypted:

bob=bobpassword alice=alicepassword

Now, since I use a PasswordEncoder in my application, I need to encrypt the passwords and add them to the UserDetails. This can be done somewhere in the code, but is not very handy in my opinion.

I found the PropertyPlaceholderConfigurer with the method convertPropertyValue(String value), which can be overridden.

From what I understand, it should be possible to load the properties file into the PropertyPlaceholderConfigurer, where the properties could be encrypted in the convertPropertyValue method and then loaded by the UserDetailsService. Is that possible to do? If yes, hints would help me, otherwise I'd appreciate to see an alternative solution.

Improve this question

2 Answers 2

Reset to default
2

Take a look at Jasypt, it is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

You can see how to configure it with Spring here

As an alternative, you may also implement your own propertyPersister to do the (d)encryption:

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <value>classpath:com/foo/jdbc.properties</value> </property> <property name="propertiesPersister"> <bean class="com.mycompany.MyPropertyPersister" /> </property> </bean>

Take a look at the example here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Similar to what you expect can be found in http://kayalvizhiameen.blogspot.in/2014/04/handling-obfuscated-property-values-in.html

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.