0

I'm using jasypt-1.9.2.jar in a spring 4.1.1 web application.

I have the necessity to encrypt both dates and strings in the database.

I enter the global password at runtime trough a web form. The process works well for strings but when I try to read/write a date, I get the exception:

org.jasypt.exceptions.EncryptionInitializationException: Password not set for Password Based Encryptor

my package-info.class is in the same package as the entity beans involved:

/**
 * Declaring system wide encrypted DataBase columns
 */
@TypeDefs({
    @TypeDef(
        name="encryptedString",
        typeClass = EncryptedStringType.class,
        parameters = {
            @Parameter(name="encryptorRegisteredName", value="strongHibernateStringEncryptor")
        }
    ),
    @TypeDef(
        name="encryptedDate",
        typeClass = EncryptedDateAsStringType.class,
        parameters = {
            @Parameter(name="encryptorRegisteredName", value="strongHibernateStringEncryptor")
        }
    )
})

@FilterDefs({
    @FilterDef(name = "filterIgnoreCancelled", defaultCondition = "billing_status != :billing_status_param", parameters = { @ParamDef(name = "billing_status_param", type = "string") })
})

package com.synaptic.db.beans;
import org.hibernate.annotations.FilterDef;
import org.hibernate.annotations.FilterDefs;
import org.hibernate.annotations.ParamDef;
import org.hibernate.annotations.Parameter;
import org.hibernate.annotations.TypeDef;
import org.hibernate.annotations.TypeDefs;
import org.jasypt.hibernate4.type.EncryptedDateAsStringType;
import org.jasypt.hibernate4.type.EncryptedStringType;

I declare the encrypted field with the annotation: @Type(type="encryptedDate") or @Type(type="encryptedString")

Any idea of what am I doing wrong? it works perfectly for strings but I get the exception for dates.

malavock
  • 341
  • 1
  • 5
  • 21

1 Answers1

0

After endless debugging the source of the problem ended to be the HibernatePBEStringEncryptor initialization.

In my code I used this lines to initialize the encryptor:

spring-beans.xml

<bean id="hibernateStringEncryptor" class="org.jasypt.hibernate4.encryptor.HibernatePBEStringEncryptor">
    <property name="registeredName" value="strongHibernateStringEncryptor" />
    <!-- <property name="encryptor" ref="strongEncryptor" /> -->
</bean>

initialization class:

@Autowired
public GlobalPasswordManagerImpl(HibernatePBEStringEncryptor hibernateStringEncryptor,...
    this.strongEncryptor = createNewEncryptor();

    this.hibernateStringEncryptor = hibernateStringEncryptor;
    this.hibernateStringEncryptor.setEncryptor(this.strongEncryptor);

But HibernatePBEStringEncryptor already creates its own StandardPBEStringEncryptor, so I ended up overwriting the existing one.

For some reasons I can't explain some of my entities ended up with the original encryptor instead of the one I created, and as the original was never properly initialized it throw the exceptions.

The correct code, that fixes the error, is:

this.strongEncryptor = hibernateStringEncryptor.getEncryptor();
malavock
  • 341
  • 1
  • 5
  • 21