1

I am using jasypt 1.9.2 to encrypt a password in a property file for my spring REST service. I've added an environment variable to Weblogic via the Server startup arguments text box called APP_ENCRYTPION_PASSWORD, but that environment variable is not getting read by the jasypt. Here is the error:

ERROR o.s.web.servlet.DispatcherServlet - Context initialization failed
java.lang.NullPointerException: null
    at org .jasypt.encryption.pbe.config.SimplePBEConfig.getPasswordCharArray(SimplePBEConfig.java:434) ~[jasypt-1.9.2.jar:na]

Here is the Weblogic environment variable logged during when the server starts up:

JAVA_OPTIONS= -Dother.vars=xxx -DAPP_ENCRYPTION_PASSWORD=password -Dmore.vars=yyy

I've traced the jasypt code and it seems jasypt does not parse the environment variables within JAVA_OPTIONS. I know this works for other frameworks like spring since we have other environment variables within JAVA_OPTIONS that spring has no issue reading.

I could add the environment variable to the startup scripts (setEnv.sh I think) for weblogic, but that will add the variable for all managed nodes instead of the one cluster my app is deployed to.

Is there a different way to configure jasypt within spring to get the environment variables within JAVA_OPTIONS?

Here is my spring config:

<bean
    class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
    <constructor-arg>
        <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
            <property name="config">
                <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                    <property name="algorithm" value="PBEWithMD5AndTripleDES" />
                    <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
                </bean>
            </property>
        </bean>
    </constructor-arg>
    <property name="location">
        <value>application.properties
        </value>
    </property>
</bean>

My application.properties file contents:

username=someuser
password=ENC(encryptedstring)

UPDATE for clarity: Adding the environment variable to weblogic via setEnv.sh or Eclipse works just fine. It's only when I use the weblogic console to add the environment variable for a cluster that jasypt fails to parse the value since it is within JAVA_OPTIONS.

Chris Kantzer
  • 11
  • 3
  • 1
    This is an old question that is andswered at: http://stackoverflow.com/questions/15340892/how-do-i-use-jasypt-with-springs-autowire There is blog in that answer: http://chrislovecnm.com/2011/06/16/encrypting-spring-3-java-based-configurations-values-with-jasypt/ – devwebcl Aug 24 '16 at 14:59
  • 1
    I found this answer before I posted and it does not solve my problem. My question is specifically about the env variables within weblogic and how the jasypt libs parse those values. – Chris Kantzer Aug 24 '16 at 19:54
  • 1
    are you starting your Managed Server by startup scripts ? that's why you need to add those parameters in JAVA_OPTIONS variable ? if so, then you can create your own startup-script with JAVA_OPTIONS your your jasypt values, and call the WLS scripts. If you are using Node Manager then you can add those values through Admin Console – devwebcl Aug 24 '16 at 20:03
  • 1
    Unfortunately I'm not sure how our weblogic clusters are setup. I'm just a developer, not the admin. I was told by the admin to add the environment variables to our dev environment through the console under the Home >Summary of Deployments >Summary of Environment >Summary of Servers >Server01 location in the Arguments text box. This adds the env var to the JAVA_OPTIONS variable, not as it's own variable. – Chris Kantzer Aug 24 '16 at 20:12

1 Answers1

0

You can use passwordSysPropertyName instead of passwordEnvName. This way you can use -DpasswordSysPropertyName="mysecret"

<bean id="environmentVariablesConfiguration"
    class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
    <property name="algorithm" value="PBEWithMD5AndDES" />
    <property name="passwordSysPropertyName" value="APP_ENCRYPTION_PASSWORD" />
</bean>
Mark
  • 41
  • 1
  • 4