0

My application is merely to startup an ActiveMQ broker.

I want to use XML-based configuration in Spring Boot, to make use of the XML configuration for ActiveMQ broker (referenced here).

I'm using jasypt-spring-boot-starter for my encryption needs, but it seems that the encrypted values for my passwords are not being decrypted when the XML configuration is being initialised.

No errors during startup. Just that when I try to access the broker using admin/user it will fail with error "User name [user] or password is invalid."

Main Spring Boot App Class

@Configuration
@ComponentScan
@EnableAutoConfiguration
@SpringBootApplication
@RestController
@ImportResource({"classpath:activemq.xml"})
public class Application {
    public static void main(String[] args) throws Exception {
        SpringApplication.run(Application.class, args);
    }
}

Excerpt from Broker Config (activemq.xml)

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:amq="http://activemq.apache.org/schema/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://activemq.apache.org/schema/core 
    http://activemq.apache.org/schema/core/activemq-core.xsd">

    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="${activemq.broker.name}" dataDirectory="${activemq.broker.data}">

    <plugins>
        <runtimeConfigurationPlugin checkPeriod="1000" />

        <simpleAuthenticationPlugin>
                <users>
                <authenticationUser username="admin" password="${activemq.broker.admin.password}" groups="users,admins" />
                <authenticationUser username="user" password="${activemq.broker.user.password}" groups="users" />
                <authenticationUser username="guest" password="${activemq.broker.guest.password}" groups="guests" />
            </users>
        </simpleAuthenticationPlugin>
    </plugins>

...more

application.properties

jasypt.encryptor.password=thisisnotapassword
jasypt.encryptor.algorithm=PBEWITHMD5ANDTRIPLEDES
activemq.broker.admin.password=ENC(OZRghRNXYpRiiw18KD7P6Uf2Y7fOieI7)
activemq.broker.user.password=ENC(yOiHeJlh6Z+VRVmSZe//Yw==)
activemq.broker.guest.password=guest

One thing I noticed from the startup logs is that activemq.xml gets loaded before jasypt related logs appear

Loading XML bean definitions from class path resource [activemq.xml]
...some logs
String Encryptor custom Bean not found with name 'jasyptStringEncryptor'. Initializing Default String Encryptor
acys
  • 73
  • 1
  • 4
  • Why would one use xml configuration in Spring Boot? – xenteros Jul 31 '17 at 11:27
  • As mentioned, this is to make use of the XML configuration for ActiveMQ broker. There is no need to modify the application, except for configuration (xml/properties). – acys Jul 31 '17 at 11:39
  • The problem is the fact that you use XML *with namespace support*. The actual resolving of the placeholders is now done through the namespace and not the regular Spring mechanisms. Due to this it will be invoked before Spring Boot had a change to decode the property. – M. Deinum Jul 31 '17 at 11:42
  • Is there a way not to use namespace support? – acys Jul 31 '17 at 13:30
  • @acys did you get any solution for this? – codeomnitrix Apr 09 '18 at 08:32

1 Answers1

0

This can be solved by using a custom environment, as described in https://github.com/ulisesbocchio/jasypt-spring-boot:

    new SpringApplicationBuilder()
            .environment(new StandardEncryptableEnvironment())
            .sources(Application.class).run(args);

From the README.md:

This method is useful for early access of encrypted properties on bootstrap. While not required in most scenarios could be useful when customizing Spring Boot's init behavior or integrating with certain capabilities that are configured very early, such as Logging configuration.

user3639230
  • 1