Spring Encrypt Values from Properties File

Question

I am currently using a UserDetailsService to get values from a user file:

<bean id="userDetailsService"  class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties" value="users.properties"/>
</bean>

My properties file is meant to be edited by the admin and the username passwords are not encrypted:

bob=bobpassword
alice=alicepassword

Now, since I use a PasswordEncoder in my application, I need to encrypt the passwords and add them to the UserDetails. This can be done somewhere in the code, but is not very handy in my opinion.

I found the PropertyPlaceholderConfigurer with the method convertPropertyValue(String value), which can be overridden.

From what I understand, it should be possible to load the properties file into the PropertyPlaceholderConfigurer, where the properties could be encrypted in the convertPropertyValue method and then loaded by the UserDetailsService. Is that possible to do? If yes, hints would help me, otherwise I'd appreciate to see an alternative solution.

Answer 1

Take a look at Jasypt, it is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

You can see how to configure it with Spring here

As an alternative, you may also implement your own propertyPersister to do the (d)encryption:

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <property name="locations">
        <value>classpath:com/foo/jdbc.properties</value>
    </property>
    <property name="propertiesPersister">
        <bean class="com.mycompany.MyPropertyPersister" />
    </property>        
</bean>

Take a look at the example here

Answer 2

Similar to what you expect can be found in http://kayalvizhiameen.blogspot.in/2014/04/handling-obfuscated-property-values-in.html