-1

I'm working on a springboot application which has security.xml used by AuthFilter[Org level authentication filter]. This xml looks in passwords.properties for username, password, etc. Sharing sample ex below.

security.xml -

<api-username>${api.username}</api-username>

passwords.properties -

api.username=abc

This works fine if the values are hardcoded in passwords.properties. But if I have to pass the values from env vars, property substitution isn't happening.

passwords.properties :

api.username=$${api.username}

env vars :

api.username=abc

I'm stuck here. Could someone let me know a way to achieve this.

I added below in my application.properties to make spring understand that the passwords.properties is a config file.

spring.config.import=classpath:passwords.properties

making this change too didn't help

=================

Update

Looks like this XML is read during servlet initialization. Will property substitution work in this case?

=================

Varad raikar
  • 1
  • 1
  • Why should it work? Resolving parameters needs to be backed into the component/configuration itself. If that doesn't support it, like it appears to be, it won't work. I suspect it just loads `password.properties` without even consulting it through Spring. – M. Deinum Nov 15 '22 at 07:56

2 Answers2

0

correct this props: api.username=${api.username}

run : java -jar your-jar-file --api.username=your-value

Ngo Tuoc
  • 71
  • 4
0

thanks for your inputs

I learned that the properties file is read during servlet initialization and hence there is no way substitution can be done. The secrets should be either hardcoded or use functionality provided by Vault {in my case}. Vault can create passwords.properties file on the fly using secrets stored inside Vault.

Varad raikar
  • 1
  • 1