When you develop an application relying on a container for its awesome features you often hit the fact you use several code bases to do the same thing. In the context of this post it will be the ciphering of the passwords in the configuration:
- TomEE does it using
- DeltaSpike does it using
So finally you end up having to maintain two ciphering solutions which makes hard to production teams to maintain the configuration without developpers.
To solve it the easiest is probably to integrate both together. Since DeltaSpike doesn’t provide a default
ConfigFilter strategy (ie all is in clear text) I will wire TomEE
PasswordCipher to DeltaSpike
To make it easier I just wrote a small library based on https://rmannibucau.wordpress.com/2015/12/08/deltaspike-configuration-read-where-you-want-and-decrypt-passwords/ integrating with TomEE internals.
You can get it adding as a dependency:
<dependency> <groupId>com.github.rmannibucau</groupId> <artifactId>deltaspike-configuration-tomee</artifactId> <version>1.0.0</version> <scope>provided</scope> </dependency>
Then you can use as deltaspike configuration entries values following this pattern:
cipher:<tomee cipher algorithm>:<ciphered value>
com.company.myapp.myconfig = cipher:Static3DES:qrxDWArrKEU=
can be injected using:
@Inject @ConfigProperty(name = "com.company.myapp.myconfig") private String config;
And will read the value “openejb” completely deciphered :).
The glue project source code is on github: https://github.com/rmannibucau/deltaspike-configuration-tomee and available on central.