When you develop an application relying on a container for its awesome features you often hit the fact you use several code bases to do the same thing. In the context of this post it will be the ciphering of the passwords in the configuration:
- TomEE does it using
PasswordCipher
API - DeltaSpike does it using
ConfigFilter
API
So finally you end up having to maintain two ciphering solutions which makes hard to production teams to maintain the configuration without developpers.
To solve it the easiest is probably to integrate both together. Since DeltaSpike doesn’t provide a default ConfigFilter
strategy (ie all is in clear text) I will wire TomEE PasswordCipher
to DeltaSpike ConfigFilter
.
To make it easier I just wrote a small library based on https://rmannibucau.wordpress.com/2015/12/08/deltaspike-configuration-read-where-you-want-and-decrypt-passwords/ integrating with TomEE internals.
You can get it adding as a dependency:
<dependency> <groupId>com.github.rmannibucau</groupId> <artifactId>deltaspike-configuration-tomee</artifactId> <version>1.0.0</version> <scope>provided</scope> </dependency>
Then you can use as deltaspike configuration entries values following this pattern:
cipher:<tomee cipher algorithm>:<ciphered value>
For instance:
com.company.myapp.myconfig = cipher:Static3DES:qrxDWArrKEU=
can be injected using:
@Inject @ConfigProperty(name = "com.company.myapp.myconfig") private String config;
And will read the value “openejb” completely deciphered :).
The glue project source code is on github: https://github.com/rmannibucau/deltaspike-configuration-tomee and available on central.