Align TomEE and DeltaSpike ciphering configuration


When you develop an application relying on a container for its awesome features you often hit the fact you use several code bases to do the same thing. In the context of this post it will be the ciphering of the passwords in the configuration:

  • TomEE does it using PasswordCipher API
  • DeltaSpike does it using ConfigFilter API
  • So finally you end up having to maintain two ciphering solutions which makes hard to production teams to maintain the configuration without developpers.

    To solve it the easiest is probably to integrate both together. Since DeltaSpike doesn’t provide a default ConfigFilter strategy (ie all is in clear text) I will wire TomEE PasswordCipher to DeltaSpike ConfigFilter.

    To make it easier I just wrote a small library based on https://rmannibucau.wordpress.com/2015/12/08/deltaspike-configuration-read-where-you-want-and-decrypt-passwords/ integrating with TomEE internals.

    You can get it adding as a dependency:

    <dependency>
      <groupId>com.github.rmannibucau</groupId>
      <artifactId>deltaspike-configuration-tomee</artifactId>
      <version>1.0.0</version>
      <scope>provided</scope>
    </dependency>
    

    Then you can use as deltaspike configuration entries values following this pattern:

    cipher:<tomee cipher algorithm>:<ciphered value>
    

    For instance:

    com.company.myapp.myconfig = cipher:Static3DES:qrxDWArrKEU=

    can be injected using:

    @Inject
    @ConfigProperty(name = "com.company.myapp.myconfig")
    private String config;
    

    And will read the value “openejb” completely deciphered :).

    The glue project source code is on github: https://github.com/rmannibucau/deltaspike-configuration-tomee and available on central.

    Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s