OSGI Configuration Parameters for Blueprint Components

About this task

As Jasypt supports blueprint components, it can be easily configured to use it.

Procedure

Add this namespace to the blueprint file:

xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"

Configure the jasypt as follows:

<enc:property-placeholder>
 <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
 <property name="config">
 <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
 <property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>
 <property name="passwordEnvName" value="TESB_ENV_PASSWORD"/>
 </bean>
 </property>
 </enc:encryptor>
</enc:property-placeholder>

Create the encrypted properties as described in Encrypting clear text parameters and passwords.

Add the encrypted property inside the ENC() prefix like in the following example:

<cm:property-placeholder persistent-id="my" update-strategy="reload">
    <cm:default-properties>
        <cm:property name="password" value="ENC(T4H3aL4AfR20Tl+S9krZQVzTFCVG9akKxWmfDAobPxM=)"/>
    </cm:default-properties>
</cm:property-placeholder>

If you are using Maven, the following dependencies should be added to the pom.xml:

<dependency>
    <groupId>org.apache.servicemix.bundles</groupId>
    <artifactId>org.apache.servicemix.bundles.jasypt</artifactId>
    <version>1.9.2_1</version>
</dependency>
<dependency>
    <groupId>org.apache.karaf.jaas.blueprint</groupId>
    <artifactId>org.apache.karaf.jaas.blueprint.jasypt</artifactId>
    <version>4.0.1</version>
</dependency>

Import the package org.jasypt.encryption.pbe into the bundle. If you are using Maven, the following instructions should be added to the pom.xml:

<plugin>
  <groupId>org.apache.felix</groupId>
  <artifactId>maven-bundle-plugin</artifactId>
  <version>2.4.0</version>
  <extensions>true</extensions>
  <configuration>
     <instructions>
        <Import-Package>org.jasypt.encryption.pbe;version=1.9.2, org.jasypt.encryption.pbe.config;version=1.9.2, org.osgi.service.blueprint</Import-Package>
     </instructions>
  </configuration>
</plugin>

Section <cm:property-placeholder> must be defined before (upward) section <enc:property-placeholder> inside the blueprint configuration, otherwise decryption of parameters from etc/*.cfg will not work.

Results

An example of blueprint configuration (environment variable TESB_ENV_PASSWORD is set to pwd) is shown below:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
   xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
   xsi:schemaLocation="
      http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
      http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.1.0.xsd">

<cm:property-placeholder persistent-id="my" update-strategy="reload">
	<cm:default-properties>
		<cm:property name="password" value="ENC(ri+N4zeF/hTl1omjgYky1uQxYwhyxyPmdnyC/UmY1ug=)" />
	</cm:default-properties>
</cm:property-placeholder>

<enc:property-placeholder>
	<enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
		<property name="config">
			<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
				<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC" />
				<property name="passwordEnvName" value="TESB_ENV_PASSWORD" />
			</bean>
		</property>
	</enc:encryptor>
</enc:property-placeholder>

<bean id="serviceBean" class="org.company.example.MyServiceImpl">
           <property name="prop" value="${password}"/>
</bean>

<blueprint>

An example of persistent configuration (container/etc/my.cfg) is as follows:

password=ENC(6laeC861kCMSh2Eaj4sjtNzgstdo5BKFh8d+fop2Jt0=)

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here