Before continuing let me state that this is not a post about if you should store private data or not, that depends on the real necessities and your professional judgment. This is not a post about how to store your keyring the right way neither a security-for-pros post.
Jasypt is simple and yet tested by security experts that do the job for you so do not rely on obscurity to protect your data, use a Library like Jasypt.
Spring allows to clean your code especially if you use annotations and JPA facilitates persistance supporting annotations. JPA unfortunately is missing still so many features that I forgot a while ago about changing my persistence provider in the future. Hibernate provides a really clean (at least in comparison with others I had to implement in the past) solution.
I am sharing a typical configuration to get a JUnit test up and running but exactly the same applies to a container managed (Web) application.
So in your pom.xml
<!-- Encryption / Decryption -->
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
<version>1.7</version>
<scope>compile</scope>
</dependency>
In spring config file:
<context:property-placeholder location="test.properties" ignore-unresolvable="true"/>
<bean id="hibernateStringEncryptor" class="org.jasypt.hibernate.encryptor.HibernatePBEStringEncryptor">
<property name="registeredName">
<value>hibernateStringEncryptor</value>
</property>
<property name="password">
<value>${jasypt.password}</value>
</property>
</bean>
In your test.properties (Which of course will use a different password than the one you use in development/integration, staging and production environments ):
#Holder for all general test properties jasypt.password=jasypt
In JPA Entities the proposed annotation on top of the getter did not work for me. I had to annotate the field itself which makes sense BTW:
@TypeDef(
name="encryptedString",
typeClass=EncryptedStringType.class,
parameters={@Parameter(name="encryptorRegisteredName",
value="hibernateStringEncryptor")}
)
@Type(type="encryptedString")
private String ssn;
4 comments:
Good one, helped my Jasypt integration.
Very helpful
Nicely explained. Thank you. I have actually tried this. I am facing one problem. I have users and their email addresses are unique in entity. I have encrypted email addresses. But when I add user with the same email address, it generates different encrypted string. Can you guide how should I solve this problem please?
@javabuddy: I think you should provide a test case demonstrating your statement and then share it with the jasypt community.
Post a Comment