camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Camel > Jasypt
Date Fri, 25 Feb 2011 06:32:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2036/9/1/_/styles/combined.css?spaceKey=CAMEL&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/CAMEL/Jasypt">Jasypt</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~davsclaus">Claus
Ibsen</a>
    </h4>
        <br/>
                         <h4>Changes (2)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >{snippet:id=e1|lang=java|url=camel/trunk/components/camel-jasypt/src/test/resources/org/apache/camel/component/jasypt/myproperties.properties}
<br> <br></td></tr>
            <tr><td class="diff-changed-lines" >h4. Tooling dependencies <span
class="diff-added-words"style="background-color: #dfd;">for Camel 2.5 and 2.6</span>
<br></td></tr>
            <tr><td class="diff-unchanged" > <br>The tooling requires the
following JARs in the classpath, which has been enlisted in the {{MANIFEST.MF}} file of {{camel-jasypt}}
with {{optional/}} as prefix. Hence why the java cmd above can pickup the needed JARs from
the Apache Distribution in the {{optional}} directory. <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >{info} <br> <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">h4.
Tooling dependencies for Camel 2.7 or better <br> <br>Jasypt 1.7 onwards is now
fully standalone so no additional JARs is needed. <br> <br></td></tr>
            <tr><td class="diff-unchanged" >h3. URI Options <br>The options
below are exclusive for the [Jasypt] component.  <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <h2><a name="Jasypt-Jasyptcomponent"></a>Jasypt component</h2>
<p><b>Available as of Camel 2.5</b></p>

<p><a href="http://www.jasypt.org/" class="external-link" rel="nofollow">Jasypt</a>
is a simplified encryption library which makes encryption and decryption easy. Camel integrates
with Jasypt to allow sensitive information in <a href="/confluence/display/CAMEL/Properties"
title="Properties">Properties</a> files to be encrypted. By dropping <b><tt>camel-jasypt</tt></b>
on the classpath those encrypted values will automatic be decrypted on-the-fly by Camel. This
ensures that human eyes can't easily spot sensitive information such as usernames and passwords.</p>

<p>Maven users will need to add the following dependency to their <tt>pom.xml</tt>
for this component:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-xml">
<span class="code-tag">&lt;dependency&gt;</span>
    <span class="code-tag">&lt;groupId&gt;</span>org.apache.camel<span
class="code-tag">&lt;/groupId&gt;</span>
    <span class="code-tag">&lt;artifactId&gt;</span>camel-jasypt<span
class="code-tag">&lt;/artifactId&gt;</span>
    <span class="code-tag">&lt;version&gt;</span>x.x.x<span class="code-tag">&lt;/version&gt;</span>
    <span class="code-tag"><span class="code-comment">&lt;!-- use the same
version as your Camel core version --&gt;</span></span>
<span class="code-tag">&lt;/dependency&gt;</span>
</pre>
</div></div>

<h3><a name="Jasypt-Tooling"></a>Tooling</h3>

<p>The <a href="/confluence/display/CAMEL/Jasypt" title="Jasypt">Jasypt</a>
component provides a little command line tooling to encrypt or decrypt values.</p>

<p>The console output the syntax and which options it provides:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
Apache Camel Jasypt takes the following options

  -h or -help = Displays the help screen
  -c or -command &lt;command&gt; = Command either encrypt or decrypt
  -p or -password &lt;password&gt; = Password to use
  -i or -input &lt;input&gt; = Text to encrypt or decrypt
  -a or -algorithm &lt;algorithm&gt; = Optional algorithm to use
</pre>
</div></div>

<p>For example to encrypt the value <tt>tiger</tt> you run with the following
parameters. In the apache camel kit, you cd into the lib folder and run the following java
cmd, where <em>&lt;CAMEL_HOME&gt;</em> is where you have downloaded and
extract the Camel distribution.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
$ cd &lt;CAMEL_HOME&gt;/lib
$ java -jar camel-jasypt-2.5.0.jar -c encrypt -p secret -i tiger
</pre>
</div></div>
<p>Which outputs the following result</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
Encrypted text: qaEEacuW7BUti8LcMgyjKw==
</pre>
</div></div>
<p>This means the encrypted representation <tt>qaEEacuW7BUti8LcMgyjKw==</tt>
can be decrypted back to <tt>tiger</tt> if you know the master password which
was <tt>secret</tt>.<br/>
If you run the tool again then the encrypted value will return a different result. But decrypting
the value will always return the correct original value.</p>

<p>So you can test it by running the tooling using the following parameters:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
$ cd &lt;CAMEL_HOME&gt;/lib
$ java -jar camel-jasypt-2.5.0.jar -c decrypt -p secret -i qaEEacuW7BUti8LcMgyjKw==
</pre>
</div></div>
<p>Which outputs the following result:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
Decrypted text: tiger
</pre>
</div></div>

<p>The idea is then to use those encrypted values in your <a href="/confluence/display/CAMEL/Properties"
title="Properties">Properties</a> files. Notice how the password value is encrypted
and the value has the tokens surrounding <tt>ENC(value here)</tt></p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java"># refer to a mock endpoint name by that encrypted password
cool.result=mock:{{cool.password}}

# here is a password which is encrypted
cool.password=ENC(bsW9uV37gQ0QHFu7KO03Ww==)
</pre>
</div></div>

<h4><a name="Jasypt-ToolingdependenciesforCamel2.5and2.6"></a>Tooling dependencies
for Camel 2.5 and 2.6</h4>

<p>The tooling requires the following JARs in the classpath, which has been enlisted
in the <tt>MANIFEST.MF</tt> file of <tt>camel-jasypt</tt> with <tt>optional/</tt>
as prefix. Hence why the java cmd above can pickup the needed JARs from the Apache Distribution
in the <tt>optional</tt> directory.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
jasypt-1.6.jar commons-lang-2.4.jar commons-codec-1.4.jar icu4j-4.0.1.jar
</pre>
</div></div>

<div class='panelMacro'><table class='infoMacro'><colgroup><col width='24'><col></colgroup><tr><td
valign='top'><img src="/confluence/images/icons/emoticons/information.gif" width="16"
height="16" align="absmiddle" alt="" border="0"></td><td><b>Java 1.5
users</b><br />The <tt>icu4j-4.0.1.jar</tt> is only needed when running
on JDK 1.5.

<p>This JAR is not distributed by Apache Camel and you have to download it manually
and copy it to the <tt>lib/optional</tt> directory of the Camel distribution.<br/>
You can download it from <a href="http://repo2.maven.org/maven2/com/ibm/icu/icu4j/4.0.1/"
class="external-link" rel="nofollow">Apache Central Maven repo</a>.</p></td></tr></table></div>

<h4><a name="Jasypt-ToolingdependenciesforCamel2.7orbetter"></a>Tooling
dependencies for Camel 2.7 or better</h4>

<p>Jasypt 1.7 onwards is now fully standalone so no additional JARs is needed.</p>

<h3><a name="Jasypt-URIOptions"></a>URI Options</h3>
<p>The options below are exclusive for the <a href="/confluence/display/CAMEL/Jasypt"
title="Jasypt">Jasypt</a> component. </p>
<div class="confluenceTableSmall"><div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Name </th>
<th class='confluenceTh'> Default Value </th>
<th class='confluenceTh'> Type </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> <tt>password</tt> </td>
<td class='confluenceTd'> <tt>null</tt> </td>
<td class='confluenceTd'> <tt>String</tt> </td>
<td class='confluenceTd'> Specifies the master password to use for decrypting. This
option is mandatory. See below for more details. </td>
</tr>
<tr>
<td class='confluenceTd'> <tt>algorithm</tt> </td>
<td class='confluenceTd'> <tt>null</tt> </td>
<td class='confluenceTd'> <tt>String</tt> </td>
<td class='confluenceTd'> Name of an optional algorithm to use. </td>
</tr>
</tbody></table>
</div>
</div>

<h3><a name="Jasypt-Protectingthemasterpassword"></a>Protecting the master
password</h3>
<p>The master password used by <a href="/confluence/display/CAMEL/Jasypt" title="Jasypt">Jasypt</a>
must be provided, so its capable of decrypting the values. However having this master password
out in the opening may not be an ideal solution. Therefore you could for example provided
it as a JVM system property or as a OS environment setting. If you decide to do so then the
<tt>password</tt> option supports prefixes which dictates this. <tt>sysenv:</tt>
means to lookup the OS system environment with the given key. <tt>sys:</tt> means
to lookup a JVM system property.</p>

<p>For example you could provided the password before you start the application</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
$ export CAMEL_ENCRYPTION_PASSWORD=secret
</pre>
</div></div>
<p>Then start the application, such as running the start script.</p>

<p>When the application is up and running you can unset the environment</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
$ unset CAMEL_ENCRYPTION_PASSWORD
</pre>
</div></div>

<p>The <tt>password</tt> option is then a matter of defining as follows:
<tt>password=sysenv:CAMEL_ENCRYPTION_PASSWORD</tt>.</p>

<h3><a name="Jasypt-ExamplewithJavaDSL"></a>Example with Java DSL</h3>

<p>In Java DSL you need to configure <a href="/confluence/display/CAMEL/Jasypt" title="Jasypt">Jasypt</a>
as a <tt>JasyptPropertiesParser</tt> instance and set it on the <a href="/confluence/display/CAMEL/Properties"
title="Properties">Properties</a> component as show below:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java"><span class="code-comment">// create the jasypt properties
parser
</span>JasyptPropertiesParser jasypt = <span class="code-keyword">new</span>
JasyptPropertiesParser();
<span class="code-comment">// and set the master password
</span>jasypt.setPassword(<span class="code-quote">"secret"</span>);

<span class="code-comment">// create the properties component
</span>PropertiesComponent pc = <span class="code-keyword">new</span> PropertiesComponent();
pc.setLocation(<span class="code-quote">"classpath:org/apache/camel/component/jasypt/myproperties.properties"</span>);
<span class="code-comment">// and use the jasypt properties parser so we can decrypt
values
</span>pc.setPropertiesParser(jasypt);

<span class="code-comment">// add properties component to camel context
</span>context.addComponent(<span class="code-quote">"properties"</span>,
pc);
</pre>
</div></div>

<p>The properties file <tt>myproperties.properties</tt> then contain the
encrypted value, such as shown below. Notice how the password value is encrypted and the value
has the tokens surrounding <tt>ENC(value here)</tt></p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java"># refer to a mock endpoint name by that encrypted password
cool.result=mock:{{cool.password}}

# here is a password which is encrypted
cool.password=ENC(bsW9uV37gQ0QHFu7KO03Ww==)
</pre>
</div></div>

<h3><a name="Jasypt-ExamplewithSpringXML"></a>Example with Spring XML</h3>

<p>In Spring XML you need to configure the <tt>JasyptPropertiesParser</tt>
which is shown below. Then the Camel <a href="/confluence/display/CAMEL/Properties" title="Properties">Properties</a>
component is told to use <tt>jasypt</tt> as the properties parser, which means
<a href="/confluence/display/CAMEL/Jasypt" title="Jasypt">Jasypt</a> have its
chance to decrypt values looked up in the properties. </p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-xml"><span class="code-tag"><span class="code-comment">&lt;!--
define the jasypt properties parser with the given password to be used --&gt;</span></span>
<span class="code-tag">&lt;bean id=<span class="code-quote">"jasypt"</span>
class=<span class="code-quote">"org.apache.camel.component.jasypt.JasyptPropertiesParser"</span>&gt;</span>
    <span class="code-tag">&lt;property name=<span class="code-quote">"password"</span>
value=<span class="code-quote">"secret"</span>/&gt;</span>
<span class="code-tag">&lt;/bean&gt;</span>

<span class="code-tag"><span class="code-comment">&lt;!-- define the camel
properties component --&gt;</span></span>
<span class="code-tag">&lt;bean id=<span class="code-quote">"properties"</span>
class=<span class="code-quote">"org.apache.camel.component.properties.PropertiesComponent"</span>&gt;</span>
    <span class="code-tag"><span class="code-comment">&lt;!-- the properties
file is in the classpath --&gt;</span></span>
    <span class="code-tag">&lt;property name=<span class="code-quote">"location"</span>
value=<span class="code-quote">"classpath:org/apache/camel/component/jasypt/myproperties.properties"</span>/&gt;</span>
    <span class="code-tag"><span class="code-comment">&lt;!-- and let it leverage
the jasypt parser --&gt;</span></span>
    <span class="code-tag">&lt;property name=<span class="code-quote">"propertiesParser"</span>
ref=<span class="code-quote">"jasypt"</span>/&gt;</span>
<span class="code-tag">&lt;/bean&gt;</span>
</pre>
</div></div>

<p>The <a href="/confluence/display/CAMEL/Properties" title="Properties">Properties</a>
component can also be inlined inside the <tt>&lt;camelContext&gt;</tt>
tag which is shown below. Notice how we use the <tt>propertiesParserRef</tt> attribute
to refer to <a href="/confluence/display/CAMEL/Jasypt" title="Jasypt">Jasypt</a>.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-xml"><span class="code-tag"><span class="code-comment">&lt;!--
define the jasypt properties parser with the given password to be used --&gt;</span></span>
<span class="code-tag">&lt;bean id=<span class="code-quote">"jasypt"</span>
class=<span class="code-quote">"org.apache.camel.component.jasypt.JasyptPropertiesParser"</span>&gt;</span>
    &lt;!-- password is mandatory, you can prefix it with sysenv: or sys: to indicate
it should use
         an OS environment or JVM system property value, so you dont have the master password
defined here --&gt;
    <span class="code-tag">&lt;property name=<span class="code-quote">"password"</span>
value=<span class="code-quote">"secret"</span>/&gt;</span>
<span class="code-tag">&lt;/bean&gt;</span>

<span class="code-tag">&lt;camelContext xmlns=<span class="code-quote">"http://camel.apache.org/schema/spring"</span>&gt;</span>
    <span class="code-tag"><span class="code-comment">&lt;!-- define the camel
properties placeholder, and let it leverage jasypt --&gt;</span></span>
    &lt;propertyPlaceholder id=<span class="code-quote">"properties"</span>
                         location=<span class="code-quote">"classpath:org/apache/camel/component/jasypt/myproperties.properties"</span>
                         propertiesParserRef=<span class="code-quote">"jasypt"</span>/&gt;
    <span class="code-tag">&lt;route&gt;</span>
        <span class="code-tag">&lt;from uri=<span class="code-quote">"direct:start"</span>/&gt;</span>
        <span class="code-tag">&lt;to uri=<span class="code-quote">"{{cool.result}}"</span>/&gt;</span>
    <span class="code-tag">&lt;/route&gt;</span>
<span class="code-tag">&lt;/camelContext&gt;</span>
</pre>
</div></div>


<h3><a name="Jasypt-SeeAlso"></a>See Also</h3>
<ul class="alternate" type="square">
	<li><a href="/confluence/display/CAMEL/Security" title="Security">Security</a></li>
	<li><a href="/confluence/display/CAMEL/Properties" title="Properties">Properties</a></li>
	<li><a href="http://activemq.apache.org/encrypted-passwords.html" class="external-link"
rel="nofollow">Encrypted passwords in ActiveMQ</a> - ActiveMQ has a similar feature
as this <tt>camel-jasypt</tt> component</li>
</ul>

    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/CAMEL/Jasypt">View Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=23336900&revisedVersion=12&originalVersion=11">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/CAMEL/Jasypt?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message