Camel
  1. Camel
  2. CAMEL-2987

Allow encrypted passwords to be used in properties files

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.0
    • Component/s: camel-core
    • Labels:
      None

      Description

      We should add a feature to the properties component and simple language so it can resolve encrypted usernames/passwords etc.

      We can use Jasypt as the library
      http://www.jasypt.org/

      And then add a prefix to the components component

      foo.properties
      username=#ENC#4fg48dgh58747f744#ENC#
      

      Just figuring our what the prefix/suffix tokens should be. Most likely something better than #ENC#

      The simple language could have a built in function for this as well.

      There are no Sub-Tasks for this issue.

        Activity

        Hide
        Claus Ibsen added a comment -
        Show
        Claus Ibsen added a comment - See also: https://issues.apache.org/jira/browse/KARAF-34
        Hide
        Claus Ibsen added a comment -

        Coordinate with Dejan as he starts working on this feature for ActiveMQ (AMQ-2460).

        Show
        Claus Ibsen added a comment - Coordinate with Dejan as he starts working on this feature for ActiveMQ ( AMQ-2460 ).
        Hide
        Claus Ibsen added a comment -

        Ashwin we need something similar to what Dejan did with AMQ
        http://activemq.apache.org/encrypted-passwords.html

        1)
        A new camel component, camel-jasypt to contain the implementation to avoid having deps on 3rd party jars in camel-core

        2)
        A SPI interface in org.apache.camel.spi as neutral interface for this feature. So we can plugin and use other frameworks in the future.

        3)
        Hook into the Properties component from camel-core and use the pluggable SPI if it has been configured and leverage it to decrypt the text
        (eg it scans for ENC( ) tokens), which I assume is a standard feature by Jasypt.

        4)
        Provide tooling in camel-jasypt like Dejan did, so you can run it from the cmd line to generate those tokens for your passwords

        5)
        Allow configuration of camel-jasypt to define algorithm and whatnot which is jasypt specific.
        In fact it could just be a standard Camel component which you can use to encrypt/decrypt as well.

        You have done these kind of components before. Then we can let end users use it for their messages as well.

        Show
        Claus Ibsen added a comment - Ashwin we need something similar to what Dejan did with AMQ http://activemq.apache.org/encrypted-passwords.html 1) A new camel component, camel-jasypt to contain the implementation to avoid having deps on 3rd party jars in camel-core 2) A SPI interface in org.apache.camel.spi as neutral interface for this feature. So we can plugin and use other frameworks in the future. 3) Hook into the Properties component from camel-core and use the pluggable SPI if it has been configured and leverage it to decrypt the text (eg it scans for ENC( ) tokens), which I assume is a standard feature by Jasypt. 4) Provide tooling in camel-jasypt like Dejan did, so you can run it from the cmd line to generate those tokens for your passwords 5) Allow configuration of camel-jasypt to define algorithm and whatnot which is jasypt specific. In fact it could just be a standard Camel component which you can use to encrypt/decrypt as well. You have done these kind of components before. Then we can let end users use it for their messages as well.
        Hide
        Claus Ibsen added a comment -

        Ashwin I got start a bit on this and I got a #4 done with a little tooling to allow end users to create the encrypted values.

        I will integrate this with the properties component in a pluggable fashion, then we got the important pieces in place.
        Then its easier for you to help, for example by creating the Camel component of jasypt which can be used in the routes. (eg to("jasypt:xxxx").

        Show
        Claus Ibsen added a comment - Ashwin I got start a bit on this and I got a #4 done with a little tooling to allow end users to create the encrypted values. I will integrate this with the properties component in a pluggable fashion, then we got the important pieces in place. Then its easier for you to help, for example by creating the Camel component of jasypt which can be used in the routes. (eg to("jasypt:xxxx").
        Hide
        Claus Ibsen added a comment -

        I got an initial code for #1, #2 and #3 committed to trunk.

        I will continue to work a bit to have the moving parts working. Then I most likely will leave parts of the actual JasyptComponent, JasyptEndpoint and the JasyptProducer up in the air, in case you want to give a go.

        Show
        Claus Ibsen added a comment - I got an initial code for #1, #2 and #3 committed to trunk. I will continue to work a bit to have the moving parts working. Then I most likely will leave parts of the actual JasyptComponent, JasyptEndpoint and the JasyptProducer up in the air, in case you want to give a go.
        Hide
        Claus Ibsen added a comment -

        Its now integrated with Spring XML so you can do

        
            <!-- START SNIPPET: e1 -->
            <!-- define the jasypt properties parser with the given password to be used -->
            <bean id="jasypt" class="org.apache.camel.component.jasypt.JasyptPropertiesParser">
                <!-- password is mandatory, you can prefix it with sysenv: or sys: to indicate it should use
                     an OS environment or JVM system property value, so you dont have the master password defined here -->
                <property name="password" value="secret"/>
            </bean>
        
            <camelContext xmlns="http://camel.apache.org/schema/spring">
                <!-- define the camel properties placeholder, and let it leverage jasypt -->
                <propertyPlaceholder id="properties"
                                     location="classpath:org/apache/camel/component/jasypt/myproperties.properties"
                                     propertiesParserRef="jasypt"/>
                <route>
                    <from uri="direct:start"/>
                    <to uri="{{cool.result}}"/>
                </route>
            </camelContext>
            <!-- END SNIPPET: e1 -->
        

        Now imagine the to uri was a ftp endpoint, then you could have used a placeholder for the password value in the endpoint uri, and have that password stored in the properties file:

        ftp.username=scott
        ftp.password=ENC(bsW9uV37gQ0QHFu7KO03Ww==)
        

        And you dont have to restrict to password, as we can have any value encrypted.

        Show
        Claus Ibsen added a comment - Its now integrated with Spring XML so you can do <!-- START SNIPPET: e1 --> <!-- define the jasypt properties parser with the given password to be used --> <bean id= "jasypt" class= "org.apache.camel.component.jasypt.JasyptPropertiesParser" > <!-- password is mandatory, you can prefix it with sysenv: or sys: to indicate it should use an OS environment or JVM system property value, so you dont have the master password defined here --> <property name= "password" value= "secret" /> </bean> <camelContext xmlns= "http://camel.apache.org/schema/spring" > <!-- define the camel properties placeholder, and let it leverage jasypt --> <propertyPlaceholder id= "properties" location= "classpath:org/apache/camel/component/jasypt/myproperties.properties" propertiesParserRef= "jasypt" /> <route> <from uri= "direct:start" /> <to uri= "{{cool.result}}" /> </route> </camelContext> <!-- END SNIPPET: e1 --> Now imagine the to uri was a ftp endpoint, then you could have used a placeholder for the password value in the endpoint uri, and have that password stored in the properties file: ftp.username=scott ftp.password=ENC(bsW9uV37gQ0QHFu7KO03Ww==) And you dont have to restrict to password, as we can have any value encrypted.
        Hide
        Claus Ibsen added a comment -
        Show
        Claus Ibsen added a comment - I started adding documentation at https://cwiki.apache.org/confluence/display/CAMEL/Jasypt
        Hide
        Claus Ibsen added a comment -

        camel-jasypt is now in the kit

        trunk: 992744.

        Show
        Claus Ibsen added a comment - camel-jasypt is now in the kit trunk: 992744.
        Hide
        Claus Ibsen added a comment -

        We may want to provide a .bat and a .sh file to easily run the tooling. Eg so it can help setup the classpath to run it from the kit

        Where <CAMEL> is the unzipped folder where Camel .ZIP is downloaded

        cd <CAMEL>
        jasypt.sh -c encrypt -p secret -i tiger
        

        Where we provide a jasypt.sh and a jasypt.bar file for end users to access the tooling easily from command line.
        Otherwise they gotta fight with setting up the classpath. Yikes java still sucks here.

        However I wonder how to include those files in the kit with maven, and where we should put such files?

        Show
        Claus Ibsen added a comment - We may want to provide a .bat and a .sh file to easily run the tooling. Eg so it can help setup the classpath to run it from the kit Where <CAMEL> is the unzipped folder where Camel .ZIP is downloaded cd <CAMEL> jasypt.sh -c encrypt -p secret -i tiger Where we provide a jasypt.sh and a jasypt.bar file for end users to access the tooling easily from command line. Otherwise they gotta fight with setting up the classpath. Yikes java still sucks here. However I wonder how to include those files in the kit with maven, and where we should put such files?
        Hide
        Claus Ibsen added a comment -

        We need a feature for this so you can easily install it in OSGi.

        Show
        Claus Ibsen added a comment - We need a feature for this so you can easily install it in OSGi.
        Hide
        Claus Ibsen added a comment -

        Added feature for camel-jasypt

        trunk: 993248.

        Show
        Claus Ibsen added a comment - Added feature for camel-jasypt trunk: 993248.
        Hide
        Claus Ibsen added a comment -

        Now running the tooling from cmd line has been made easy. See updated wiki documentation.

        Show
        Claus Ibsen added a comment - Now running the tooling from cmd line has been made easy. See updated wiki documentation.
        Hide
        Claus Ibsen added a comment -

        Closing all resolved tickets from 2010 or older

        Show
        Claus Ibsen added a comment - Closing all resolved tickets from 2010 or older

          People

          • Assignee:
            Ashwin Karpe
            Reporter:
            Claus Ibsen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development