OSGI Configuration Parameters for Blueprint Components

OSGI Configuration Parameters for Blueprint Components - 7.3

Talend ESB Container Administration Guide

Version

7.3

Language

English

Product

Talend Cloud

Talend Data Fabric

Talend Data Services Platform

Talend ESB

Talend MDM Platform

Talend Open Studio for ESB

Talend Real-Time Big Data Platform

Module

Talend ESB

Talend Runtime

Content

Administration and Monitoring

Design and Development

Installation and Upgrade

Last publication date

2023-09-13

About this task

As Jasypt supports blueprint components, it can be easily configured to use it.

Procedure

Add this namespace to the blueprint file:

xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"

Configure the jasypt as follows:

<enc:property-placeholder>
 <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
 <property name="config">
 <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
 <property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>
 <property name="passwordEnvName" value="TESB_ENV_PASSWORD"/>
 </bean>
 </property>
 </enc:encryptor>
</enc:property-placeholder>

Note that if you have installed the R2022-05 Talend Runtime patch, you need to configure the jasypt as follows:

<enc:property-placeholder>
 <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
 <property name="config">
 <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
 <property name="algorithm" value="PBEWITHSHA256AND256BITAES-CBC-BC"/>
 <property name="passwordEnvName" value="TESB_ENV_PASSWORD"/>
 <property name="provider" ref="bcprovider"/>
 </bean>
 </property>
 </enc:encryptor>
</enc:property-placeholder>
<bean id="bcprovider" class="org.bouncycastle.jce.provider.BouncyCastleProvider">
</bean>

Create the encrypted properties as described in Encrypting clear text parameters and passwords.

Add the encrypted property inside the ENC() prefix like in the following example:

<cm:property-placeholder persistent-id="my" update-strategy="reload">
    <cm:default-properties>
        <cm:property name="password" value="ENC(T4H3aL4AfR20Tl+S9krZQVzTFCVG9akKxWmfDAobPxM=)"/>
    </cm:default-properties>
</cm:property-placeholder>

If you are using Maven, the following dependencies should be added to the pom.xml:

<dependency>
    <groupId>org.apache.servicemix.bundles</groupId>
    <artifactId>org.apache.servicemix.bundles.jasypt</artifactId>
    <version>1.9.2_1</version>
</dependency>
<dependency>
    <groupId>org.apache.karaf.jaas.blueprint</groupId>
    <artifactId>org.apache.karaf.jaas.blueprint.jasypt</artifactId>
    <version>4.0.1</version>
</dependency>

Import the package org.jasypt.encryption.pbe into the bundle. If you are using Maven, the following instructions should be added to the pom.xml:

<plugin>
  <groupId>org.apache.felix</groupId>
  <artifactId>maven-bundle-plugin</artifactId>
  <version>2.4.0</version>
  <extensions>true</extensions>
  <configuration>
     <instructions>
        <Import-Package>org.jasypt.encryption.pbe;version=1.9.2, org.jasypt.encryption.pbe.config;version=1.9.2, org.osgi.service.blueprint</Import-Package>
     </instructions>
  </configuration>
</plugin>

Section <cm:property-placeholder> must be defined before (upward) section <enc:property-placeholder> inside the blueprint configuration, otherwise decryption of parameters from etc/*.cfg will not work.

Results

An example of blueprint configuration (environment variable TESB_ENV_PASSWORD is set to pwd) is shown below:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
   xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
   xsi:schemaLocation="
      http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
      http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.1.0.xsd">

<cm:property-placeholder persistent-id="my" update-strategy="reload">
	<cm:default-properties>
		<cm:property name="password" value="ENC(ri+N4zeF/hTl1omjgYky1uQxYwhyxyPmdnyC/UmY1ug=)" />
	</cm:default-properties>
</cm:property-placeholder>

<enc:property-placeholder>
	<enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
		<property name="config">
			<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
				<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC" />
				<property name="passwordEnvName" value="TESB_ENV_PASSWORD" />
			</bean>
		</property>
	</enc:encryptor>
</enc:property-placeholder>

<bean id="serviceBean" class="org.company.example.MyServiceImpl">
           <property name="prop" value="${password}"/>
</bean>

<blueprint>

An example of persistent configuration (container/etc/my.cfg) is as follows:

password=ENC(6laeC861kCMSh2Eaj4sjtNzgstdo5BKFh8d+fop2Jt0=)