OSGI Configuration Parameters for Blueprint Components - Cloud - 8.0

Talend ESB Container Administration Guide

Version
Cloud
8.0
Language
English
Product
Talend Cloud
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Administration and Monitoring
Design and Development
Installation and Upgrade
Last publication date
2024-03-13

About this task

As Jasypt supports blueprint components, it can be easily configured to use it.

Procedure

  1. Add this namespace to the blueprint file:
    xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
  2. Configure the jasypt as follows:
    <enc:property-placeholder>
     <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
     <property name="config">
     <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
     <property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>
     <property name="passwordEnvName" value="TESB_ENV_PASSWORD"/>
     </bean>
     </property>
     </enc:encryptor>
    </enc:property-placeholder>
  3. Create the encrypted properties as described in Encrypting clear text parameters and passwords.
  4. Add the encrypted property inside the ENC() prefix like in the following example:
    <cm:property-placeholder persistent-id="my" update-strategy="reload">
        <cm:default-properties>
            <cm:property name="password" value="ENC(T4H3aL4AfR20Tl+S9krZQVzTFCVG9akKxWmfDAobPxM=)"/>
        </cm:default-properties>
    </cm:property-placeholder>
  5. If you are using Maven, the following dependencies should be added to the pom.xml:
    <dependency>
        <groupId>org.apache.servicemix.bundles</groupId>
        <artifactId>org.apache.servicemix.bundles.jasypt</artifactId>
        <version>1.9.2_1</version>
    </dependency>
    <dependency>
        <groupId>org.apache.karaf.jaas.blueprint</groupId>
        <artifactId>org.apache.karaf.jaas.blueprint.jasypt</artifactId>
        <version>4.0.1</version>
    </dependency>
  6. Import the package org.jasypt.encryption.pbe into the bundle. If you are using Maven, the following instructions should be added to the pom.xml:
    <plugin>
      <groupId>org.apache.felix</groupId>
      <artifactId>maven-bundle-plugin</artifactId>
      <version>2.4.0</version>
      <extensions>true</extensions>
      <configuration>
         <instructions>
            <Import-Package>org.jasypt.encryption.pbe;version=1.9.2, org.jasypt.encryption.pbe.config;version=1.9.2, org.osgi.service.blueprint</Import-Package>
         </instructions>
      </configuration>
    </plugin>
  7. Section <cm:property-placeholder> must be defined before (upward) section <enc:property-placeholder> inside the blueprint configuration, otherwise decryption of parameters from etc/*.cfg will not work.

Results

An example of blueprint configuration (environment variable TESB_ENV_PASSWORD is set to pwd) is shown below:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
   xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
   xsi:schemaLocation="
      http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
      http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.1.0.xsd">

<cm:property-placeholder persistent-id="my" update-strategy="reload">
	<cm:default-properties>
		<cm:property name="password" value="ENC(ri+N4zeF/hTl1omjgYky1uQxYwhyxyPmdnyC/UmY1ug=)" />
	</cm:default-properties>
</cm:property-placeholder>

<enc:property-placeholder>
	<enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
		<property name="config">
			<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
				<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC" />
				<property name="passwordEnvName" value="TESB_ENV_PASSWORD" />
			</bean>
		</property>
	</enc:encryptor>
</enc:property-placeholder>

<bean id="serviceBean" class="org.company.example.MyServiceImpl">
           <property name="prop" value="${password}"/>
</bean>

<blueprint>

An example of persistent configuration (container/etc/my.cfg) is as follows:

password=ENC(6laeC861kCMSh2Eaj4sjtNzgstdo5BKFh8d+fop2Jt0=)