OSGI Configuration Parameters for Blueprint Components - 7.0

Talend ESB Container Administration Guide

EnrichVersion
7.0
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Administration and Monitoring
Design and Development
Installation and Upgrade
EnrichPlatform
Talend ESB

As Jasypt supports blueprint components, it can be easily configured to use it.

  1. Add this namespace to the blueprint file:

    xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
  2. Configure the jasypt as follows:

    <enc:property-placeholder>
     <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
     <property name="config">
     <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
     <property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>
     <property name="passwordEnvName" value="TESB_ENV_PASSWORD"/>
     </bean>
     </property>
     </enc:encryptor>
    </enc:property-placeholder>
  3. Create the encrypted properties as described in Encrypting clear text parameters and passwords.

  4. Add the encrypted property inside the ENC() prefix like in the following example:

    <cm:property-placeholder persistent-id="my" update-strategy="reload">
        <cm:default-properties>
            <cm:property name="password" value="ENC(T4H3aL4AfR20Tl+S9krZQVzTFCVG9akKxWmfDAobPxM=)"/>
        </cm:default-properties>
    </cm:property-placeholder>
  5. If you are using Maven, the following dependencies should be added to the pom.xml:

    <dependency>
        <groupId>org.apache.servicemix.bundles</groupId>
        <artifactId>org.apache.servicemix.bundles.jasypt</artifactId>
        <version>1.9.2_1</version>
    </dependency>
    <dependency>
        <groupId>org.apache.karaf.jaas.blueprint</groupId>
        <artifactId>org.apache.karaf.jaas.blueprint.jasypt</artifactId>
        <version>4.0.1</version>
    </dependency>
  6. Import the package org.jasypt.encryption.pbe into the bundle. If you are using Maven, the following instructions should be added to the pom.xml:

    <plugin>
      <groupId>org.apache.felix</groupId>
      <artifactId>maven-bundle-plugin</artifactId>
      <version>2.4.0</version>
      <extensions>true</extensions>
      <configuration>
         <instructions>
            <Import-Package>org.jasypt.encryption.pbe;version=1.9.2, org.jasypt.encryption.pbe.config;version=1.9.2, org.osgi.service.blueprint</Import-Package>
         </instructions>
      </configuration>
    </plugin>
  7. Section <cm:property-placeholder> must be defined before (upward) section <enc:property-placeholder> inside the blueprint configuration, otherwise decryption of parameters from etc/*.cfg will not work.

An example of blueprint configuration (environment variable TESB_ENV_PASSWORD is set to pwd) is shown below:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
   xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
   xsi:schemaLocation="
      http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
      http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.1.0.xsd">

<cm:property-placeholder persistent-id="my" update-strategy="reload">
	<cm:default-properties>
		<cm:property name="password" value="ENC(ri+N4zeF/hTl1omjgYky1uQxYwhyxyPmdnyC/UmY1ug=)" />
	</cm:default-properties>
</cm:property-placeholder>

<enc:property-placeholder>
	<enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
		<property name="config">
			<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
				<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC" />
				<property name="passwordEnvName" value="TESB_ENV_PASSWORD" />
			</bean>
		</property>
	</enc:encryptor>
</enc:property-placeholder>

<bean id="serviceBean" class="org.company.example.MyServiceImpl">
           <property name="prop" value="${password}"/>
</bean>

<blueprint>

An example of persistent configuration (container/etc/my.cfg) is as follows:

password=ENC(6laeC861kCMSh2Eaj4sjtNzgstdo5BKFh8d+fop2Jt0=)