encrypting ibatis’ sqlmapconfig.xml
after im writing this article, i keep wondering “how can i keep database’s password secure.?”. As you all know, i keep database’s password plain at SqlMapConfig.xml. Therefore, we need to keep our database’s password secure. One of the simplest method is to encrypting SqlMapConfig’s properties.
Im using Swing, jasypt library for basic encryption, and iBatis 2.3.4. Jasypt also need 2 additional jars, commons-lang and commons-codec, you can find them at apache’s website.
first i create a properties file, named db.properties
JDBC.Driver=1rzI2NrjkRaiwdZso6qZaI0THnqKx/wkAROxbfaCL/E= JDBC.ConnectionURL=7EpsURgD/FFzdzuDTKYtdcT3iGPePc8uklqBweCnbCkw1wjUAKPyEA== JDBC.Username=ciUNsgpnvS6bEkkB1F/Q8g== JDBC.Password=c5dvo6UUKK5t633Dt6lvma0WAm5snxb+
after that, i create a singleton class to do all the Encryption-Decryption functions
package com.edw.util; import org.jasypt.util.text.BasicTextEncryptor; /** * @author edw */ public class BasicEncryption { private static final BasicEncryption basicEncryption = new BasicEncryption(); private final String CONSTANT = "busuk"; private BasicTextEncryptor textEncryptor = new BasicTextEncryptor(); private BasicEncryption(){ textEncryptor.setPassword(CONSTANT); } public static BasicEncryption getInstance(){ return basicEncryption; } public String encrypt(String word){ return textEncryptor.encrypt(word); } public String decrypt(String word){ return textEncryptor.decrypt(word); } }
after that, we modified SqlMapConfig.java to put decrypted properties into SqlMapConfig.xml
package com.edw.config; import com.edw.util.BasicEncryption; import com.ibatis.common.resources.Resources; import com.ibatis.sqlmap.client.SqlMapClient; import com.ibatis.sqlmap.client.SqlMapClientBuilder; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.Reader; import java.util.Properties; /** * * @author edw */ public class SqlMapConfig { protected static final SqlMapClient sqlMap; static { try { File file = new File("db.properties"); FileInputStream fileInputStream = new FileInputStream(file); Properties properties = new Properties(); properties.load(fileInputStream); fileInputStream.close(); // load encryption class BasicEncryption basicEncryption = BasicEncryption.getInstance(); properties.setProperty("JDBC.Driver", basicEncryption.decrypt(properties.getProperty("JDBC.Driver"))); properties.setProperty("JDBC.ConnectionURL", basicEncryption.decrypt(properties.getProperty("JDBC.ConnectionURL"))); properties.setProperty("JDBC.Username", basicEncryption.decrypt(properties.getProperty("JDBC.Username"))); properties.setProperty("JDBC.Password", basicEncryption.decrypt(properties.getProperty("JDBC.Password"))); Reader reader = Resources.getResourceAsReader("com/edw/sqlmap/sqlmapconfig.xml"); sqlMap = SqlMapClientBuilder.buildSqlMapClient(reader, properties); } catch (IOException e) { throw new RuntimeException("Fatal Error, ga dapet sqlmapconfignya. Cause: " + e, e); } catch (Exception e){ throw new RuntimeException("Fatal Error. Cause: " + e, e); } } public static SqlMapClient getSqlMap() { return sqlMap; } }
and we set the variable at sqlmapconfig.xml to fit decrypted properties values.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE sqlMapConfig PUBLIC "-//ibatis.apache.org//DTD SQL Map Config 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-config-2.dtd"> <sqlMapConfig> <settings useStatementNamespaces="true" lazyLoadingEnabled="true" enhancementEnabled="true" maxSessions="20" /> <transactionManager type="JDBC" commitRequired="false"> <dataSource type="SIMPLE"> <property name="SetAutoCommitAllowed" value="false"/> <property name="DefaultAutoCommit" value="false"/> <property name="JDBC.Driver" value="${JDBC.Driver}"/> <property name="JDBC.ConnectionURL" value="${JDBC.ConnectionURL}"/> <property name="JDBC.Username" value="${JDBC.Username}"/> <property name="JDBC.Password" value="${JDBC.Password}"/> </dataSource> </transactionManager> <!-- dont forget to register your sql map configs --> <sqlMap resource="com/edw/sqlmap/contoh.xml"/> </sqlMapConfig>
this is my project structure
this is what will happen if we submit the form
you can check it in the database