We currently have JASYPT running in boot 2.2.4, jasypt 3.0.2 with not issues. Only exception is the jasypt passphrase is obtained from a DB from a postProcessEnvironment event.
The new Spring Boot 2.3.2, Jaspt 3.0.2 throws the following on startup.
13:27:42.380 [restartedMain] ERROR o.s.b.w.e.tomcat.TomcatStarter onStartup - Error starting Tomcat context. Exception: org.springframework.beans.factory.BeanCreationException. Message: Error creating bean with name 'h2Console' defined in class path resource [org/springframework/boot/autoconfigure/h2/H2ConsoleAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.ServletRegistrationBean]: Factory method 'h2Console' threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'dataSource' defined in class path resource [org/springframework/boot/autoconfigure/jdbc/DataSourceConfiguration$Hikari.class]: Unsatisfied dependency expressed through method 'dataSource' parameter 0; nested exception is org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.datasource-org.springframework.boot.autoconfigure.jdbc.DataSourceProperties': Could not bind properties to 'DataSourceProperties' : prefix=spring.datasource, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.datasource.password' to java.lang.String
13:27:42.471 [restartedMain] ERROR o.s.b.d.LoggingFailureAnalysisReporter report -
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<java.version>1.8</java.version>
<jacoco-maven-plugin.ver>0.8.2</jacoco-maven-plugin.ver>
<jasypt.spring.boot.starter.ver>3.0.3</jasypt.spring.boot.starter.ver>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<scope>runtime</scope>
</dependency>
<!-- JASYPT Encryption -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>${jasypt.spring.boot.starter.ver}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-cache</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
.....
jasypt:
encryptor:
password: fubar
#iv-generator-classname: org.jasypt.RandomIvGenerator
#iv-generator-classname: org.jasypt.NoIvGenerator
spring:
datasource:
driverClassName: com.microsoft.sqlserver.jdbc.SQLServerDriver
url: jdbc:sqlserver://myDb;databaseName=BAR;sendStringParametersAsUnicode=false
username: Bullwincle
password: ENC(dX8PMJjtC04JBzjSMllTop6s2/seBDHo)
hikari:
connection-timeout: 60000
maximum-pool-size: 5
jpa:
database-platform: org.hibernate.dialect.SQLServerDialect
show-sql: false
generate-ddl: false
hibernate:
ddl-auto: none
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
properties:
hibernate:
jdbc:
time_zone: UTC
@SpringBootApplication
@EnableEncryptableProperties
public class MyApplication {
I do not have a custom Encryptor bean
Application starts with non-encrypted password.
TRIED:
iv-generator-classname: org.jasypt.NoIvGenerator
iv-generator-classname: org.jasypt.RandomIvGenerator
If I down grade JASYPT to 2.1.2 the application starts.
According to their release notes default encryption algorithm has been changed in 3.0.0 so what they suggest is to set these:
jasypt:
encryptor:
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.NoIvGenerator