spring-bootjasypt

Spring Boot JASYPT Failure Failed to bind properties under 'spring.datasource.password'


We currently have JASYPT running in boot 2.2.4, jasypt 3.0.2 with not issues. Only exception is the jasypt passphrase is obtained from a DB from a postProcessEnvironment event.

The new Spring Boot 2.3.2, Jaspt 3.0.2 throws the following on startup.

13:27:42.380 [restartedMain] ERROR o.s.b.w.e.tomcat.TomcatStarter onStartup - Error starting Tomcat context. Exception: org.springframework.beans.factory.BeanCreationException. Message: Error creating bean with name 'h2Console' defined in class path resource [org/springframework/boot/autoconfigure/h2/H2ConsoleAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.ServletRegistrationBean]: Factory method 'h2Console' threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'dataSource' defined in class path resource [org/springframework/boot/autoconfigure/jdbc/DataSourceConfiguration$Hikari.class]: Unsatisfied dependency expressed through method 'dataSource' parameter 0; nested exception is org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.datasource-org.springframework.boot.autoconfigure.jdbc.DataSourceProperties': Could not bind properties to 'DataSourceProperties' : prefix=spring.datasource, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.datasource.password' to java.lang.String
13:27:42.471 [restartedMain] ERROR o.s.b.d.LoggingFailureAnalysisReporter report -
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.2.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <properties>
        <java.version>1.8</java.version>
        <jacoco-maven-plugin.ver>0.8.2</jacoco-maven-plugin.ver>
        <jasypt.spring.boot.starter.ver>3.0.3</jasypt.spring.boot.starter.ver>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>com.microsoft.sqlserver</groupId>
            <artifactId>mssql-jdbc</artifactId>
            <scope>runtime</scope>
        </dependency>
        <!-- JASYPT Encryption -->
        <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>${jasypt.spring.boot.starter.ver}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-crypto</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-cache</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
.....
jasypt:
  encryptor:
    password: fubar
    #iv-generator-classname: org.jasypt.RandomIvGenerator
    #iv-generator-classname: org.jasypt.NoIvGenerator
spring:
  datasource:
    driverClassName: com.microsoft.sqlserver.jdbc.SQLServerDriver
    url: jdbc:sqlserver://myDb;databaseName=BAR;sendStringParametersAsUnicode=false
    username: Bullwincle
    password: ENC(dX8PMJjtC04JBzjSMllTop6s2/seBDHo)
    hikari:
      connection-timeout: 60000
      maximum-pool-size: 5
  jpa:
    database-platform: org.hibernate.dialect.SQLServerDialect
    show-sql: false
    generate-ddl: false
    hibernate:
      ddl-auto: none
      naming:
        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
    properties:
      hibernate:
        jdbc:
          time_zone: UTC
@SpringBootApplication
@EnableEncryptableProperties
public class MyApplication {

I do not have a custom Encryptor bean

Application starts with non-encrypted password.

TRIED:

iv-generator-classname: org.jasypt.NoIvGenerator

iv-generator-classname: org.jasypt.RandomIvGenerator

If I down grade JASYPT to 2.1.2 the application starts.


Solution

  • According to their release notes default encryption algorithm has been changed in 3.0.0 so what they suggest is to set these:

    jasypt:
      encryptor:
        algorithm: PBEWithMD5AndDES
        iv-generator-classname: org.jasypt.iv.NoIvGenerator