Integrating Jasypt with Hibernate

[size=large][size=medium][color=red]Integrating Jasypt with Hibernate[/color]
[color=red]Introduction to Jasypt (Java Simplified Encryption)[/color]Jasypt is a java library which allows the developer to add basic encryption capabilities to the projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

• High-security, standards-based encryption techniques, both for unidirectional and bidirectional encryption.
• Transparent integration with Hibernate.
• Suitable for integration into Spring-based applications and also transparently integrable with Spring Security.
• Integrated capabilities for encrypting the configuration of applications (i.e. data sources).
• Specific features for high-performance encryption in multi-processor/multi-core systems.
• Open API for use with any JCE provider, thread-safe, lightweight library, easy to use CLI (Command Line Interface) tools, Integrates into Apache Wicket, Complete support for languages like Japanese, Korean, Arabic... with no encoding or platform issues.
• Etc

A Basic program for encrypting and checking a password would be like below:


[img]http://dl.iteye.com/upload/attachment/0070/4244/9b903990-4efb-3366-8863-e58b1661461d.jpg[/img]


[color=red]1. Integration with Hibernate:[/color]Jasypt provides the jasypt-hibernate3 and jasypt-hibernate4 artifacts for Hibernate integration.
These integration libraries include several Hibernate UserType implementations that allow one or several of the properties in a mapped Hibernate entity to be declared as being of an encrypted type. Types allowed to be stored as encrypted include strings, binaries (byte arrays), numeric types, booleans and dates. Following actions are required for setting jasypt to encrypt data with hibernate

i. [color=red]Configuring the Hibernate mapping (2 types - by extension or by using a registered encryptor).[/color]a. By extension, declaring the encryptor parameters in the mapping itself (password, algorithm, providerName, etc). When this method is selected, the encryptor implementation used is always a StandardPBEStringEncryptor.


[img]http://dl.iteye.com/upload/attachment/0070/4250/f457ab65-ced9-3436-bbdd-ecde90ac0308.jpg[/img]

b. By using a registered encryptor, which will be registered with a specific name. The name should be used in the mapping file (encryptorRegisteredName).


[img]http://dl.iteye.com/upload/attachment/0070/4252/7bb9fc0e-f417-39a7-9ff6-c6b2d4012a99.jpg[/img]


ii. [color=red]Providing the encryptor to Hibernate (using Spring or Not Spring).[/color]Encryptor has to be created and object HibernatePBEEncryptor to wrap it and set a registered name.


[img]http://dl.iteye.com/upload/attachment/0070/4254/68f12c00-f761-3413-8836-0c3148828c9f.jpg[/img]


[color=red]1. Encrypting the db password in hibernate.cfg.xml[/color]For those applications that define data sources in Hibernate's hibernate.cfg.xml file, Jasypt provides two Connection Provider (org.hibernate.connection.ConnectionProvider) implementations which let the user declare the datasource parameters (driver, url, username and password) in an encrypted manner:

•org.jasypt.hibernate3|hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider, which extends Hibernate's Driver Manager connection provider (a very simplistic pool implementation).
•org.jasypt.hibernate3|hibernate4.connectionprovider.EncryptedPasswordC3P0ConnectionProvider, which extends Hibernate's C3P0-based connection provider.

Hibernate will use Jasypt's DriverManager-based connection provider and is passed a set of configuration parameters which contain an encrypted value, the connection.password property. The encryptor object should be mentioned for decrypting the encrypted parameters (connection.encryptor_registered_name).


[color=red]References[/color][/size][/size]• http://mvnrepository.com/artifact/org.jasypt
• http://camel.apache.org/jasypt.html
• http://www.jasypt.org/[/size][/size][/size][/size]

你可能感兴趣的:(技术总结)