From 006a0328313007c42eb3cc3c58644d6fe785c9a3 Mon Sep 17 00:00:00 2001 From: Art Date: Thu, 30 Sep 2021 14:08:12 +0300 Subject: [PATCH] 44.1 Jasypt dependency and made it work (#44 encrypt passwords using jasypt) --- support-portal-backend/pom.xml | 6 ++++ .../SecretsManagerPropertiesListener.java | 32 ++++++++++++------- .../src/main/resources/application.yml | 18 +++++++---- 3 files changed, 37 insertions(+), 19 deletions(-) diff --git a/support-portal-backend/pom.xml b/support-portal-backend/pom.xml index 18f2332..0ec86f5 100644 --- a/support-portal-backend/pom.xml +++ b/support-portal-backend/pom.xml @@ -92,6 +92,12 @@ 1.12.75 + + com.github.ulisesbocchio + jasypt-spring-boot-starter + 2.0.0 + + org.springframework.boot spring-boot-starter-test diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java index 897856d..60c3cd5 100644 --- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java +++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java @@ -6,7 +6,7 @@ import com.amazonaws.services.secretsmanager.model.*; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import lombok.extern.slf4j.Slf4j; -import org.springframework.boot.context.event.ApplicationPreparedEvent; +import org.springframework.boot.context.event.ApplicationEnvironmentPreparedEvent; import org.springframework.context.ApplicationListener; import org.springframework.core.env.ConfigurableEnvironment; import org.springframework.core.env.PropertiesPropertySource; @@ -16,29 +16,37 @@ import java.util.Base64; import java.util.Properties; @Slf4j -public class SecretsManagerPropertiesListener implements ApplicationListener { +public class SecretsManagerPropertiesListener implements ApplicationListener { private ObjectMapper mapper = new ObjectMapper(); @Override - public void onApplicationEvent(ApplicationPreparedEvent event) { + public void onApplicationEvent(ApplicationEnvironmentPreparedEvent event) { - String activeProfiles = event.getApplicationContext().getEnvironment().getProperty("spring.profiles.active"); - if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return; + System.out.println("ApplicationListener invoked"); + log.info("ApplicationListener invoked"); + + ConfigurableEnvironment environment = event.getEnvironment(); + String activeProfiles = environment.getProperty("spring.profiles.active"); +// if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return; String secretJson = getSecret(); log.debug("Retrieved secretJson from Secret Manager: {}", secretJson); + System.out.println("Retrieved secretJson from Secret Manager: " + secretJson); - String jwtSecret = getString(secretJson, "app_jwt_secret"); - String springDatasourceUsername = getString(secretJson, "spring_datasource_username"); - String springDatasourcePassword = getString(secretJson, "spring_datasource_password"); + String jasyptPassword = getString(secretJson, "jasypt_password"); +// String jwtSecret = getString(secretJson, "app_jwt_secret"); +// String springDatasourceUsername = getString(secretJson, "spring_datasource_username"); +// String springDatasourcePassword = getString(secretJson, "spring_datasource_password"); - ConfigurableEnvironment environment = event.getApplicationContext().getEnvironment(); Properties props = new Properties(); - props.put("app.jwt.secret", jwtSecret); - props.put("spring.datasource.username", springDatasourceUsername); - props.put("spring.datasource.password", springDatasourcePassword); + System.setProperty("JASYPT_PASSWORD", jasyptPassword); + props.put("jasypt.encryptor.password", jasyptPassword); + +// props.put("app.jwt.secret", jwtSecret); +// props.put("spring.datasource.username", springDatasourceUsername); +// props.put("spring.datasource.password", springDatasourcePassword); environment.getPropertySources().addFirst(new PropertiesPropertySource("aws.secret.manager", props)); diff --git a/support-portal-backend/src/main/resources/application.yml b/support-portal-backend/src/main/resources/application.yml index b35ef0a..27a07ab 100644 --- a/support-portal-backend/src/main/resources/application.yml +++ b/support-portal-backend/src/main/resources/application.yml @@ -21,8 +21,8 @@ spring: datasource: driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://mysql:3306/support-portal - username: support_portal_user - password: support_portal_password + username: ENC(bGNdXu0n1sQxtHpAQy8E/fegT25zKbk6iTZoqg8ddaU=) + password: ENC(hZarzMkUMf97sQ07tD58A2HOhbdoPdZtcpkif4vR9jY=) jpa: hibernate: ddl-auto: update @@ -44,8 +44,12 @@ app: cors: allowed-origins: http://localhost:4200,https://localhost:4200,http://art-support-portal.s3-website.eu-north-1.amazonaws.com,http://portal.shyshkin.net jwt: - secret: VeRy_5ecretP@55W0rd! + secret: ENC(VAMFn7FEkahKbzf+99EzkajMeLjE/WvJLCadLVZXSE8=) # secret: ${random.value} #Does not work - every time generates new value +jasypt: + encryptor: + password: ${JASYPT_PASSWORD} + --- spring: config: @@ -94,13 +98,13 @@ spring: on-profile: aws-rds datasource: url: jdbc:mysql://portal-db.coaum9neetxc.eu-north-1.rds.amazonaws.com:3306/support_portal - username: portal_user - password: Supp0rt_Porta!_PAssword + username: ENC(35q85d0/Lei1FAWM5zvqUyfnOxvUYqWG) + password: ENC(IN86fPa4xxATIP1S5fV94fos3drWXOTCurStNvQYM9s=) mail: host: email-smtp.eu-north-1.amazonaws.com port: 587 - username: AKIAVW7XGDOWFHHCELIH - password: BJyWOWS1xWYR35MRCFn3BuuQ6vY+k7DRsdAvOfqDs/Fk + username: ENC(WWVCoLPOjjNlfepTKeRFF4wep6onc3LnbkoPGh+Xwqc=) + password: ENC(VTO/7U6tFHSzMs6UtTusUXSWAUkgLaTbsqvsVphIvCS9VfdEd9nx8+919i7usoKwvuzWZPFx4/8=) # we want to test (1) from localhost, (2) from S3 bucket Static Web Site, (3) from our EC2 instance app: