爲什麼Jasypt嘗試，不管ENC（前綴解密駱駝物業佔位符？

Question

在部署在JBoss中保險絲6.1.0-379我的藍圖應用程序，我想確保我用創建數據庫連接的密碼。我讀this文章並添加<enc:property-placeholder>藍圖配置。但是我的藍圖配置有很多財產佔位符，並且似乎Jasypt佔位符解析器正試圖解密所有我在駱駝上下文定義的佔位符。當藍圖背景下啓動時，我得到以下情況除外：

11:59:51,233 | ERROR | t-379-dmz/deploy | BlueprintCamelContext   | 151 - org.apache.camel.camel-blueprint - 2.12.0.redhat-610379 | Error occurred during starting Camel: CamelContext(camel-5) due Failed to create route route7: Route(route7)[[From[{{uri}}]] -> [Log[logging]]] because of Failed to resolve endpoint: {{uri}} due to: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
org.apache.camel.FailedToCreateRouteException: Failed to create route route7: Route(route7)[[From[{{uri}}]] -> [Log[logging]]] because of Failed to resolve endpoint: {{uri}} due to: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.apache.camel.model.RouteDefinition.addRoutes(RouteDefinition.java:182)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.startRoute(DefaultCamelContext.java:778)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:1955)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.doStartCamel(DefaultCamelContext.java:1705)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.doStart(DefaultCamelContext.java:1579)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.support.ServiceSupport.start(ServiceSupport.java:61)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:1547)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintCamelContext.start(BlueprintCamelContext.java:177)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintCamelContext.maybeStart(BlueprintCamelContext.java:209)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintCamelContext.serviceChanged(BlueprintCamelContext.java:147)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:934)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:795)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:544)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4666)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.registerService(Felix.java:3674)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:347)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.aries.blueprint.container.BlueprintContainerImpl.registerService(BlueprintContainerImpl.java:448)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:383)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:261)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:270)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:233)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1103)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:696)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:484)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4650)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix$4.run(Felix.java:2123)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.runInContext(Felix.java:2147)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.startBundle(Felix.java:2121)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:955)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.startBundle(DirectoryWatcher.java:1247)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.startBundles(DirectoryWatcher.java:1219)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.startAllBundles(DirectoryWatcher.java:1208)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.process(DirectoryWatcher.java:503)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:291)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve endpoint: {{uri}} due to: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.apache.camel.impl.DefaultCamelContext.getEndpoint(DefaultCamelContext.java:480)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.util.CamelContextHelper.getMandatoryEndpoint(CamelContextHelper.java:71)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.RouteDefinition.resolveEndpoint(RouteDefinition.java:192)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultRouteContext.resolveEndpoint(DefaultRouteContext.java:106)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultRouteContext.resolveEndpoint(DefaultRouteContext.java:112)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.FromDefinition.resolveEndpoint(FromDefinition.java:72)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultRouteContext.getEndpoint(DefaultRouteContext.java:88)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.RouteDefinition.addRoutes(RouteDefinition.java:890)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.RouteDefinition.addRoutes(RouteDefinition.java:177)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    ... 38 more 
Caused by: org.apache.camel.RuntimeCamelException: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.apache.camel.util.ObjectHelper.wrapRuntimeCamelException(ObjectHelper.java:1363)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.util.ObjectHelper.invokeMethod(ObjectHelper.java:1005)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintPropertiesParser.parseProperty(BlueprintPropertiesParser.java:137)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.DefaultPropertiesParser.createPlaceholderPart(DefaultPropertiesParser.java:201)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.DefaultPropertiesParser.doParseUri(DefaultPropertiesParser.java:105)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.DefaultPropertiesParser.parseUri(DefaultPropertiesParser.java:51)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.PropertiesComponent.parseUri(PropertiesComponent.java:160)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.PropertiesComponent.parseUri(PropertiesComponent.java:119)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.resolvePropertyPlaceholders(DefaultCamelContext.java:1155)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.getEndpoint(DefaultCamelContext.java:478)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    ... 46 more 
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918) 
    at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725) 
    at org.apache.karaf.jaas.jasypt.handler.EncryptablePropertyPlaceholder.getProperty(EncryptablePropertyPlaceholder.java:38) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.7.0_25] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[:1.7.0_25] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.7.0_25] 
    at java.lang.reflect.Method.invoke(Method.java:606)[:1.7.0_25] 
    at org.apache.camel.util.ObjectHelper.invokeMethod(ObjectHelper.java:1001)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    ... 54 more 

我創建了一個帶有藍圖上下文一個測試包僅包含在所定義的一個佔位符屬性Camel上下文，而不使用加密的ENC（）佔位符語法。我剛剛添加<enc:property-placeholder>，並且該捆綁未能以相同的異常開始（org.jasypt.exceptions.EncryptionOperationNotPossibleException）。

這是期望行爲？

我的藍圖配置：

<?xml version="1.0" encoding="UTF-8"?> 
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" 
      xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" 
      xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0" 
      xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"> 


    <cm:property-placeholder persistent-id="encrypt.config" update-strategy="reload" > 
     <cm:default-properties> 
      <cm:property name="uri" value="timer://foo?fixedRate=true&amp;period=6000"/> 
     </cm:default-properties> 
    </cm:property-placeholder> 

    <enc:property-placeholder> 
     <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> 
      <property name="config"> 
       <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> 
        <property name="algorithm" value="PBEWithMD5AndDES" /> 
        <property name="password" value="password" /> 
       </bean> 
      </property> 
     </enc:encryptor> 
    </enc:property-placeholder> 

    <camelContext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns="http://camel.apache.org/schema/blueprint" 
        xsi:schemaLocation="http://camel.apache.org/schema/blueprint"> 
     <route> 
      <from uri="{{uri}}"/> 
      <log message="logging" loggingLevel="INFO" id="logBeforeService"></log> 
     </route> 
    </camelContext> 

</blueprint> 

Answer 1

編輯：從RedHat的支持響應

所以這是一個已知的問題，那裏有它幾個吉拉問題（here和here），和似乎該問題已在較新版本的Camel中得到解決。我已經使用名爲jboss-fuse-6.1.0.redhat-379-r1p3的修補程序提供的版本2.12.0.redhat-611412進行了測試，並且不再拋出異常。

不管我以前所說，即時通訊這個實現非常高興。如果它不能解密一個被有效加密的值，那麼我想要拋出一個異常，而這正是發生的情況。我將加密值修改爲ENC（invalid_and_should_throw_exception），並拋出異常，就像我期望的那樣。

Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException 

編輯：更簡潔的回答

駱駝藍圖的行爲有所不同，以駱駝爲核心，在問候它解決財產佔位符值的方式。 Camel-Core要求開發人員爲駝峯屬性語法[1]定義一個駱駝屬性佔位符解析器，該解析器可解析駱駝上下文中的屬性。顯然，這背後的原因是爲了避免Spring屬性語法[2]和Camel簡單表達式語言語法[3]之間的衝突。開發人員可以選擇通過添加額外配置來將Spring Property Placeholder Resolver與Camel橋接在一起。

〔1 - 駱駝屬性語法]

{{org.my.prop}} 

[2 - 彈簧特性語法]

${org.my.prop} 

[3 - 簡單表達式語言語法]

${exchange.body} 

在Camel-藍圖，Blueprint Property Placeholder Resolvers和Camel Context之間的橋接自動發生。當創建Blueprint Camel上下文時，將注入Blueprint Bundle上下文。通過Blueprint Bundle上下文，Camel將所有的bean從其中取出，並確定它們是否可分配給Apache Aries實現AbstractPropertyPlaceholder。使用您定義的Property Placeholder Resolvers的每個實例，Camel可以調用resolveProperty方法，而無需解析每個解析器定義的屬性語法。

由於Jasypt屬性佔位符解析器需要佔位符語法[4]，它只是忽略劑量符合此語法的所有內容。由於Camel-Blueprint繞過了確保屬性語法的驗證，因此我們最終在Camel告訴Jasypt佔位符解析器解密我們嘗試在我們的Camel上下文中使用的每個屬性的場景中。這當然會拋出一個異常，因爲你試圖解密一個未加密的屬性。

[4 - Jasypt藍圖屬性語法]

ENC(encrypted.value) 

解決方案：

1. 創建它實現了Jasypt StringEncryptor並保持StandardPBEStringEncryptor作爲屬性的類。實施的加密和解密方法調用StandardPBEStringEncryptor的加密和解密方法，但捕獲拋出的任何異常。

   • 這是我在原始答案中給出的解決方案。
   • 如果無法解密不應被忽略的加密值，則這很危險。捆綁包不應該啓動，以防止例如您的數據庫帳戶被鎖定。

2. 在將它們傳遞給佔位符解析器之前手動解密值。

   • 您可以創建一個配置服務，在這裏你compaile從各種來源的所有配置，手動解密所有的加密值，然後露出屬性OSGi服務是共享翻過包。
   • 我已經離開了這個設計，它基本上重新實現了由Karaf本地提供的ConfigurationAdmin服務（加上Karaf不提供的解密），但它不如Karaf提供的那樣好它無法檢測應用程序配置何時發生變化。
3. 在運行時解密值。
   • 對此也不感興趣，要求您的應用程序知道哪些應用程序屬性需要加密。

我已經通過我們的支持合同提出了與紅帽的支持票，我會繼續，如果發生了任何事情的它，你更新。

原來的答案：

我想我想通了這一個了。根據駱駝文檔，在藍圖中，駱駝能夠檢測到藍圖佔位符解析器存在，並嘗試使用它來解析其屬性。

問題在於它不關心佔位符前綴和後綴是什麼，它只是繼續前進，並使用它無垢。 Jasypt佔位符解析器已被設置爲僅當佔位符前綴爲「ENC（」且後綴爲「）」時才被調用，請記住駱駝劑量關心這一點。 Camel將其未解析的屬性傳遞給Jasypt屬性解析器，當然這試圖解密它們。由於它們未加密，因此引發異常。

爲了解決這個問題，我創建了一個實現Jasypt StringEncryptor的自定義加密器。自定義加密器包含StandardPBEStingEncryptor的一個實例，並使用它來執行實際的加密/解密。關鍵區別在於異常被捕獲並被忽略，因此如果嘗試解密未加密的駱駝屬性引發異常，那麼它將被忽略，並且應用程序會像平常一樣繼續。

的Java類：

package uk.co.test; 

import org.jasypt.encryption.StringEncryptor; 
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; 
import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 

public class CustomEncryptor implements StringEncryptor { 

    private StandardPBEStringEncryptor encryptor; 
    private static final Logger LOG = LoggerFactory.getLogger(CustomEncryptor.class); 

    public CustomEncryptor(String password) { 
     encryptor = new StandardPBEStringEncryptor(); 
     encryptor.setPassword(password); 
    } 

    @Override 
    public String decrypt(String value) { 

     String ret = null; 

     try { 
      ret = encryptor.decrypt(value); 
     } catch (Exception e) { 
      LOG.error("Failed to decrypt value."); 
     } 

     return ret; 
    } 

    @Override 
    public String encrypt(String value) { 

     String ret = null; 

     try { 
      ret = encryptor.encrypt(value); 
     } catch (Exception e) { 
      LOG.error("Failed to encrypt value."); 
     } 

     return ret; 
    } 

    public StandardPBEStringEncryptor getEncryptor() { 
     return encryptor; 
    } 

    public void setEncryptor(StandardPBEStringEncryptor encryptor) { 
     this.encryptor = encryptor; 
    } 

} 

藍圖配置：

<enc:property-placeholder> 
    <enc:encryptor class="uk.co.test.CustomEncryptor"> 
     <argument value="myPass" /> 
    </enc:encryptor> 
</enc:property-placeholder>