为什么Jasypt尝试，不管ENC（前缀解密骆驼物业占位符？

Question

在部署在JBoss中保险丝6.1.0-379我的蓝图应用程序，我想确保我用创建数据库连接的密码。我读this文章并添加<enc:property-placeholder>蓝图配置。但是我的蓝图配置有很多财产占位符，并且似乎Jasypt占位符解析器正试图解密所有我在骆驼上下文定义的占位符。当蓝图背景下启动时，我得到以下情况除外：

11:59:51,233 | ERROR | t-379-dmz/deploy | BlueprintCamelContext   | 151 - org.apache.camel.camel-blueprint - 2.12.0.redhat-610379 | Error occurred during starting Camel: CamelContext(camel-5) due Failed to create route route7: Route(route7)[[From[{{uri}}]] -> [Log[logging]]] because of Failed to resolve endpoint: {{uri}} due to: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
org.apache.camel.FailedToCreateRouteException: Failed to create route route7: Route(route7)[[From[{{uri}}]] -> [Log[logging]]] because of Failed to resolve endpoint: {{uri}} due to: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.apache.camel.model.RouteDefinition.addRoutes(RouteDefinition.java:182)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.startRoute(DefaultCamelContext.java:778)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:1955)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.doStartCamel(DefaultCamelContext.java:1705)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.doStart(DefaultCamelContext.java:1579)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.support.ServiceSupport.start(ServiceSupport.java:61)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:1547)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintCamelContext.start(BlueprintCamelContext.java:177)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintCamelContext.maybeStart(BlueprintCamelContext.java:209)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintCamelContext.serviceChanged(BlueprintCamelContext.java:147)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:934)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:795)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:544)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4666)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.registerService(Felix.java:3674)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:347)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.aries.blueprint.container.BlueprintContainerImpl.registerService(BlueprintContainerImpl.java:448)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:383)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:261)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:270)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:233)[9:org.apache.aries.blueprint.core:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)[11:org.apache.aries.util:1.0.1.redhat-610379] 
    at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1103)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:696)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:484)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4650)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix$4.run(Felix.java:2123)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.runInContext(Felix.java:2147)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.Felix.startBundle(Felix.java:2121)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:955)[org.apache.felix.framework-4.0.3.redhat-610379.jar:] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.startBundle(DirectoryWatcher.java:1247)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.startBundles(DirectoryWatcher.java:1219)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.startAllBundles(DirectoryWatcher.java:1208)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.process(DirectoryWatcher.java:503)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
    at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:291)[7:org.apache.felix.fileinstall:3.3.11.redhat-610379] 
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve endpoint: {{uri}} due to: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.apache.camel.impl.DefaultCamelContext.getEndpoint(DefaultCamelContext.java:480)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.util.CamelContextHelper.getMandatoryEndpoint(CamelContextHelper.java:71)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.RouteDefinition.resolveEndpoint(RouteDefinition.java:192)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultRouteContext.resolveEndpoint(DefaultRouteContext.java:106)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultRouteContext.resolveEndpoint(DefaultRouteContext.java:112)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.FromDefinition.resolveEndpoint(FromDefinition.java:72)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultRouteContext.getEndpoint(DefaultRouteContext.java:88)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.RouteDefinition.addRoutes(RouteDefinition.java:890)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.model.RouteDefinition.addRoutes(RouteDefinition.java:177)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    ... 38 more 
Caused by: org.apache.camel.RuntimeCamelException: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.apache.camel.util.ObjectHelper.wrapRuntimeCamelException(ObjectHelper.java:1363)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.util.ObjectHelper.invokeMethod(ObjectHelper.java:1005)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.blueprint.BlueprintPropertiesParser.parseProperty(BlueprintPropertiesParser.java:137)[151:org.apache.camel.camel-blueprint:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.DefaultPropertiesParser.createPlaceholderPart(DefaultPropertiesParser.java:201)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.DefaultPropertiesParser.doParseUri(DefaultPropertiesParser.java:105)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.DefaultPropertiesParser.parseUri(DefaultPropertiesParser.java:51)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.PropertiesComponent.parseUri(PropertiesComponent.java:160)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.component.properties.PropertiesComponent.parseUri(PropertiesComponent.java:119)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.resolvePropertyPlaceholders(DefaultCamelContext.java:1155)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    at org.apache.camel.impl.DefaultCamelContext.getEndpoint(DefaultCamelContext.java:478)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    ... 46 more 
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException 
    at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:918) 
    at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725) 
    at org.apache.karaf.jaas.jasypt.handler.EncryptablePropertyPlaceholder.getProperty(EncryptablePropertyPlaceholder.java:38) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.7.0_25] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[:1.7.0_25] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.7.0_25] 
    at java.lang.reflect.Method.invoke(Method.java:606)[:1.7.0_25] 
    at org.apache.camel.util.ObjectHelper.invokeMethod(ObjectHelper.java:1001)[143:org.apache.camel.camel-core:2.12.0.redhat-610379] 
    ... 54 more 

我创建了一个带有蓝图上下文一个测试包仅包含在所定义的一个占位符属性Camel上下文，而不使用加密的ENC（）占位符语法。我刚刚添加<enc:property-placeholder>，并且该捆绑未能以相同的异常开始（org.jasypt.exceptions.EncryptionOperationNotPossibleException）。

这是期望行为？

我的蓝图配置：

<?xml version="1.0" encoding="UTF-8"?> 
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" 
      xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" 
      xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0" 
      xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"> 


    <cm:property-placeholder persistent-id="encrypt.config" update-strategy="reload" > 
     <cm:default-properties> 
      <cm:property name="uri" value="timer://foo?fixedRate=true&amp;period=6000"/> 
     </cm:default-properties> 
    </cm:property-placeholder> 

    <enc:property-placeholder> 
     <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> 
      <property name="config"> 
       <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> 
        <property name="algorithm" value="PBEWithMD5AndDES" /> 
        <property name="password" value="password" /> 
       </bean> 
      </property> 
     </enc:encryptor> 
    </enc:property-placeholder> 

    <camelContext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns="http://camel.apache.org/schema/blueprint" 
        xsi:schemaLocation="http://camel.apache.org/schema/blueprint"> 
     <route> 
      <from uri="{{uri}}"/> 
      <log message="logging" loggingLevel="INFO" id="logBeforeService"></log> 
     </route> 
    </camelContext> 

</blueprint> 

Answer 1

编辑：从RedHat的支持响应

所以这是一个已知的问题，那里有它几个吉拉问题（here和here），和似乎该问题已在较新版本的Camel中得到解决。我已经使用名为jboss-fuse-6.1.0.redhat-379-r1p3的修补程序提供的版本2.12.0.redhat-611412进行了测试，并且不再抛出异常。

不管我以前所说，即时通讯这个实现非常高兴。如果它不能解密一个被有效加密的值，那么我想要抛出一个异常，而这正是发生的情况。我将加密值修改为ENC（invalid_and_should_throw_exception），并抛出异常，就像我期望的那样。

Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException 

编辑：更简洁的回答

骆驼蓝图的行为有所不同，以骆驼为核心，在问候它解决财产占位符值的方式。 Camel-Core要求开发人员为驼峰属性语法[1]定义一个骆驼属性占位符解析器，该解析器可解析骆驼上下文中的属性。显然，这背后的原因是为了避免Spring属性语法[2]和Camel简单表达式语言语法[3]之间的冲突。开发人员可以选择通过添加额外配置来将Spring Property Placeholder Resolver与Camel桥接在一起。

〔1 - 骆驼属性语法]

{{org.my.prop}} 

[2 - 弹簧特性语法]

${org.my.prop} 

[3 - 简单表达式语言语法]

${exchange.body} 

在Camel-蓝图，Blueprint Property Placeholder Resolvers和Camel Context之间的桥接自动发生。当创建Blueprint Camel上下文时，将注入Blueprint Bundle上下文。通过Blueprint Bundle上下文，Camel将所有的bean从其中取出，并确定它们是否可分配给Apache Aries实现AbstractPropertyPlaceholder。使用您定义的Property Placeholder Resolvers的每个实例，Camel可以调用resolveProperty方法，而无需解析每个解析器定义的属性语法。

由于Jasypt属性占位符解析器需要占位符语法[4]，它只是忽略剂量符合此语法的所有内容。由于Camel-Blueprint绕过了确保属性语法的验证，因此我们最终在Camel告诉Jasypt占位符解析器解密我们尝试在我们的Camel上下文中使用的每个属性的场景中。这当然会抛出一个异常，因为你试图解密一个未加密的属性。

[4 - Jasypt蓝图属性语法]

ENC(encrypted.value) 

解决方案：

1. 创建它实现了Jasypt StringEncryptor并保持StandardPBEStringEncryptor作为属性的类。实施的加密和解密方法调用StandardPBEStringEncryptor的加密和解密方法，但捕获抛出的任何异常。

   • 这是我在原始答案中给出的解决方案。
   • 如果无法解密不应被忽略的加密值，则这很危险。捆绑包不应该启动，以防止例如您的数据库帐户被锁定。

2. 在将它们传递给占位符解析器之前手动解密值。

   • 您可以创建一个配置服务，在这里你compaile从各种来源的所有配置，手动解密所有的加密值，然后露出属性OSGi服务是共享翻过包。
   • 我已经离开了这个设计，它基本上重新实现了由Karaf本地提供的ConfigurationAdmin服务（加上Karaf不提供的解密），但它不如Karaf提供的那样好它无法检测应用程序配置何时发生变化。
3. 在运行时解密值。
   • 对此也不感兴趣，要求您的应用程序知道哪些应用程序属性需要加密。

我已经通过我们的支持合同提出了与红帽的支持票，我会继续，如果发生了任何事情的它，你更新。

原来的答案：

我想我想通了这一个了。根据骆驼文档，在蓝图中，骆驼能够检测到蓝图占位符解析器存在，并尝试使用它来解析其属性。

问题在于它不关心占位符前缀和后缀是什么，它只是继续前进，并使用它无垢。 Jasypt占位符解析器已被设置为仅当占位符前缀为“ENC（”且后缀为“）”时才被调用，请记住骆驼剂量关心这一点。 Camel将其未解析的属性传递给Jasypt属性解析器，当然这试图解密它们。由于它们未加密，因此引发异常。

为了解决这个问题，我创建了一个实现Jasypt StringEncryptor的自定义加密器。自定义加密器包含StandardPBEStingEncryptor的一个实例，并使用它来执行实际的加密/解密。关键区别在于异常被捕获并被忽略，因此如果尝试解密未加密的骆驼属性引发异常，那么它将被忽略，并且应用程序会像平常一样继续。

的Java类：

package uk.co.test; 

import org.jasypt.encryption.StringEncryptor; 
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; 
import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 

public class CustomEncryptor implements StringEncryptor { 

    private StandardPBEStringEncryptor encryptor; 
    private static final Logger LOG = LoggerFactory.getLogger(CustomEncryptor.class); 

    public CustomEncryptor(String password) { 
     encryptor = new StandardPBEStringEncryptor(); 
     encryptor.setPassword(password); 
    } 

    @Override 
    public String decrypt(String value) { 

     String ret = null; 

     try { 
      ret = encryptor.decrypt(value); 
     } catch (Exception e) { 
      LOG.error("Failed to decrypt value."); 
     } 

     return ret; 
    } 

    @Override 
    public String encrypt(String value) { 

     String ret = null; 

     try { 
      ret = encryptor.encrypt(value); 
     } catch (Exception e) { 
      LOG.error("Failed to encrypt value."); 
     } 

     return ret; 
    } 

    public StandardPBEStringEncryptor getEncryptor() { 
     return encryptor; 
    } 

    public void setEncryptor(StandardPBEStringEncryptor encryptor) { 
     this.encryptor = encryptor; 
    } 

} 

蓝图配置：

<enc:property-placeholder> 
    <enc:encryptor class="uk.co.test.CustomEncryptor"> 
     <argument value="myPass" /> 
    </enc:encryptor> 
</enc:property-placeholder>