Spring Boot (XML Configuration) & Jasypt Integration

Question

My application is merely to startup an ActiveMQ broker.

I want to use XML-based configuration in Spring Boot, to make use of the XML configuration for ActiveMQ broker (referenced here ).

I'm using jasypt-spring-boot-starter for my encryption needs, but it seems that the encrypted values for my passwords are not being decrypted when the XML configuration is being initialised.

No errors during startup. Just that when I try to access the broker using admin/user it will fail with error "User name [user] or password is invalid."

Main Spring Boot App Class

@Configuration
@ComponentScan
@EnableAutoConfiguration
@SpringBootApplication
@RestController
@ImportResource({"classpath:activemq.xml"})
public class Application {
    public static void main(String[] args) throws Exception {
        SpringApplication.run(Application.class, args);
    }
}

Excerpt from Broker Config (activemq.xml)

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:amq="http://activemq.apache.org/schema/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://activemq.apache.org/schema/core 
    http://activemq.apache.org/schema/core/activemq-core.xsd">

    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="${activemq.broker.name}" dataDirectory="${activemq.broker.data}">

    <plugins>
        <runtimeConfigurationPlugin checkPeriod="1000" />

        <simpleAuthenticationPlugin>
                <users>
                <authenticationUser username="admin" password="${activemq.broker.admin.password}" groups="users,admins" />
                <authenticationUser username="user" password="${activemq.broker.user.password}" groups="users" />
                <authenticationUser username="guest" password="${activemq.broker.guest.password}" groups="guests" />
            </users>
        </simpleAuthenticationPlugin>
    </plugins>

...more

application.properties

jasypt.encryptor.password=thisisnotapassword
jasypt.encryptor.algorithm=PBEWITHMD5ANDTRIPLEDES
activemq.broker.admin.password=ENC(OZRghRNXYpRiiw18KD7P6Uf2Y7fOieI7)
activemq.broker.user.password=ENC(yOiHeJlh6Z+VRVmSZe//Yw==)
activemq.broker.guest.password=guest

One thing I noticed from the startup logs is that activemq.xml gets loaded before jasypt related logs appear

Loading XML bean definitions from class path resource [activemq.xml]
...some logs
String Encryptor custom Bean not found with name 'jasyptStringEncryptor'. Initializing Default String Encryptor

Answer 1

This can be solved by using a custom environment, as described in https://github.com/ulisesbocchio/jasypt-spring-boot :

    new SpringApplicationBuilder()
            .environment(new StandardEncryptableEnvironment())
            .sources(Application.class).run(args);

From the README.md:

This method is useful for early access of encrypted properties on bootstrap. While not required in most scenarios could be useful when customizing Spring Boot's init behavior or integrating with certain capabilities that are configured very early, such as Logging configuration.