Jasypt Encrypting the database password in hibernate.cfg.xml

For those applications that define datasources in Hibernate's hibernate.cfg.xml file, Jasypt provides two Connection Provider (org.hibernate.connection.ConnectionProvider) implementations which let the user declare the datasource parameters (driver, url, username and password) in an encrypted manner:

• org.jasypt.hibernate3|hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider, which extends Hibernate's Driver Manager connection provider (a very simplistic pool implementation).

• org.jasypt.hibernate3|hibernate4.connectionprovider.EncryptedPasswordC3P0ConnectionProvider, which extends Hibernate's C3P0-based connection provider.

They are used like this in hibernate.cfg.xml:

<?xml version="1.0" encoding="utf-8"?> 
<!DOCTYPE hibernate-configuration PUBLIC 
   "-//Hibernate/Hibernate Configuration DTD//EN" 
   "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
    
<hibernate-configuration>
  <session-factory>
    
    <property name="connection.provider_class">
      org.jasypt.hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider
    </property>
    <property name="connection.encryptor_registered_name">
      configurationHibernateEncryptor
    </property>
    
    <property name="connection.url">jdbc:mysql://localhost/reportsdb</property>
    <property name="connection.driver_class">com.mysql.jdbc.Driver</property>
    <property name="connection.username">reportsUser</property>
    <property name="connection.password">ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)</property>
    <property name="connection.pool_size">12</property>

    <property name="show_sql">true</property>
    <property name="dialect">org.hibernate.dialect.MySQLDialect</property>
    
    <!-- Mappings etc... -->
        
   </session-factory>
</hibernate-configuration>

In this configuration, Hibernate is told to use Jasypt's DriverManager-based connection provider and is passed a set of configuration parameters which contain an encrypted value, the connection.password property. Then, Hibernate is also told about which is the encryptor object to be used for decrypting the encrypted parameters (connection.encryptor_registered_name).

This encryptor object should have been registered beforehand as a Hibernate Encryptor, as explained in the 'Transparent data encryption' section.

注：本文转载自：http://www.jasypt.org/hibernate.html