[mule-dev] Passing the passowrd info to https connector from a POJO

7 views
Skip to first unread message

hari krishna balusulapalem

unread,
May 27, 2009, 7:15:47 PM5/27/09
to d...@mule.codehaus.org
We have security mandate that the password for https connection can't be in plain text for using property place holder. We would be having the passwords in a GPG encrypted (company standard) fiile, we need to dynamically read the file, decrypt and pass the same to HTTPS connector during start-up. This kind of behavior is doable with Mule? I tried to send from a spring bean using expressions and registry, however as spring bean is not instantiated looks like the values are coming as null

Can somebody share some info to handle this information. Below is my mule config. I have read somewhere by default spring beans would be registered in registry and we can access the same with expressions

<https:connector name="httpConnector">
<https:tls-key-store path="${bam.mule.server.keystore.path}" keyPassword="#[mule:registry.testBean.keyPassword]" storePassword="${bam.mule.server.keystore.password}"/>
<https:tls-server path="${bam.mule.server.truststore.path}" storePassword="${bam.mule.server.truststore.password}" requireClientAuthentication="false"/>
</https:connector>
<spring:bean id="testBean" lazy-init="false" class="product.bam.mule.component.CredentialManager">
</spring:bean>
and below is my bean


package product.bam.mule.component;

public class CredentialManager {

private String keyPassword;
private String keyStorePassword;
private String trustStorePasswprd;

public String getKeyPassword() {
return "DemoIdentityPassPhrase";
}
public void setKeyPassword(String keyPassword) {
this.keyPassword = keyPassword;
}
public String getKeyStorePassword() {
return "DemoIdentityKeyStorePassPhrase";
}
public void setKeyStorePassword(String keyStorePassword) {
this.keyStorePassword = keyStorePassword;
}
public String getTrustStorePasswprd() {
return "DemoTrustKeyStorePassPhrase";
}
public void setTrustStorePasswprd(String trustStorePasswprd) {
this.trustStorePasswprd = trustStorePasswprd;
}
}

The exception i am geeting is this

<May 27, 2009 7:14:38 PM EDT> <Error> <org.mule.config.builders.WebappMuleXmlConfigurationBuilder> <BEA-000000> <Configuration with "org.mule.config.builders.WebappMuleXmlConfigurationBuilder" failed.
org.mule.api.lifecycle.InitialisationException: Initialisation Failure: Error creating bean with name 'httpConnector': Invocation of init method failed; nested exception is org.mule.api.lifecycle.InitialisationException: Initialisation Failure: Failed to load Key Manager
at org.mule.registry.AbstractRegistry.initialise(AbstractRegistry.java:76)
at org.mule.config.spring.SpringXmlConfigurationBuilder.createSpringRegistry(SpringXmlConfigurationBuilder.java:98)
at org.mule.config.spring.SpringXmlConfigurationBuilder.doConfigure(SpringXmlConfigurationBuilder.java:69)
at org.mule.config.builders.WebappMuleXmlConfigurationBuilder.doConfigure(WebappMuleXmlConfigurationBuilder.java:82)
at org.mule.config.builders.AbstractConfigurationBuilder.configure(AbstractConfigurationBuilder.java:39)
Truncated. see log file for complete stacktrace
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'httpConnector': Invocation of init method failed; nested exception is org.mule.api.lifecycle.InitialisationException: Initialisation Failure: Failed to load Key Manager
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1337)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
Truncated. see log file for complete stacktrace
org.mule.api.lifecycle.InitialisationException: Initialisation Failure: Failed to load Key Manager
at org.mule.transport.http.HttpsConnector.doInitialise(HttpsConnector.java:71)
at org.mule.transport.AbstractConnector.initialise(AbstractConnector.java:336)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
Truncated. see log file for complete stacktrace
org.mule.api.lifecycle.CreateException: Failed to load Key Manager
at org.mule.api.security.tls.TlsConfiguration.initKeyManagerFactory(TlsConfiguration.java:244)
at org.mule.api.security.tls.TlsConfiguration.initialise(TlsConfiguration.java:192)
at org.mule.transport.http.HttpsConnector.doInitialise(HttpsConnector.java:67)
at org.mule.transport.AbstractConnector.initialise(AbstractConnector.java:336)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
Truncated. see log file for complete stacktrace

Cheers,
Hari

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email


Keith Winn

unread,
May 28, 2009, 8:28:53 AM5/28/09
to d...@mule.codehaus.org
You could always implement your own PropertyPlaceHolderConfigurer and
implement the resolvePlaceholder method to decrypt your password.
******* CONFIDENTIALITY NOTICE *******

This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended
solely for the use of the addressee. If the reader of this message
is not the intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other use of this
message or its attachments is strictly prohibited. If you have
received this message in error, please notify the sender
immediately and delete this message from your system. Thank you.

hari krishna balusulapalem

unread,
May 28, 2009, 9:38:35 AM5/28/09
to d...@mule.codehaus.org
We are not using field level encryption. The entire file with the passwords (in textformat) would be encrypted and we need to decrypt the file on the fly and read the contents

Keith Winn

unread,
May 28, 2009, 10:28:58 AM5/28/09
to d...@mule.codehaus.org

Your PropertyPlaceholderConfigurer can decrypt the file on the first
placeholder it resolves and cache the results for subsequent
resolvePlaceholder calls. Or have the resolvePlacehoder method delegate
to your CredentialManager bean and let it decrypt and cache the results.


-----Original Message-----
From: hari krishna balusulapalem [mailto:mule.de...@mulesource.com]
Sent: Thursday, May 28, 2009 8:39 AM
To: d...@mule.codehaus.org
Subject: [mule-dev] Re: Passing the passowrd info to https connector
from a POJO

******* CONFIDENTIALITY NOTICE *******

This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended
solely for the use of the addressee. If the reader of this message
is not the intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other use of this
message or its attachments is strictly prohibited. If you have
received this message in error, please notify the sender
immediately and delete this message from your system. Thank you.

---------------------------------------------------------------------

Reply all
Reply to author
Forward
0 new messages