4

We have a properties file (e.g. db.properties) that contains the credentials for a database access. Example:

db.jdbc.user=johndoe 
db.jdbc.password=topsecret

We have many ant scripts that read this file and execute various tasks. Example:

<!--Initialize the environment-->
<target name="environment">

<!--Read database connection properties-->
    <property file="$../db.properties"/>
    ...
</target>

<target name="dbping"
    description="Test the database connectivity with the current settings."
    depends="environment">
    ...
    <sql driver="oracle.jdbc.OracleDriver"
         url="${db.jdbc.url}"
         userid="${db.jdbc.user}"
         password="${db.jdbc.password}"
         classpathref="classpath.jdbc"
         print="true"
         showheaders="false">
         SELECT 'JDBC connect: successful!' FROM dual;
    </sql>

    ...
</target>

Now the client wants that the password in the db.properties is encrypted by using their encryption lib provided within a .jar file, e.g.:

db.jdbc.user=johndoe
db.jdbc.password.encrypted=true
db.jdbc.password=018Dal0AdnE=|ySHZl0FsnYOvM+114Q1hNA==

What we want to is to achieve the decryption with minimum modifications of the tons of ant files. I've heard about the enhanced property handling in Ant 1.8, but we use Ant 1.7.1.

What is the best solution for this - custom task, some magic with the PropertyHelper instance, something else?

Thanks in advance for your hints.

Andrea Ligios
  • 49,480
  • 26
  • 114
  • 243
Lachezar Balev
  • 11,498
  • 9
  • 49
  • 72

2 Answers2

1

I think the approach you want to take is the wrapper approach that you can do within ant.

parent ant script: 

<target name="decrypt">    
  <exec executable="myJar">
    <arg value="encryptedString"/>
  </exec>
</target>  
    <target name="build-foo">
        <subant target="build">
          <fileset dir="${test.home}" includes="Foobuild.xml"/>
        </subant>
    </target>

    <target name="build-bar">
        <subant target="build">
          <fileset dir="${test.home}" includes="Barbuild.xml"/>
        </subant>
    </target>

use subant
and exec (POTENTIALLY DANGEROUS)

What you want to do is drop each of your subscripts into this parent build file and pass around the unencrypted String to each of the scripts as a parameter / read in from a property.

Andrea Ligios
  • 49,480
  • 26
  • 114
  • 243
Woot4Moo
  • 23,987
  • 16
  • 94
  • 151
  • Thanks! All these subscripts are self sufficient units that only depend on a target which sets some environmental variables. They test the connectivity to the db, import, export, etc. I would currently prefer my own custom task which I'll put into the environment target. This task will decrypt the password and using the PropertyHelper will provide a decrypted version for the other targets. – Lachezar Balev May 29 '13 at 06:46
1

The solution that I preferred is to handle the problem with my own custom task. This required minimum changes. In our ant script this task looks like this:

<!--Initialize the environment-->
<target name="environment">

    <!--Read database connection properties-->
    <property file="$../db.properties"/>
    ...

    <decryptpwd passwordProperty="db.jdbc.password"/>

</target>

The task is also trivial. It looks like this:

public class DecryptPassword extends Task
{
    @Override
    public void execute()
    {
        ...
        PropertyHelper.getPropertyHelper(getProject()).setProperty(null, passwordProperty, getDecryptedPassword(),
                            false);
        ...                 
    }
}

And yeap - it seems to work ;-)

Lachezar Balev
  • 11,498
  • 9
  • 49
  • 72
  • See this answer for similar approach: http://stackoverflow.com/questions/7503630/where-do-i-put-my-credentials-when-using-ivy-and-a-private-company-repository/7505364#7505364 – Mark O'Connor May 30 '13 at 23:42