Encrypted field: tomcat error at start

femtonext · Juin 15, 2018, 9:01

Hi,

Now, it’s possible with the last version of ADK to have an encrypted string/binary using the field attribute “encrypted”.

The encryption mecanism seems to use the “encryption.password” and “encryption.algorithm” parameters in the application.properties but these 2 param hasn’t been inserted in the default one abs-webapp\src\main\resources\application.properties and these params are not explained in the doc.

Thus, like the new one user.password.pattern in the rc3 I think these 2 new fields should be added with a default value and an explanation should be added to the documentation.

@Axelor: Moreover, I just want to note that having a hardcoded passord inside a properties file is absolutely not a good idea. To avoid that I’m working on a new Encryptor that use RSA/ECC instead of AES and based on a protected private key with SoftHSM.

Regards,

p.belloy · Juin 19, 2018, 9:27

Yes, that’s a new feature of ADK added recently. ABS doesn’t use it yet, but when it will be the case, these properties will be added in application.properties with defaut values and they will need to be changed.

You can find some docs about how to use it here :
https://docs.axelor.com/adk/5.0/dev-guide/models/models.html#field-encryption

femtonext · Juin 19, 2018, 9:44

Thank you.

ABS is using it, see axelor-human-resource/src/main/resources/domains/Employee.xml and EmployeeVehicule.xml also domains.xml in ADK/Gradle/test).

So if I correctly understand, if encryption.password and encryption.algorithm is not set the field won’t be encrypted even if the domain specify it.

What you means by “ABS doesn’t use it yet”: even if “encrypted” is set to true field won’t be encrypted ?

Best Regards,

femtonext · Juin 20, 2018, 12:11

Hi,

I don’t know if it’s the answer to my previous thread (can we already use encrypted field) but when trying to use the “encrypted” attribute in a custom domain I’m unable to start the tomcat webapp:

o.h.cfg.annotations.SimpleValueBinder    : Starting fillSimpleValue for myencvalue
20-Jun-2018 14:02:00.206 SEVERE [main] org.apache.catalina.core.StandardContext.startInternal One or more Filters failed to start

Regards

p.belloy · Juin 20, 2018, 4:19

Yes, if encryption.password is not set, fields won’t be encrypted even if the domain specify it. Note that encryption.algorithm will use the defaut value if not set.

About the error, I never saw such issue. Does it happens because you added encrypted attritbute on a field ? Does it work if you remove it ?

femtonext · Juin 21, 2018, 4:59

Hi,

First thank you, I really appreciate your quick answers on my topics

On my module I have a User.xml like below because I need to add some fields to the default model located in Core (the same think as in axelor-base which has add )

<?xml version="1.0" ?>
<domain-models xmlns="http://axelor.com/xml/ns/domain-models"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://axelor.com/xml/ns/domain-models http://axelor.com/xml/ns/domain-models/domain-models_5.0.xsd">

      <module name="auth" package="com.axelor.auth.db"/>
      <entity name="User" cachable="true">   
        <string name="cert" large="true" encrypted="true"/>
      </entity>
    </domain-models>

Ths full stacktrace

 org.hibernate.AnnotationException: AttributeConverter and explicit Type cannot be applied to same attribute [com.axelor.auth.db.User.privatykey];remove @Type or specify @Convert(disableConversion = true)
        at org.hibernate.cfg.annotations.SimpleValueBinder.fillSimpleValue(SimpleValueBinder.java:461)
        at org.hibernate.cfg.SetSimpleValueTypeSecondPass.doSecondPass(SetSimpleValueTypeSecondPass.java:25)
        at org.hibernate.boot.internal.InFlightMetadataCollectorImpl.processSecondPasses(InFlightMetadataCollectorImpl.java:1621)
        at org.hibernate.boot.internal.InFlightMetadataCollectorImpl.processSecondPasses(InFlightMetadataCollectorImpl.java:1579)
        at org.hibernate.boot.model.process.spi.MetadataBuildingProcess.complete(MetadataBuildingProcess.java:278)
        at org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.metadata(EntityManagerFactoryBuilderImpl.java:858)
        at org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.build(EntityManagerFactoryBuilderImpl.java:885)
        at org.hibernate.jpa.HibernatePersistenceProvider.createEntityManagerFactory(HibernatePersistenceProvider.java:58)
        at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:55)
        at com.google.inject.persist.jpa.JpaPersistService.start(JpaPersistService.java:108)
        at com.google.inject.persist.PersistFilter.init(PersistFilter.java:79)
        at com.google.inject.servlet.FilterDefinition.init(FilterDefinition.java:111)
        at com.google.inject.servlet.ManagedFilterPipeline.initPipeline(ManagedFilterPipeline.java:99)
        at com.google.inject.servlet.GuiceFilter.init(GuiceFilter.java:226)
        at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:277)
        at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:258)
        at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:104)
        at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4450)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5092)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:742)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:718)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:703)
        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1141)
        at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1875)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
        at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1053)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:428)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1585)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:308)
        at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
        at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:424)
        at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:367)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:966)
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:839)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1427)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1417)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134)
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:943)
        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:258)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:422)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:770)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:682)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:350)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)

beuss · Juin 21, 2018, 5:23

Hi
I guess the combination of large (adding @Type) and encrypted (adding @Convert) is causing the issue. You may want to remove the large property
Regards

femtonext · Juin 21, 2018, 7:35

Hi @beuss,

You’re right, i just tested and now it works. I just need to check the size of the string in the database field because i need a big varchar.

Thanks a lot

Regards

system · Juillet 21, 2018, 7:35

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.