This project provides Spring helpers and namespaces for integrating with the web services provided by the Zuul Project.
Starting with v 1.4 of the zuul-spring-client, the namespace has been refactored to allow for PGP and PBE key configuration. The older versions will still work but do not support PGP.
<groupId>org.devnull</groupId>
<artifactId>zuul-spring-client</artifactId>
<version>1.5.1</version>context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:zuul="http://www.devnull.org/schema/zuul-spring-client"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.devnull.org/schema/zuul-spring-client http://www.devnull.org/schema/zuul-spring-client.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<context:property-placeholder properties-ref="appDataConfig"/>
<zuul:properties id="appDataConfig" config="app-data-config" environment="prod">
<zuul:file-store/>
<zuul:pbe-decryptor password="secret" algorithm="PBEWITHSHA256AND128BITAES-CBC-BC"/>
<!-- or use the pgp decryptor
<zuul:pgp-decryptor password="#{environment['GNUPGPASSWD']}" secret-key-ring="#{environment['GNUPGHOME']}/secring.gpg"/>
-->
</zuul:properties>
</beans>Spring Profiles
Utilize spring profiles to enable configuration by profile.
<beans profile="prod">
<context:property-placeholder properties-ref="appDataConfig"/>
<zuul:properties id="appDataConfig" host="zuul.acme.com" config="foo-config" environment="prod">
<zuul:pbe-decryptor algorithm="PBEWITHSHA256AND128BITAES-CBC-BC" password="I like cake!"/>
</zuul:properties>
</beans>
<beans profile="qa">
<context:property-placeholder properties-ref="appDataConfig"/>
<zuul:properties id="appDataConfig" host="zuul.acme.com" config="foo-config"environment="qa"/>
</beans>
<beans profile="dev">
<context:property-placeholder properties-ref="appDataConfig"/>
<zuul:properties id="appDataConfig" host="zuul.acme.com" config="foo-config" environment="dev"/>
</beans>Spring Expression Language
Use environment variables to read in the password and environment:
<context:property-placeholder properties-ref="appDataConfig"/>
<zuul:properties id="appDataConfig" config="app-data-config" environment="#{environment['ZUUL_ENVIRONMENT']}">
<zuul:file-store/>
<zuul:pbe-decryptor password="#{environment['ZUUL_PASSWORD']}" algorithm="PBEWITHSHA256AND128BITAES-CBC-BC"/>
</zuul:properties>zuul:properties
| Attribute | Description | Default | Required |
|---|---|---|---|
| config | Name of the configuration to render | n/a | true |
| host | DNS or IP address of the zuul server | localhost | false |
| port | TCP port where the server is running | 80 | false |
| context | URI path to the root zuul application | /zuul | false |
| environment | Which environment set to retrieve | dev | false |
| ssl | Set to true if zuul endpoints are hosted via HTTPS | false | false |
| http-client-ref | Reference to a custom httpcomponents http-client | A default client is created by default. You can override if needed | false |
zuul:file-store
The zuul:file-store element is optional. It caches copies of the files (with encrypted values) to the local filesystem. If configured, it will be used as a backup strategy if the zuul web services are unavailable.If left un-configured, the application will throw an exception upon startup if the service is not available.
| Attribute | Description | Default | Required |
|---|---|---|---|
| path | File Resource to contain the cached files. | Uses the java.io.tmp system property by default | false |
- zuul:pbe-decryptor
Use this option if your configuration in Zuul has encrypted values from a PBE (password base encryption) key such as AES, TripleDES, etc.
| Attribute | Description | Default | Required |
|---|---|---|---|
| algorithm |
Provide an encryption algorithm which matches the Zuul key. Available values:
See the following for more information: |
null | true |
| password | Shared, private password used to decrypt the values | null | true |
- zuul:pgp-decryptor
Use this option if your configuration in Zuul has encrypted values from a PGP key.
| Attribute | Description | Default | Required |
|---|---|---|---|
| secretKeyRing | File resource representing the PGP secret key ring (secring.gpg) | null | true |
| password | Password used to unlock the secret key ring (if encrypted) | empty | false |
Eventually, I'll separate out the code for a POJO client. Until then, you can utilze the decryption functionality directly from the PropertyDecryptor interfaces.
- org.devnull.client.spring.crypto.PropertiesDecryptor
- org.devnull.client.spring.crypto.PgpPropertiesDecryptor
- org.devnull.client.spring.crypto.PbePropertiesDecryptor
The PbePropertiesDecryptor is really just a wrapper around Jasypt so you're probably better off just using it instead. The PgpPropertiesDecryptor may be of use to you.
Copyright 2012 Mike Cantrell
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.