4

I use Spring Framework to code my Web Service, using Dependency injection to inject a DataSource bean into the DAO bean that will be used by the Web Service. I have all the database properties(Url, Password, Username, the stuff I don't want people to see) written in the DataSource Bean XML!

I have git setup to commit my entire project....Including my DataSource Bean XML which has my password written in plain text. I thought of using the .gitignore but the Bean XML is a crucial component in my Web Service project and it shouldn't be ignored. But I also don't want the world to see my password.

How do I commit my bean files without showing the world my password.

Louis Hong
  • 165
  • 5

1 Answers1

6

Anything you put into the Spring XML is static and compiled into the binary. If there is some information which can change, it is always a good idea to externalize it into a properties file. Spring can read the properties file and then use the values as inputs to its beans.

You need to use a concept called the property placeholder to inject these properties. First, create a properties file, say, MyApp.properties and place it into a known directory, say, /settings/MyApp. The contents of the file will be in the format:

databaseUsername=USER
databasePassword=PWD
property3=value3
property4=value4
...

In your Spring XML, add the following tag:

<context:property-placeholder location="file:///settings/MyApp/MyApp.properties"/>

Now, you can simply use these external properties in your spring objects:

<bean id="dataSource" class="...">
    <property name="username" value="${databaseUsername}">
    <property name="password" value="${databasePassword}">
</bean

Now you can safely check in your Spring XML (but not MyApp.properties) and make sure that other users have their own MyApp.properties at the configured location.

There are other things you can do to make the property file lookup more dynamic. See this link for more details:

6 Tips for Managing Property Files with Spring

metacubed
  • 966
  • 5
  • 14