hibernate - Unable to get entity using named query on jasypt encrypted column -


i have employee entity having ssn field encrypted using jasypt. following mock definition:

@typedef(name = "encryptedstring", typeclass = encryptedstringtype.class, parameters = {@parameter(name = "encryptorregisteredname",value = "stronghibernatestringencryptor")}) @entity @table(name="employee") @namedqueries(value = {     @namedquery(name = "employee.getemployeebyssn", query = "select employee employee employee employee.ssn=:ssn"),     @namedquery(name = "employee.getemployeebyname", query = "select employee employee employee employee.name=:name")     }) public class employee {      @id @generatedvalue     private long id;      private string name;      @type(type = "encryptedstring")     private string ssn; }

this entity contains 2 named queries getting employees, 1 name , other ssn. ssn field encrypted using jasypt. code mock implementation hence have used following basic configuration:

public static void main(string[] args) throws serialexception, sqlexception {      //configure jasypt encryptor     pooledpbestringencryptor strongencryptor = new pooledpbestringencryptor();     strongencryptor.setalgorithm("pbewithmd5anddes");     strongencryptor.setpassword("jasypt");     strongencryptor.setpoolsize(2);      //register hibernate     hibernatepbeencryptorregistry registry = hibernatepbeencryptorregistry.getinstance();     registry.registerpbestringencryptor("stronghibernatestringencryptor", strongencryptor);      //get entity manager factory     entitymanagerfactory emf = persistence.createentitymanagerfactory("helloworld");      //get entity manager     entitymanager em = emf.createentitymanager();     entitytransaction tx = em.gettransaction();     tx.begin();      //create employee     employee employee = new employee();     employee.setname("vaibhav");     employee.setssn("1234567");     em.persist(employee);      tx.commit();      entitytransaction newtx = em.gettransaction();     newtx.begin();      //search employee ssn     query queryobject1 = em.createnamedquery("employee.getemployeebyssn");     queryobject1.setparameter("ssn", "1234567");      //no results here     list employees1 = queryobject1.getresultlist();      newtx.commit();     em.close();  }

i no result in employees1 list. when run following named query, i'm able see decrypted ssn in employee object.

query queryobject = em.createnamedquery("employee.getemployeebyname"); queryobject.setparameter("name", "vaibhav"); list employees = queryobject.getresultlist(); employee employee1 = (employee)employees.get(0);

i unable understand there bug in code or how hibernate supposed work. in documentation integrating jasypt hibernate 3.x or 4.x, written that:

but encryption sets limitation on hibernate usage: security standards establish 2 different encryption operations on same data should not return same value (due use of random salt). because of this, none of fields set encrypted when persisted can part of clause in search queries entity belong to.

so means 1 cannot perform search operations on encrypted field.

i using random salt generator. after adding 0 salt generator, able solve issue:

strongencryptor.setsaltgenerator(new zerosaltgenerator());

Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more