dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #41681
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21253: merge
Merge authors:
Stian Sandvold (stian-sandvold)
------------------------------------------------------------
revno: 21253 [merge]
committer: Stian Sandvold <stian.sandvold@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2015-12-01 17:47:14 +0100
message:
merge
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityInstanceQueryParams.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentityattributevalue/TrackedEntityAttributeValue.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/hibernate/HibernateTrackedEntityInstanceStore.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/hibernate/HibernateTrackedEntityAttributeValueStore.java
dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml
dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/trackedentityattributevalue/hibernate/TrackedEntityAttributeValue.hbm.xml
dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/org/hisp/dhis/usertype/UserTypes.hbm.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityInstanceQueryParams.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityInstanceQueryParams.java 2015-11-17 17:21:07 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityInstanceQueryParams.java 2015-12-01 16:14:18 +0000
@@ -169,7 +169,7 @@
// Constructors
// -------------------------------------------------------------------------
- public TrackedEntityInstanceQueryParams()
+ public TrackedEntityInstanceQueryParams()
{
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentityattributevalue/TrackedEntityAttributeValue.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentityattributevalue/TrackedEntityAttributeValue.java 2015-11-30 00:34:24 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentityattributevalue/TrackedEntityAttributeValue.java 2015-12-01 16:23:47 +0000
@@ -28,6 +28,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonView;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
@@ -60,8 +61,17 @@
private TrackedEntityInstance entityInstance;
+ private String encryptedValue;
+
+ private String plainValue;
+
+ /**
+ * This value is only used to store values from setValue when we don't know
+ * if attribute is set or not.
+ */
private String value;
+
// -------------------------------------------------------------------------
// Constructors
// -------------------------------------------------------------------------
@@ -72,16 +82,16 @@
public TrackedEntityAttributeValue( TrackedEntityAttribute attribute, TrackedEntityInstance entityInstance )
{
- this.attribute = attribute;
- this.entityInstance = entityInstance;
+ setAttribute( attribute );
+ setEntityInstance( entityInstance );
}
public TrackedEntityAttributeValue( TrackedEntityAttribute attribute, TrackedEntityInstance entityInstance,
String value )
{
- this.attribute = attribute;
- this.entityInstance = entityInstance;
- this.value = value;
+ setAttribute( attribute );
+ setEntityInstance( entityInstance );
+ setValue( value );
}
// -------------------------------------------------------------------------
@@ -95,7 +105,7 @@
int result = 1;
result = prime * result + ((entityInstance == null) ? 0 : entityInstance.hashCode());
result = prime * result + ((attribute == null) ? 0 : attribute.hashCode());
- result = prime * result + ((value == null) ? 0 : value.hashCode());
+ result = prime * result + ((getValue() == null) ? 0 : getValue().hashCode());
return result;
}
@@ -143,14 +153,14 @@
return false;
}
- if ( value == null )
+ if ( getValue() == null )
{
- if ( other.value != null )
+ if ( other.getValue() != null )
{
return false;
}
}
- else if ( !value.equals( other.value ) )
+ else if ( !getValue().equals( other.getValue() ) )
{
return false;
}
@@ -161,7 +171,7 @@
@Override
public String toString()
{
- return "[Tracked attribute=" + attribute + ", entityInstance=" + entityInstance + ", value='" + value + "'"
+ return "[Tracked attribute=" + attribute + ", entityInstance=" + entityInstance + ", value='" + getValue() + "'"
+ "]";
}
@@ -169,14 +179,64 @@
// Getters and setters
// -------------------------------------------------------------------------
+ /**
+ * Retrieves the encrypted value if the attribute is confidential.
+ * If the value is not confidential, returns old value (Should be null unless it was
+ * confidential at an earlier stage)
+ * @return String with decrypted value or null
+ */
+ @JsonIgnore
+ public String getEncryptedValue()
+ {
+ return (getAttribute().getConfidential() && this.value != null ? this.value : this.encryptedValue);
+ }
+
+ /**
+ * Used by hibernate to set the object's value
+ */
+ public void setEncryptedValue( String encryptedValue )
+ {
+ this.encryptedValue = encryptedValue;
+ }
+
+ /**
+ * Retrieves the plaintext value is the attribute isn't confidential.
+ * If the value is confidential, this value should be null, unless it was non-confidential at
+ * an earlier stage.
+ * @return String with plaintext value or null
+ */
+ @JsonIgnore
+ public String getPlainValue()
+ {
+ return (!getAttribute().getConfidential() && this.value != null ? this.value : this.plainValue);
+ }
+
+ /**
+ * Used by hibernate to set the objects value
+ */
+ public void setPlainValue( String plainValue )
+ {
+ this.plainValue = plainValue;
+ }
+
+ /**
+ * Returns the encrypted or the plaintext value, based on the attribute's confidential value.
+ * @return String with value, either plaintext or decrypted
+ */
@JsonProperty
@JsonView( { DetailedView.class, ExportView.class } )
@JacksonXmlProperty( namespace = DxfNamespaces.DXF_2_0 )
public String getValue()
{
- return value;
+ return (getAttribute().getConfidential() ? this.getEncryptedValue() : this.getPlainValue());
}
+ /**
+ * Since we never can be 100% certain Attribute is not null, we store the value in a temporary
+ * variable. The getEncrypted and getPlaintext methods will handle this value when someone requires it
+ * (Either a user or hibernate)
+ * @param value the value to be stored
+ */
public void setValue( String value )
{
this.value = value;
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java 2015-12-01 04:59:42 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/InitTableAlteror.java 2015-12-01 16:23:47 +0000
@@ -33,9 +33,12 @@
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.jdbc.StatementBuilder;
import org.hisp.dhis.system.startup.AbstractStartupRoutine;
+import org.jasypt.encryption.pbe.PBEStringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
+import javax.annotation.Resource;
+
/**
* @author Lars Helge Overland
*/
@@ -50,6 +53,12 @@
@Autowired
private StatementBuilder statementBuilder;
+ @Resource( name = "stringEncryptor" )
+ PBEStringEncryptor oldPBEStringEncryptor;
+
+ @Resource( name = "strongStringEncryptor" )
+ PBEStringEncryptor newPBEStringEncryptor;
+
// -------------------------------------------------------------------------
// Execute
// -------------------------------------------------------------------------
@@ -58,7 +67,8 @@
@Transactional
public void execute()
{
- executeSql( "update dataelement set domaintype='AGGREGATE' where domaintype='aggregate' or domaintype is null;" );
+ executeSql(
+ "update dataelement set domaintype='AGGREGATE' where domaintype='aggregate' or domaintype is null;" );
executeSql( "update dataelement set domaintype='TRACKER' where domaintype='patient';" );
executeSql( "update users set invitation = false where invitation is null" );
executeSql( "alter table dataelement alter column domaintype set not null;" );
@@ -75,6 +85,7 @@
updateFeatureTypes();
updateValidationRuleEnums();
updateProgramStatus();
+ reEncryptConfigurationPasswords();
updateAuditTimestamps();
executeSql( "ALTER TABLE program ALTER COLUMN \"type\" TYPE varchar(255);" );
@@ -90,6 +101,36 @@
// Supportive methods
// -------------------------------------------------------------------------
+ private void reEncryptConfigurationPasswords()
+ {
+ try
+ {
+
+ String smtpPassword = oldPBEStringEncryptor
+ .decrypt( statementManager.getHolder()
+ .queryForString( "SELECT smptpassword FROM configuration" ) );
+ String remoteServerPassword = oldPBEStringEncryptor.decrypt(
+ statementManager.getHolder()
+ .queryForString( "SELECT remoteserverpassword FROM configuration" ) );
+
+ executeSql(
+ "UPDATE configuration SET smtppassword = '" +
+ newPBEStringEncryptor.encrypt( smtpPassword ) + "'" );
+ executeSql(
+ "UPDATE configuration SET remotepassword = '" +
+ newPBEStringEncryptor.encrypt( remoteServerPassword ) +
+ "'" );
+
+ executeSql( "ALTER TABLE configuration DROP COLUMN smptpassword" );
+ executeSql( "ALTER TABLE configuration DROP COLUMN remoteserverpassword" );
+
+ }
+ catch ( Exception ex )
+ {
+ log.debug( ex );
+ }
+ }
+
private void updateAuditTimestamps()
{
executeSql( "alter table datavalueaudit rename column timestamp to created" );
@@ -126,7 +167,8 @@
private void updateFeatureTypes()
{
executeSql( "update organisationunit set featuretype='NONE' where featuretype='None'" );
- executeSql( "update organisationunit set featuretype='MULTI_POLYGON' where featuretype='MultiPolygon'" );
+ executeSql(
+ "update organisationunit set featuretype='MULTI_POLYGON' where featuretype='MultiPolygon'" );
executeSql( "update organisationunit set featuretype='POLYGON' where featuretype='Polygon'" );
executeSql( "update organisationunit set featuretype='POINT' where featuretype='Point'" );
executeSql( "update organisationunit set featuretype='SYMBOL' where featuretype='Symbol'" );
@@ -139,8 +181,10 @@
executeSql( "update dataelement set aggregationtype='SUM' where aggregationtype='sum'" );
executeSql( "update dataelement set aggregationtype='AVERAGE' where aggregationtype='avg'" );
- executeSql( "update dataelement set aggregationtype='AVERAGE_SUM_ORG_UNIT' where aggregationtype='avg_sum_org_unit'" );
- executeSql( "update dataelement set aggregationtype='AVERAGE_SUM_ORG_UNIT' where aggregationtype='average'" );
+ executeSql(
+ "update dataelement set aggregationtype='AVERAGE_SUM_ORG_UNIT' where aggregationtype='avg_sum_org_unit'" );
+ executeSql(
+ "update dataelement set aggregationtype='AVERAGE_SUM_ORG_UNIT' where aggregationtype='average'" );
executeSql( "update dataelement set aggregationtype='COUNT' where aggregationtype='count'" );
executeSql( "update dataelement set aggregationtype='STDDEV' where aggregationtype='stddev'" );
executeSql( "update dataelement set aggregationtype='VARIANCE' where aggregationtype='variance'" );
@@ -159,19 +203,27 @@
executeSql( "update dataelement set valuetype='NUMBER' where valuetype='int' and numbertype='number'" );
executeSql( "update dataelement set valuetype='INTEGER' where valuetype='int' and numbertype='int'" );
- executeSql( "update dataelement set valuetype='INTEGER_POSITIVE' where valuetype='int' and numbertype='posInt'" );
- executeSql( "update dataelement set valuetype='INTEGER_POSITIVE' where valuetype='int' and numbertype='positiveNumber'" );
- executeSql( "update dataelement set valuetype='INTEGER_NEGATIVE' where valuetype='int' and numbertype='negInt'" );
- executeSql( "update dataelement set valuetype='INTEGER_NEGATIVE' where valuetype='int' and numbertype='negativeNumber'" );
- executeSql( "update dataelement set valuetype='INTEGER_ZERO_OR_POSITIVE' where valuetype='int' and numbertype='zeroPositiveInt'" );
- executeSql( "update dataelement set valuetype='PERCENTAGE' where valuetype='int' and numbertype='percentage'" );
- executeSql( "update dataelement set valuetype='UNIT_INTERVAL' where valuetype='int' and numbertype='unitInterval'" );
+ executeSql(
+ "update dataelement set valuetype='INTEGER_POSITIVE' where valuetype='int' and numbertype='posInt'" );
+ executeSql(
+ "update dataelement set valuetype='INTEGER_POSITIVE' where valuetype='int' and numbertype='positiveNumber'" );
+ executeSql(
+ "update dataelement set valuetype='INTEGER_NEGATIVE' where valuetype='int' and numbertype='negInt'" );
+ executeSql(
+ "update dataelement set valuetype='INTEGER_NEGATIVE' where valuetype='int' and numbertype='negativeNumber'" );
+ executeSql(
+ "update dataelement set valuetype='INTEGER_ZERO_OR_POSITIVE' where valuetype='int' and numbertype='zeroPositiveInt'" );
+ executeSql(
+ "update dataelement set valuetype='PERCENTAGE' where valuetype='int' and numbertype='percentage'" );
+ executeSql(
+ "update dataelement set valuetype='UNIT_INTERVAL' where valuetype='int' and numbertype='unitInterval'" );
executeSql( "update dataelement set valuetype='NUMBER' where valuetype='int' and numbertype is null" );
executeSql( "alter table dataelement drop column numbertype" );
executeSql( "update dataelement set valuetype='TEXT' where valuetype='string' and texttype='text'" );
- executeSql( "update dataelement set valuetype='LONG_TEXT' where valuetype='string' and texttype='longText'" );
+ executeSql(
+ "update dataelement set valuetype='LONG_TEXT' where valuetype='string' and texttype='longText'" );
executeSql( "update dataelement set valuetype='TEXT' where valuetype='string' and texttype is null" );
executeSql( "alter table dataelement drop column texttype" );
@@ -185,7 +237,8 @@
executeSql( "update dataelement set valuetype='NUMBER' where valuetype is null" );
executeSql( "update trackedentityattribute set valuetype='TEXT' where valuetype='string'" );
- executeSql( "update trackedentityattribute set valuetype='PHONE_NUMBER' where valuetype='phoneNumber'" );
+ executeSql(
+ "update trackedentityattribute set valuetype='PHONE_NUMBER' where valuetype='phoneNumber'" );
executeSql( "update trackedentityattribute set valuetype='EMAIL' where valuetype='email'" );
executeSql( "update trackedentityattribute set valuetype='NUMBER' where valuetype='number'" );
executeSql( "update trackedentityattribute set valuetype='NUMBER' where valuetype='int'" );
@@ -195,7 +248,8 @@
executeSql( "update trackedentityattribute set valuetype='DATE' where valuetype='date'" );
executeSql( "update trackedentityattribute set valuetype='TEXT' where valuetype='optionSet'" );
executeSql( "update trackedentityattribute set valuetype='TEXT' where valuetype='OPTION_SET'" );
- executeSql( "update trackedentityattribute set valuetype='TRACKER_ASSOCIATE' where valuetype='trackerAssociate'" );
+ executeSql(
+ "update trackedentityattribute set valuetype='TRACKER_ASSOCIATE' where valuetype='trackerAssociate'" );
executeSql( "update trackedentityattribute set valuetype='USERNAME' where valuetype='users'" );
executeSql( "update trackedentityattribute set valuetype='TEXT' where valuetype is null" );
@@ -219,11 +273,13 @@
{
String autoIncr = statementBuilder.getAutoIncrementValue();
- String insertSql = "insert into programstagedataelement(programstagedataelementid,programstageid,dataelementid,compulsory,allowprovidedelsewhere,sort_order,displayinreports,programstagesectionid,allowfuturedate,section_sort_order) "
- + "select "
- + autoIncr
- + ",programstageid,dataelementid,compulsory,allowprovidedelsewhere,sort_order,displayinreports,programstagesectionid,allowfuturedate,section_sort_order "
- + "from programstage_dataelements";
+ String insertSql =
+ "insert into programstagedataelement(programstagedataelementid,programstageid,dataelementid,compulsory,allowprovidedelsewhere,sort_order,displayinreports,programstagesectionid,allowfuturedate,section_sort_order) "
+ + "select "
+ + autoIncr
+ +
+ ",programstageid,dataelementid,compulsory,allowprovidedelsewhere,sort_order,displayinreports,programstagesectionid,allowfuturedate,section_sort_order "
+ + "from programstage_dataelements";
executeSql( insertSql );
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/hibernate/HibernateTrackedEntityInstanceStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/hibernate/HibernateTrackedEntityInstanceStore.java 2015-11-19 04:01:09 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/hibernate/HibernateTrackedEntityInstanceStore.java 2015-12-01 16:14:18 +0000
@@ -163,11 +163,11 @@
if ( queryItem.isNumeric() )
{
- hql += " and teav.value " + queryFilter.getSqlOperator() + filter + ")";
+ hql += " and teav.plainValue " + queryFilter.getSqlOperator() + filter + ")";
}
else
{
- hql += " and lower(teav.value) " + queryFilter.getSqlOperator() + filter + ")";
+ hql += " and lower(teav.plainValue) " + queryFilter.getSqlOperator() + filter + ")";
}
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/hibernate/HibernateTrackedEntityAttributeValueStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/hibernate/HibernateTrackedEntityAttributeValueStore.java 2015-06-23 15:59:19 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentityattributevalue/hibernate/HibernateTrackedEntityAttributeValueStore.java 2015-12-01 16:14:18 +0000
@@ -106,7 +106,7 @@
{
return getCriteria(
Restrictions.eq( "attribute", attribute ),
- Restrictions.ilike( "value", "%" + searchText + "%" ) ).list();
+ Restrictions.ilike( "plainValue", "%" + searchText + "%" ) ).list();
}
@Override
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml 2015-10-09 10:59:01 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/configuration/hibernate/Configuration.hbm.xml 2015-11-27 12:35:51 +0000
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC
- "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
- "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd";>
+ "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+ "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd";>
<hibernate-mapping>
<class name="org.hisp.dhis.configuration.Configuration" table="configuration">
@@ -15,39 +15,39 @@
<property name="systemId" column="systemid" />
<many-to-one name="feedbackRecipients" class="org.hisp.dhis.user.UserGroup"
- column="feedbackrecipientsid" foreign-key="fk_configuration_feedback_recipients" />
+ column="feedbackrecipientsid" foreign-key="fk_configuration_feedback_recipients" />
<many-to-one name="offlineOrganisationUnitLevel" class="org.hisp.dhis.organisationunit.OrganisationUnitLevel"
- column="offlineorgunitlevelid" foreign-key="fk_configuration_offline_orgunit_level" />
+ column="offlineorgunitlevelid" foreign-key="fk_configuration_offline_orgunit_level" />
<many-to-one name="infrastructuralIndicators" class="org.hisp.dhis.indicator.IndicatorGroup"
- column="infrastructuralindicatorsid" foreign-key="fk_configuration_infrastructural_indicators" />
+ column="infrastructuralindicatorsid" foreign-key="fk_configuration_infrastructural_indicators" />
<many-to-one name="infrastructuralDataElements" class="org.hisp.dhis.dataelement.DataElementGroup"
- column="infrastructuraldataelementsid" foreign-key="fk_configuration_infrastructural_dataelements" />
+ column="infrastructuraldataelementsid" foreign-key="fk_configuration_infrastructural_dataelements" />
<many-to-one name="infrastructuralPeriodType" class="org.hisp.dhis.period.PeriodType"
- column="infrastructuralperiodtypeid" foreign-key="fk_configuration_infrastructural_periodtype" />
+ column="infrastructuralperiodtypeid" foreign-key="fk_configuration_infrastructural_periodtype" />
<many-to-one name="selfRegistrationRole" class="org.hisp.dhis.user.UserAuthorityGroup"
- column="selfregistrationrole" foreign-key="fk_configuration_selfregistrationrole" />
+ column="selfregistrationrole" foreign-key="fk_configuration_selfregistrationrole" />
<many-to-one name="selfRegistrationOrgUnit" class="org.hisp.dhis.organisationunit.OrganisationUnit"
- column="selfRegistrationOrgUnit" foreign-key="fk_configuration_selfregistrationorgunit" />
-
- <property name="remoteServerUrl" column="remoteserverurl" />
-
- <property name="remoteServerUsername" column="remoteserverusername" />
-
- <property name="remoteServerPassword" column="remoteserverpassword" type="encryptedString" />
-
- <property name="smtpPassword" column="smptpassword" type="encryptedString" />
-
- <set name="corsWhitelist" table="configuration_corswhitelist">
- <cache usage="read-write" />
- <key column="configurationid" foreign-key="fk_configuration_corswhitelist" />
- <element type="string" column="corswhitelist" />
- </set>
-
+ column="selfRegistrationOrgUnit" foreign-key="fk_configuration_selfregistrationorgunit" />
+
+ <property name="remoteServerUrl" column="remoteserverurl" />
+
+ <property name="remoteServerUsername" column="remoteserverusername" />
+
+ <property name="remoteServerPassword" column="remotepassword" type="AESEncryptedString" />
+
+ <property name="smtpPassword" column="smtppassword" type="AESEncryptedString" />
+
+ <set name="corsWhitelist" table="configuration_corswhitelist">
+ <cache usage="read-write" />
+ <key column="configurationid" foreign-key="fk_configuration_corswhitelist" />
+ <element type="string" column="corswhitelist" />
+ </set>
+
</class>
</hibernate-mapping>
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/trackedentityattributevalue/hibernate/TrackedEntityAttributeValue.hbm.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/trackedentityattributevalue/hibernate/TrackedEntityAttributeValue.hbm.xml 2015-11-30 02:50:28 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/trackedentityattributevalue/hibernate/TrackedEntityAttributeValue.hbm.xml 2015-12-01 16:23:47 +0000
@@ -13,7 +13,9 @@
foreign-key="fk_attributevalue_trackedentityattributeid" />
</composite-id>
- <property name="value" length="50000" />
+ <property name="plainValue" column="value" access="property" length="50000" />
+
+ <property name="encryptedValue" column="encrypted_value" access="property" type="AESEncryptedString" />
</class>
</hibernate-mapping>
=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml 2015-11-10 17:36:28 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml 2015-12-01 16:36:57 +0000
@@ -93,25 +93,55 @@
<bean id="encryptionPassword" class="org.hisp.dhis.hibernate.ConnectionPropertyFactoryBean">
<property name="hibernateConfigurationProvider" ref="hibernateConfigurationProvider" />
<property name="hibernateProperty" value="encryption.password" />
- <property name="defaultValue" value="J7GhAs287hsSQlKd9g5" />
+ <property name="defaultValue" value="J7GhAs287hsSQlKd9g5" />
</bean>
-
+
+
<!-- Encryption -->
-
+
+ <!-- Bouncy Castle Crypto APIs -->
+ <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+ <property name="staticMethod" value="java.security.Security.addProvider" />
+ <property name="arguments">
+ <list>
+ <bean class="org.bouncycastle.jce.provider.BouncyCastleProvider" />
+ </list>
+ </property>
+ </bean>
+
+
+ <!-- Deprecated encryption, but can't be removed!! Needed for systems that still uses it. -->
+
<bean id="hibernateStringEncryptor" class="org.jasypt.hibernate4.encryptor.HibernatePBEStringEncryptor">
<property name="registeredName" value="strongHibernateStringEncryptor" />
<property name="encryptor" ref="stringEncryptor" />
</bean>
-
+
<bean id="stringEncryptor" class="org.jasypt.encryption.pbe.PooledPBEStringEncryptor">
<property name="algorithm" value="PBEWithSHA1AndDESede" />
<property name="password" ref="encryptionPassword" />
<property name="saltGenerator" ref="fixedSaltGenerator" />
<property name="poolSize" value="4" />
</bean>
-
+
<bean id="fixedSaltGenerator" class="org.jasypt.salt.StringFixedSaltGenerator">
<constructor-arg type="java.lang.String" value="H7g0oLkEw3wf52fs52g3hbG" />
</bean>
-
-</beans>
+
+ <!-- New stronger string encryption -->
+ <!-- Requires BouncyCastle api -->
+ <bean id="hibernateStrongStringEncryptor" class="org.jasypt.hibernate4.encryptor.HibernatePBEStringEncryptor">
+ <property name="registeredName" value="strongStringEncryptor" />
+ <property name="encryptor" ref="strongStringEncryptor" />
+ </bean>
+
+ <bean id="strongStringEncryptor" class="org.jasypt.encryption.pbe.PooledPBEStringEncryptor">
+ <property name="algorithm" value="PBEWITHSHA256AND256BITAES-CBC-BC" />
+ <property name="password" ref="encryptionPassword" />
+ <property name="saltGenerator" ref="org.jasypt.salt.RandomSaltGenerator" />
+ <property name="poolSize" value="4" />
+ </bean>
+
+ <bean id="org.jasypt.salt.RandomSaltGenerator" class="org.jasypt.salt.RandomSaltGenerator"></bean>
+
+ </beans>
\ No newline at end of file
=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/org/hisp/dhis/usertype/UserTypes.hbm.xml'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/org/hisp/dhis/usertype/UserTypes.hbm.xml 2014-07-07 06:44:19 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/org/hisp/dhis/usertype/UserTypes.hbm.xml 2015-11-27 12:35:51 +0000
@@ -4,7 +4,13 @@
"http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd";>
<hibernate-mapping>
+ <!-- Deprecated, do not use -->
<typedef name="encryptedString" class="org.jasypt.hibernate4.type.EncryptedStringType">
<param name="encryptorRegisteredName">strongHibernateStringEncryptor</param>
</typedef>
+
+ <!-- New, stronger encryption -->
+ <typedef class="org.jasypt.hibernate4.type.EncryptedStringType" name="AESEncryptedString">
+ <param name="encryptorRegisteredName">strongStringEncryptor</param>
+ </typedef>
</hibernate-mapping>
