← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21628: smtp+remote put into systemSettings; systemSettings can now be encrypted; encryptionExceptions fr...

 

Merge authors:
  Stian Sandvold (stian-sandvold)
------------------------------------------------------------
revno: 21628 [merge]
committer: Stian Sandvold <stian.sandvold@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2016-01-06 19:20:43 +0100
message:
  smtp+remote put into systemSettings; systemSettings can now be encrypted; encryptionExceptions from changing password is now thrown on server, but not handled yet. old default password is now default only for systemSettings; Can be overwritten by encryption.password;
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SettingKey.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSetting.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/message/EmailMessageSender.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/ConfigurationPopulator.java
  dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml
  dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/synch/DefaultSynchronizationManager.java
  dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java
  dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SystemSettingController.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SettingKey.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SettingKey.java	2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SettingKey.java	2016-01-06 18:19:09 +0000
@@ -58,6 +58,7 @@
     EMAIL_USERNAME( "keyEmailUsername" ),
     EMAIL_TLS( "keyEmailTls", Boolean.TRUE, Boolean.class ),
     EMAIL_SENDER( "keyEmailSender" ),
+    EMAIL_PASSWORD( "keyEmailPassword", "", String.class, true ),
     INSTANCE_BASE_URL( "keyInstanceBaseUrl" ),
     SCHEDULED_TASKS( "keySchedTasks", ListMap.class ),
     SMS_CONFIG( "keySmsConfig", SmsConfiguration.class ),
@@ -112,7 +113,10 @@
     APP_BASE_URL( "appBaseUrl" ),
     APP_STORE_URL( "appStoreUrl", "https://www.dhis2.org/appstore";, String.class ),
     APP_STORE_INDEX_URL( "appStoreIndexUrl", "https://s3-eu-west-1.amazonaws.com/dhis2-appstore/appstore.json";, String.class ),
-    STYLE( "currentStyle", "light_blue/light_blue.css", String.class );
+    STYLE( "currentStyle", "light_blue/light_blue.css", String.class ),
+    REMOTE_INSTANCE_URL( "keyRemoteInstanceUrl", "", String.class ),
+    REMOTE_INSTANCE_USERNAME( "keyRemoteInstanceUsername", "", String.class ),
+    REMOTE_INSTANCE_PASSWORD( "keyRemoteInstancePassword", "", String.class, true );
     
     private final String name;
     
@@ -120,6 +124,8 @@
     
     private final Class<?> clazz;
 
+    private boolean confidential;
+
     // -------------------------------------------------------------------------
     // Constructors
     // -------------------------------------------------------------------------
@@ -129,6 +135,7 @@
         this.name = name;
         this.defaultValue = null;
         this.clazz = String.class;
+        this.confidential = false;
     }
     
     private SettingKey( String name, Class<?> clazz )
@@ -136,13 +143,23 @@
         this.name = name;
         this.defaultValue = null;
         this.clazz = clazz;
+        this.confidential = false;
     }
-    
+
     private SettingKey( String name, Serializable defaultValue, Class<?> clazz )
     {
         this.name = name;
         this.defaultValue = defaultValue;
         this.clazz = clazz;
+        this.confidential = false;
+    }
+
+    private SettingKey( String name, Serializable defaultValue, Class<?> clazz, boolean confidential )
+    {
+        this.name = name;
+        this.defaultValue = defaultValue;
+        this.clazz = clazz;
+        this.confidential = confidential;
     }
 
     // -------------------------------------------------------------------------
@@ -207,6 +224,7 @@
         return name;
     }
 
+
     public Serializable getDefaultValue()
     {
         return defaultValue;
@@ -216,4 +234,6 @@
     {
         return clazz;
     }
+
+    public boolean getConfidential() { return confidential; }
 }

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSetting.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSetting.java	2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSetting.java	2016-01-06 18:19:09 +0000
@@ -44,6 +44,8 @@
 
     private Serializable value;
 
+    private boolean confidential;
+
     // -------------------------------------------------------------------------
     // Constructor
     // -------------------------------------------------------------------------

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java	2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java	2016-01-06 18:19:09 +0000
@@ -40,35 +40,35 @@
 public interface SystemSettingManager
 {
     void saveSystemSetting( String name, Serializable value );
-    
+
     void saveSystemSetting( SettingKey setting, Serializable value );
 
     void deleteSystemSetting( String name );
-    
+
     void deleteSystemSetting( SettingKey setting );
 
     Serializable getSystemSetting( String name );
 
     Serializable getSystemSetting( SettingKey setting );
-    
+
     Serializable getSystemSetting( SettingKey setting, Serializable defaultValue );
-    
+
     List<SystemSetting> getAllSystemSettings();
 
     Map<String, Serializable> getSystemSettingsAsMap();
-    
+
     Map<String, Serializable> getSystemSettingsAsMap( Set<String> names );
-    
+
     Map<String, Serializable> getSystemSettings( Collection<SettingKey> settings );
-    
+
     void invalidateCache();
-    
+
     // -------------------------------------------------------------------------
     // Specific methods
     // -------------------------------------------------------------------------
 
     List<String> getFlags();
-    
+
     List<StyleObject> getFlagObjects();
 
     String getFlagImage();
@@ -80,7 +80,7 @@
     String getEmailUsername();
 
     boolean getEmailTls();
-    
+
     String getEmailSender();
 
     String getInstanceBaseUrl();
@@ -90,14 +90,16 @@
     boolean selfRegistrationNoRecaptcha();
 
     boolean emailEnabled();
-    
+
     boolean systemNotificationEmailValid();
 
     boolean hideUnapprovedDataInAnalytics();
-    
+
     boolean isOpenIdConfigured();
-    
+
     String googleAnalyticsUA();
 
     Integer credentialsExpires();
+
+    boolean isConfidential( String name );
 }

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/message/EmailMessageSender.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/message/EmailMessageSender.java	2016-01-05 19:03:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/message/EmailMessageSender.java	2016-01-06 18:19:42 +0000
@@ -77,19 +77,12 @@
     // -------------------------------------------------------------------------
 
     private SystemSettingManager systemSettingManager;
-    
+
     public void setSystemSettingManager( SystemSettingManager systemSettingManager )
     {
         this.systemSettingManager = systemSettingManager;
     }
 
-    private DhisConfigurationProvider dhisConfigurationProvider;
-
-    public void setDhisConfigurationProvider( DhisConfigurationProvider dhisConfigurationProvider)
-    {
-        this.dhisConfigurationProvider = dhisConfigurationProvider;
-    }
-    
     private UserSettingService userSettingService;
 
     public void setUserSettingService( UserSettingService userSettingService )
@@ -106,14 +99,15 @@
      */
     @Async
     @Override
-    public String sendMessage( String subject, String text, String footer, User sender, Set<User> users, boolean forceSend )
+    public String sendMessage( String subject, String text, String footer, User sender, Set<User> users,
+        boolean forceSend )
     {
-        String hostName = dhisConfigurationProvider.getProperty( ConfigurationKey.SMTP_HOSTNAME );
-        int port = Integer.parseInt( dhisConfigurationProvider.getProperty( ConfigurationKey.SMTP_PORT ) );
-        String username = dhisConfigurationProvider.getProperty( ConfigurationKey.SMTP_USERNAME );
-        String password = dhisConfigurationProvider.getProperty( ConfigurationKey.SMTP_PASSWORD );
-        boolean tls = Boolean.parseBoolean( dhisConfigurationProvider.getProperty( ConfigurationKey.SMTP_TLS ) );
-        String from = dhisConfigurationProvider.getProperty( ConfigurationKey.SMTP_SENDER );
+        String hostName = (String) systemSettingManager.getSystemSetting( SettingKey.EMAIL_HOST_NAME );
+        int port = (int) systemSettingManager.getSystemSetting( SettingKey.EMAIL_PORT );
+        String username = (String) systemSettingManager.getSystemSetting( SettingKey.EMAIL_USERNAME );
+        String password = (String) systemSettingManager.getSystemSetting( SettingKey.EMAIL_PASSWORD );
+        boolean tls = (boolean) systemSettingManager.getSystemSetting( SettingKey.EMAIL_TLS );
+        String from = (String) systemSettingManager.getSystemSetting( SettingKey.EMAIL_SENDER );
 
         if ( hostName == null )
         {
@@ -134,13 +128,16 @@
 
             for ( User user : users )
             {
-                boolean doSend = forceSend || (Boolean) userSettingService.getUserSetting( UserSettingKey.MESSAGE_EMAIL_NOTIFICATION, user );
+                boolean doSend = forceSend ||
+                    (Boolean) userSettingService.getUserSetting( UserSettingKey.MESSAGE_EMAIL_NOTIFICATION, user );
 
                 if ( doSend && user.getEmail() != null && !user.getEmail().trim().isEmpty() )
                 {
                     email.addBcc( user.getEmail() );
 
-                    log.info( "Sending email to user: " + user.getUsername() + " with email address: " + user.getEmail() + " to host: " + hostName + ":" + port );
+                    log.info(
+                        "Sending email to user: " + user.getUsername() + " with email address: " + user.getEmail() +
+                            " to host: " + hostName + ":" + port );
 
                     hasRecipients = true;
                 }
@@ -168,7 +165,8 @@
     // Supportive methods
     // -------------------------------------------------------------------------
 
-    private HtmlEmail getHtmlEmail( String hostName, int port, String username, String password, boolean tls, String sender )
+    private HtmlEmail getHtmlEmail( String hostName, int port, String username, String password, boolean tls,
+        String sender )
         throws EmailException
     {
         HtmlEmail email = new HtmlEmail();
@@ -187,11 +185,11 @@
 
     private String renderPlainContent( String text, User sender )
     {
-        return sender == null ? text : ( text + LB + LB +
+        return sender == null ? text : (text + LB + LB +
             sender.getName() + LB +
-            ( sender.getOrganisationUnitsName() != null ? ( sender.getOrganisationUnitsName() + LB ) : StringUtils.EMPTY ) +
-            ( sender.getEmail() != null ? ( sender.getEmail() + LB ) : StringUtils.EMPTY ) +
-            ( sender.getPhoneNumber() != null ? ( sender.getPhoneNumber() + LB ) : StringUtils.EMPTY ) );
+            (sender.getOrganisationUnitsName() != null ? (sender.getOrganisationUnitsName() + LB) : StringUtils.EMPTY) +
+            (sender.getEmail() != null ? (sender.getEmail() + LB) : StringUtils.EMPTY) +
+            (sender.getPhoneNumber() != null ? (sender.getPhoneNumber() + LB) : StringUtils.EMPTY));
     }
 
     private String renderHtmlContent( String text, String footer, User sender )

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java	2016-01-06 11:43:22 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java	2016-01-06 18:19:42 +0000
@@ -28,27 +28,27 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import java.io.Serializable;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
-
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
+import com.google.common.collect.Lists;
 import org.apache.commons.lang3.StringUtils;
+import org.hisp.dhis.external.conf.ConfigurationKey;
+import org.hisp.dhis.external.conf.DhisConfigurationProvider;
 import org.hisp.dhis.i18n.I18n;
 import org.hisp.dhis.i18n.I18nManager;
 import org.hisp.dhis.system.util.ValidationUtils;
+import org.jasypt.encryption.pbe.PBEStringEncryptor;
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.jasypt.salt.StringFixedSaltGenerator;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.google.common.cache.Cache;
-import com.google.common.cache.CacheBuilder;
-import com.google.common.collect.Lists;
+import javax.annotation.Resource;
+import java.io.Serializable;
+import java.util.*;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 
 /**
  * @author Stian Strandli
@@ -66,7 +66,10 @@
         .initialCapacity( 200 )
         .maximumSize( 400 )
         .build();
-    
+
+    private static final Map<String, SettingKey> NAME_KEY_MAP = Lists.newArrayList(
+        SettingKey.values() ).stream().collect( Collectors.toMap( SettingKey::getName, e -> e ) );
+
     // -------------------------------------------------------------------------
     // Dependencies
     // -------------------------------------------------------------------------
@@ -88,6 +91,9 @@
     @Autowired
     private I18nManager i18nManager;
 
+    @Resource( name = "stringEncryptor" )
+    private PBEStringEncryptor pbeStringEncryptor;
+
     // -------------------------------------------------------------------------
     // SystemSettingManager implementation
     // -------------------------------------------------------------------------
@@ -96,9 +102,14 @@
     public void saveSystemSetting( String name, Serializable value )
     {
         SETTING_CACHE.invalidate( name );
-        
+
         SystemSetting setting = systemSettingStore.getByName( name );
 
+        if ( NAME_KEY_MAP.get( name ).getConfidential() )
+        {
+            value = pbeStringEncryptor.encrypt( value.toString() );
+        }
+
         if ( setting == null )
         {
             setting = new SystemSetting();
@@ -118,7 +129,7 @@
 
     @Override
     public void saveSystemSetting( SettingKey setting, Serializable value )
-    {        
+    {
         saveSystemSetting( setting.getName(), value );
     }
 
@@ -130,7 +141,7 @@
         if ( setting != null )
         {
             SETTING_CACHE.invalidate( name );
-            
+
             systemSettingStore.delete( setting );
         }
     }
@@ -146,6 +157,13 @@
     {
         SystemSetting setting = systemSettingStore.getByName( name );
 
+        if ( NAME_KEY_MAP.get( name ).getConfidential() )
+        {
+
+            setting.setValue( pbeStringEncryptor.decrypt( setting.getValue().toString() ) );
+
+        }
+
         return setting != null && setting.hasValue() ? setting.getValue() : null;
     }
 
@@ -154,8 +172,9 @@
     {
         try
         {
-            Optional<Serializable> value = SETTING_CACHE.get( setting.getName(), () -> getSystemSettingOptional( setting.getName(), setting.getDefaultValue() ) );
-            
+            Optional<Serializable> value = SETTING_CACHE.get( setting.getName(),
+                () -> getSystemSettingOptional( setting.getName(), setting.getDefaultValue() ) );
+
             return value.orElse( null );
         }
         catch ( ExecutionException ignored )
@@ -173,31 +192,49 @@
     private Optional<Serializable> getSystemSettingOptional( String name, Serializable defaultValue )
     {
         SystemSetting setting = systemSettingStore.getByName( name );
-        
-        return setting != null && setting.hasValue() ? Optional.of( setting.getValue() ) : Optional.ofNullable( defaultValue );
+
+        if ( setting != null && setting.hasValue() )
+        {
+            return NAME_KEY_MAP.get( name ).getConfidential() ?
+                Optional.of( pbeStringEncryptor.decrypt( setting.getValue().toString() ) ) :
+                Optional.of( setting.getValue() );
+        }
+        else
+        {
+            return Optional.ofNullable( defaultValue );
+        }
+
     }
 
     @Override
     public List<SystemSetting> getAllSystemSettings()
     {
-        return systemSettingStore.getAll();
+
+        /*
+         * Remove confidential settings from this list!
+         */
+        return systemSettingStore.getAll().stream()
+            .filter( systemSetting -> !NAME_KEY_MAP.containsKey( systemSetting.getName() ) ||
+                !NAME_KEY_MAP.get( systemSetting.getName() ).getConfidential() )
+            .collect( Collectors.toList() );
+
     }
-    
+
     @Override
     public Map<String, Serializable> getSystemSettingsAsMap()
     {
         Map<String, Serializable> settingsMap = new HashMap<>();
-        
+
         Collection<SystemSetting> systemSettings = getAllSystemSettings();
 
         for ( SystemSetting systemSetting : systemSettings )
         {
             Serializable settingValue = systemSetting.getValue();
-            
+
             if ( settingValue == null )
             {
                 Optional<SettingKey> setting = SettingKey.getByName( systemSetting.getName() );
-                
+
                 if ( setting.isPresent() )
                 {
                     settingValue = setting.get().getDefaultValue();
@@ -222,13 +259,13 @@
             if ( settingValue == null )
             {
                 Optional<SettingKey> setting = SettingKey.getByName( name );
-                
+
                 if ( setting.isPresent() )
                 {
                     settingValue = setting.get().getDefaultValue();
                 }
             }
-            
+
             if ( settingValue != null )
             {
                 map.put( name, settingValue );
@@ -242,26 +279,26 @@
     public Map<String, Serializable> getSystemSettings( Collection<SettingKey> settings )
     {
         Map<String, Serializable> map = new HashMap<>();
-        
+
         for ( SettingKey setting : settings )
         {
             Serializable value = getSystemSetting( setting );
-            
+
             if ( value != null )
             {
                 map.put( setting.getName(), value );
             }
         }
-        
+
         return map;
     }
-    
+
     @Override
     public void invalidateCache()
     {
         SETTING_CACHE.invalidateAll();
     }
-    
+
     // -------------------------------------------------------------------------
     // Specific methods
     // -------------------------------------------------------------------------
@@ -272,24 +309,24 @@
         Collections.sort( flags );
         return flags;
     }
-    
+
     @Override
     public List<StyleObject> getFlagObjects()
     {
         Collections.sort( flags );
-        
+
         I18n i18n = i18nManager.getI18n();
-        
+
         List<StyleObject> list = Lists.newArrayList();
-        
+
         for ( String flag : flags )
         {
             String name = i18n.getString( flag );
             String file = flag + ".png";
-            
+
             list.add( new StyleObject( name, flag, file ) );
         }
-        
+
         return list;
     }
 
@@ -372,7 +409,8 @@
     @Override
     public boolean isOpenIdConfigured()
     {
-        return getSystemSetting( SettingKey.OPENID_PROVIDER ) != null && getSystemSetting( SettingKey.OPENID_PROVIDER_LABEL ) != null;
+        return getSystemSetting( SettingKey.OPENID_PROVIDER ) != null &&
+            getSystemSetting( SettingKey.OPENID_PROVIDER_LABEL ) != null;
     }
 
     @Override
@@ -386,4 +424,11 @@
     {
         return (Integer) getSystemSetting( SettingKey.CREDENTIALS_EXPIRES );
     }
+
+    @Override
+    public boolean isConfidential( String name )
+    {
+        return NAME_KEY_MAP.containsKey( name ) && NAME_KEY_MAP.get( name ).getConfidential();
+    }
+
 }

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/ConfigurationPopulator.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/ConfigurationPopulator.java	2016-01-05 18:25:17 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/startup/ConfigurationPopulator.java	2016-01-06 18:19:09 +0000
@@ -54,7 +54,6 @@
     public void execute()
         throws Exception
     {
-
         checkSecurityConfiguration();
 
         Configuration config = configurationService.getConfiguration();

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml	2016-01-06 14:37:53 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml	2016-01-06 18:19:42 +0000
@@ -876,7 +876,6 @@
 
   <bean id="emailMessageSender" class="org.hisp.dhis.message.EmailMessageSender">
     <property name="systemSettingManager" ref="org.hisp.dhis.setting.SystemSettingManager" />
-    <property name="dhisConfigurationProvider" ref="dhisConfigurationProvider" />
     <property name="userSettingService" ref="org.hisp.dhis.user.UserSettingService" />
   </bean>
 

=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/synch/DefaultSynchronizationManager.java'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/synch/DefaultSynchronizationManager.java	2016-01-05 14:03:19 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/synch/DefaultSynchronizationManager.java	2016-01-06 18:19:09 +0000
@@ -102,9 +102,6 @@
     @Autowired
     private RestTemplate restTemplate;
 
-    @Autowired
-    private DhisConfigurationProvider dhisConfigurationProvider;
-
     // -------------------------------------------------------------------------
     // SynchronizatonManager implementation
     // -------------------------------------------------------------------------
@@ -119,14 +116,14 @@
             return new AvailabilityStatus( false, "Remote server is not configured" );
         }
 
-        String url = dhisConfigurationProvider.getProperty( ConfigurationKey.REMOTE_INSTANCE_URL ) + PING_PATH;
-
-        log.info( "Remote server ping URL: " + url + ", username: " + dhisConfigurationProvider.getProperty(
-            ConfigurationKey.REMOTE_INSTANCE_USERNAME ) );
-
-        HttpEntity<String> request = getBasicAuthRequestEntity( dhisConfigurationProvider.getProperty(
-            ConfigurationKey.REMOTE_INSTANCE_USERNAME ), dhisConfigurationProvider.getProperty(
-            ConfigurationKey.REMOTE_INSTANCE_PASSWORD ) );
+        String url = systemSettingManager.getSystemSetting( SettingKey.REMOTE_INSTANCE_URL ) + PING_PATH;
+
+        log.info( "Remote server ping URL: " + url + ", username: " + systemSettingManager.getSystemSetting(
+            SettingKey.REMOTE_INSTANCE_USERNAME ) );
+
+        HttpEntity<String> request = getBasicAuthRequestEntity( (String) systemSettingManager.getSystemSetting(
+            SettingKey.REMOTE_INSTANCE_USERNAME ), (String) systemSettingManager.getSystemSetting(
+            SettingKey.REMOTE_INSTANCE_PASSWORD ) );
 
         ResponseEntity<String> response = null;
         HttpStatus sc = null;
@@ -217,8 +214,8 @@
 
         final Configuration config = configurationService.getConfiguration();
 
-        String url = dhisConfigurationProvider.getProperty( ConfigurationKey.REMOTE_INSTANCE_URL ) +
-            "/api/dataValueSets";
+        String url = systemSettingManager.getSystemSetting(
+            SettingKey.REMOTE_INSTANCE_URL ) + "/api/dataValueSets";
 
         log.info( "Remote server POST URL: " + url );
 
@@ -230,10 +227,12 @@
             {
                 request.getHeaders().setContentType( MediaType.APPLICATION_JSON );
                 request.getHeaders().add( HEADER_AUTHORIZATION,
-                    CodecUtils.getBasicAuthString( dhisConfigurationProvider.getProperty(
-                            ConfigurationKey.REMOTE_INSTANCE_USERNAME ),
-                        dhisConfigurationProvider.getProperty(
-                            ConfigurationKey.REMOTE_INSTANCE_PASSWORD ) ) );
+                    CodecUtils.getBasicAuthString(
+                        (String) systemSettingManager.getSystemSetting(
+                            SettingKey.REMOTE_INSTANCE_USERNAME ),
+                        (String) systemSettingManager.getSystemSetting(
+                            SettingKey.REMOTE_INSTANCE_PASSWORD ) ) );
+
                 dataValueSetService
                     .writeDataValueSetJson( lastSuccessTime, request.getBody(), new IdSchemes() );
             }
@@ -316,16 +315,17 @@
      */
     private boolean isRemoteServerConfigured( Configuration config )
     {
-        if ( trimToNull( dhisConfigurationProvider.getProperty( ConfigurationKey.REMOTE_INSTANCE_URL ) ) ==
+        if ( trimToNull( (String) systemSettingManager.getSystemSetting(
+            SettingKey.REMOTE_INSTANCE_URL ) ) ==
             null )
         {
             log.info( "Remote server URL not set" );
             return false;
         }
 
-        if ( trimToNull( dhisConfigurationProvider.getProperty( ConfigurationKey.REMOTE_INSTANCE_USERNAME ) ) ==
+        if ( trimToNull( (String) systemSettingManager.getSystemSetting( SettingKey.REMOTE_INSTANCE_USERNAME ) ) ==
             null ||
-            trimToNull( dhisConfigurationProvider.getProperty( ConfigurationKey.REMOTE_INSTANCE_URL ) ) ==
+            trimToNull( (String) systemSettingManager.getSystemSetting( SettingKey.REMOTE_INSTANCE_URL ) ) ==
                 null )
         {
             log.info( "Remote server username or password not set" );
@@ -345,4 +345,4 @@
         headers.set( HEADER_AUTHORIZATION, CodecUtils.getBasicAuthString( username, password ) );
         return new HttpEntity<>( headers );
     }
-}
+}
\ No newline at end of file

=== modified file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java'
--- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java	2016-01-05 18:25:17 +0000
+++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java	2016-01-06 18:19:09 +0000
@@ -51,17 +51,7 @@
     FILE_STORE_CONTAINER( "filestore.container", "files" ),
     FILE_STORE_LOCATION( "filestore.location" ),
     FILE_STORE_IDENTITY( "filestore.identity", "" ),
-    FILE_STORE_SECRET( "filestore.secret", "" ),
-    SMTP_HOSTNAME( "smtp.hostname", "" ),
-    SMTP_PORT( "smtp.port", "587" ),
-    SMTP_TLS( "smtp.tls", "true" ),
-    SMTP_USERNAME( "smtp.username", "" ),
-    SMTP_PASSWORD( "smtp.password", "" ),
-    SMTP_SENDER( "smtp.sender", "" ),
-    REMOTE_INSTANCE_URL( "remote_instance.url", "" ),
-    REMOTE_INSTANCE_USERNAME( "remote_instance.username", "" ),
-    REMOTE_INSTANCE_PASSWORD( "remote_instance.password", "" );
-
+    FILE_STORE_SECRET( "filestore.secret", "" );
 
     private final String key;
     

=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml	2015-12-23 13:59:37 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/resources/META-INF/dhis/beans.xml	2016-01-06 18:19:09 +0000
@@ -93,6 +93,11 @@
   <bean id="encryptionPassword" class="org.hisp.dhis.hibernate.ConnectionPropertyFactoryBean">
     <property name="hibernateConfigurationProvider" ref="hibernateConfigurationProvider" />
     <property name="hibernateProperty" value="encryption.password" />
+  </bean>
+
+  <bean id="systemSettingEncryptionPassword" class="org.hisp.dhis.hibernate.ConnectionPropertyFactoryBean">
+    <property name="hibernateConfigurationProvider" ref="hibernateConfigurationProvider" />
+    <property name="hibernateProperty" value="encryption.password" />
     <property name="defaultValue" value="J7GhAs287hsSQlKd9g5" />
   </bean>
 
@@ -118,7 +123,7 @@
 
   <bean id="stringEncryptor" class="org.jasypt.encryption.pbe.PooledPBEStringEncryptor">
     <property name="algorithm" value="PBEWithSHA1AndDESede" />
-    <property name="password" ref="encryptionPassword" />
+    <property name="password" ref="systemSettingEncryptionPassword" />
     <property name="saltGenerator" ref="fixedSaltGenerator" />
     <property name="poolSize" value="4" />
   </bean>

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java	2016-01-05 19:03:10 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java	2016-01-06 18:19:42 +0000
@@ -46,6 +46,8 @@
 import org.hisp.dhis.organisationunit.OrganisationUnitLevel;
 import org.hisp.dhis.period.PeriodService;
 import org.hisp.dhis.period.PeriodType;
+import org.hisp.dhis.setting.SettingKey;
+import org.hisp.dhis.setting.SystemSettingManager;
 import org.hisp.dhis.user.UserAuthorityGroup;
 import org.hisp.dhis.user.UserGroup;
 import org.hisp.dhis.webapi.controller.exception.NotFoundException;
@@ -71,7 +73,7 @@
 
     @Autowired
     private DhisConfigurationProvider config;
-    
+
     @Autowired
     private IdentifiableObjectManager identifiableObjectManager;
 
@@ -81,6 +83,9 @@
     @Autowired
     private RenderService renderService;
 
+    @Autowired
+    private SystemSettingManager systemSettingManager;
+
     // -------------------------------------------------------------------------
     // Resources
     // -------------------------------------------------------------------------
@@ -90,7 +95,7 @@
     {
         return setModel( model, configurationService.getConfiguration() );
     }
-    
+
     @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
     @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/systemId", method = RequestMethod.GET )
@@ -238,7 +243,7 @@
         }
 
         Configuration config = configurationService.getConfiguration();
-        
+
         periodType = periodService.reloadPeriodType( periodType );
 
         config.setInfrastructuralPeriodType( periodType );
@@ -300,14 +305,15 @@
     @RequestMapping( value = "/remoteServerUrl", method = RequestMethod.GET )
     public String getRemoteServerUrl( Model model, HttpServletRequest request )
     {
-        return setModel( model, config.getProperty( ConfigurationKey.REMOTE_INSTANCE_URL ) );
+        return setModel( model, systemSettingManager.getSystemSetting(
+            SettingKey.REMOTE_INSTANCE_URL ) );
     }
 
-
     @RequestMapping( value = "/remoteServerUsername", method = RequestMethod.GET )
     public String getRemoteServerUsername( Model model, HttpServletRequest request )
     {
-        return setModel( model, config.getProperty( ConfigurationKey.REMOTE_INSTANCE_USERNAME) );
+        return setModel( model, systemSettingManager.getSystemSetting(
+            SettingKey.REMOTE_INSTANCE_USERNAME ) );
     }
 
     @RequestMapping( value = "/corsWhitelist", method = RequestMethod.GET, produces = "application/json" )
@@ -315,8 +321,8 @@
     {
         return setModel( model, configurationService.getConfiguration().getCorsWhitelist() );
     }
-    
-    @SuppressWarnings("unchecked")
+
+    @SuppressWarnings( "unchecked" )
     @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
     @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/corsWhitelist", method = RequestMethod.POST, consumes = "application/json" )
@@ -324,14 +330,14 @@
         throws IOException
     {
         Set<String> corsWhitelist = renderService.fromJson( input, Set.class );
-        
+
         Configuration config = configurationService.getConfiguration();
-        
+
         config.setCorsWhitelist( corsWhitelist );
-        
+
         configurationService.setConfiguration( config );
     }
-    
+
     @RequestMapping( value = "/systemBaseUrl", method = RequestMethod.GET )
     public String getSystemBaseUrl( Model model, HttpServletRequest request )
     {

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SystemSettingController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SystemSettingController.java	2016-01-06 17:08:06 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/SystemSettingController.java	2016-01-06 18:19:42 +0000
@@ -32,6 +32,7 @@
 import java.io.Serializable;
 import java.util.Map;
 import java.util.Set;
+import java.util.function.Predicate;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -73,13 +74,15 @@
     @Autowired
     private WebMessageService webMessageService;
 
-    @RequestMapping( value = "/{key}", method = RequestMethod.POST, consumes = { ContextUtils.CONTENT_TYPE_TEXT, ContextUtils.CONTENT_TYPE_HTML } )
+    @RequestMapping( value = "/{key}", method = RequestMethod.POST, consumes = { ContextUtils.CONTENT_TYPE_TEXT,
+        ContextUtils.CONTENT_TYPE_HTML } )
     @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
     public void setSystemSetting(
         @PathVariable( value = "key" ) String key,
         @RequestParam( value = "value", required = false ) String value,
         @RequestBody( required = false ) String valuePayload,
-        HttpServletResponse response, HttpServletRequest request ) throws WebMessageException
+        HttpServletResponse response, HttpServletRequest request )
+        throws WebMessageException
     {
         if ( key == null )
         {
@@ -88,21 +91,25 @@
 
         if ( value == null && valuePayload == null )
         {
-            throw new WebMessageException( WebMessageUtils.conflict( "Value must be specified as query param or as payload" ) );
+            throw new WebMessageException(
+                WebMessageUtils.conflict( "Value must be specified as query param or as payload" ) );
         }
 
         value = ObjectUtils.firstNonNull( value, valuePayload );
-        
+
         Serializable valueObject = SettingKey.getAsRealClass( key, value );
-        
+
         systemSettingManager.saveSystemSetting( key, valueObject );
 
-        webMessageService.send( WebMessageUtils.ok( "System setting " + key + " set as value '" + valueObject + "'." ), response, request );
+        webMessageService
+            .send( WebMessageUtils.ok( "System setting " + key + " set as value '" + valueObject + "'." ), response,
+                request );
     }
 
     @RequestMapping( method = RequestMethod.POST, consumes = { ContextUtils.CONTENT_TYPE_JSON } )
     @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
-    public void setSystemSetting( @RequestBody Map<String, Object> settings, HttpServletResponse response, HttpServletRequest request )
+    public void setSystemSetting( @RequestBody Map<String, Object> settings, HttpServletResponse response,
+        HttpServletRequest request )
     {
         for ( String key : settings.keySet() )
         {
@@ -113,16 +120,30 @@
     }
 
     @RequestMapping( value = "/{key}", method = RequestMethod.GET, produces = ContextUtils.CONTENT_TYPE_TEXT )
-    public @ResponseBody String getSystemSettingAsText( @PathVariable( "key" ) String key )
+    public
+    @ResponseBody
+    String getSystemSettingAsText( @PathVariable( "key" ) String key )
     {
-        Serializable setting = systemSettingManager.getSystemSetting( key );
+        if ( systemSettingManager.isConfidential( key ) )
+        {
+            return "";
+        }
+        else
+        {
+            Serializable setting = systemSettingManager.getSystemSetting( key );
 
-        return setting != null ? String.valueOf( setting ) : null;
+            return setting != null ? String.valueOf( setting ) : null;
+        }
     }
 
-    @RequestMapping( method = RequestMethod.GET, produces = { ContextUtils.CONTENT_TYPE_JSON, ContextUtils.CONTENT_TYPE_HTML } )
-    public void getSystemSettingsJson( @RequestParam( value = "key", required = false ) Set<String> key, HttpServletResponse response ) throws IOException
+    @RequestMapping( method = RequestMethod.GET, produces = { ContextUtils.CONTENT_TYPE_JSON,
+        ContextUtils.CONTENT_TYPE_HTML } )
+    public void getSystemSettingsJson( @RequestParam( value = "key", required = false ) Set<String> key,
+        HttpServletResponse response )
+        throws IOException
     {
+        if ( key != null )
+            key.removeIf( systemSettingManager::isConfidential );
         response.setContentType( MediaType.APPLICATION_JSON_VALUE );
         renderService.toJson( response.getOutputStream(), getSystemSettings( key ) );
     }
@@ -131,7 +152,8 @@
     public void getSystemSettingsJsonP(
         @RequestParam( value = "key", required = false ) Set<String> key,
         @RequestParam( defaultValue = "callback" ) String callback,
-        HttpServletResponse response ) throws IOException
+        HttpServletResponse response )
+        throws IOException
     {
         response.setContentType( "application/javascript" );
         renderService.toJsonP( response.getOutputStream(), getSystemSettings( key ), callback );