Hi,

Can anyone tell me if it is possible to reload a custom type definition without restarting the app server?

I am using Jasypt with Hibernate to encrypt data and we need to be able to update the encryption password / key periodically. however, when I try to do this, it still appears to use the old key.

From looking at this, it looks like Hibernate is using the instance of the type definition it first got when app server started up. What I am looking for is a mechanism of telling Hibernate to discard that instance and load the type definition again.

Does anybody know how to do this?

Thanks very much,
John


Hibernate version:
3.2.4.sp1

Mapping documents:
@org.hibernate.annotations.TypeDefs(
{
@org.hibernate.annotations.TypeDef(
name="encryptedString",
typeClass=org.jasypt.hibernate.type.EncryptedStringType.class,
parameters= {
@org.hibernate.annotations.Parameter(name="encryptorRegisteredName", value="strongHibernateStringEncryptor")
}
),
@org.hibernate.annotations.TypeDef(
name="encryptedBinary",
typeClass=org.jasypt.hibernate.type.EncryptedBinaryType.class,
parameters= {
@org.hibernate.annotations.Parameter(name="encryptorRegisteredName", value="strongHibernateBinaryEncryptor")
}
),
@org.hibernate.annotations.TypeDef(
name="encryptedBigInteger",
typeClass=org.jasypt.hibernate.type.EncryptedBigIntegerType.class,
parameters= {
@org.hibernate.annotations.Parameter(name="encryptorRegisteredName", value="strongHibernateBigIntegerEncryptor")
}
),
@org.hibernate.annotations.TypeDef(
name="encryptedBigDecimal",
typeClass=org.jasypt.hibernate.type.EncryptedBigDecimalAsStringType.class,
parameters= {
@org.hibernate.annotations.Parameter(name="encryptorRegisteredName", value="strongHibernateStringEncryptor"),
@org.hibernate.annotations.Parameter(name="decimalScale", value="2")
}
),
@org.hibernate.annotations.TypeDef(
name="encryptedBoolean",
typeClass=org.jasypt.hibernate.type.EncryptedBooleanAsStringType.class,
parameters= {
@org.hibernate.annotations.Parameter(name="encryptorRegisteredName", value="strongHibernateStringEncryptor")
}
),
@org.hibernate.annotations.TypeDef(
name="encryptedDate",
typeClass=org.jasypt.hibernate.type.EncryptedDateAsStringType.class,
parameters= {
@org.hibernate.annotations.Parameter(name="encryptorRegisteredName", value="strongHibernateStringEncryptor")
}
)
}
)


Name and version of the database you are using:
Oracle 10g

You need to recreate your session factory, forcing a reload of the hibernate config. When the config relaods it creates a new instance of the encrypting UserType which looks up the encryptor from the registry.

And in terms of EJB3's persistence layer, would you know what the equivalent of this would be?

Creating a new EntityManager from an EntityManagerFactory?

Thanks very much for the info

John

I'm not sure. Given that a hibernate Session is equivalent to an EntityManager its more likely you'd have to recreate the EntityManagerFactory (like the SessionFactory) in order to pick up new properties. How this is done I don't know. Probably by restarting the app server!! Back to sqaure one.

Bascially I think you're looking to achieve something that these systems are not designed to do. I'd be looking for a non-technical solution to this. i.e. why can't the server be restarted occassionally. What about important security updates to the operating system, upgrades, etc. Sorry I couldn't be of more help.

Yeah that's it. Ah there's always ways of doing it alright.
Might be a case of writing jdbc code to do updates on tables, bypassing the EJB3 layer and manually encrypting the data..but then what's the point of having EJB3 eh?

Sure i'll have a look into it.

Thanks for your help
John

Ok, this is a bit extreme but would definitely work. You could create your own UserType implementations for EncryptedStringType etc. that have the ability to re-initialise their encrypter (using some mechanism of your chosing). This still uses jasypt for encrption and has the convenience of EJB3.

The source code for jasypt is available so you already have a base implementation of all these UserTypes. Just add the reload mechanism to get what you want.

Yeah i had thought of that alright, although I'm not sure I want to go down that road. May become dependent on a particular version of Jasypt then and if client wants to upgrade, then this could become a problem.

Don't know which is the lesser of two evils, add jdbc code or modify Jasypt source

Hi Mike,

Just to let you know that it is actually possible to create a new EntityManagerFactory in EJB3:



This has gotten me around that problem. Thanks for your help on this.

John