and more in a single search tool across platforms. Read the announcement here. |
02/15/2024 05:01 AM
Hello Experts,
We are trying to connect with Active Directory using custom jar for one of our usecases and are able to establish the connection by hardcoding the environment details with-in the code. Is there a way we can add these environment specific properties in a property file and refer to that in the code?
Thanks
Solved! Go to Solution.
02/15/2024 06:17 AM - edited 02/15/2024 06:18 AM
HI @Ankky , yes.
I am using this code to achieve that
String line=null;
FileReader fr = new FileReader("/saviynt_shared//saviynt//Import//Datafiles//variables_preprod.csv");
BufferedReader br = new BufferedReader(fr);
line = br.readLine();
getOrgunitHierarchyThreadPool.BASE_URL = "https://XXXX.ssmcloud.net/ECM";
getOrgunitHierarchyThreadPool.LOGIN_URL = "/api/login";
getOrgunitHierarchyThreadPool.REST_USER = "APIUser";
getOrgunitHierarchyThreadPool.REST_PW = decryption.decrypt("ssssssssssxxxxxxxxxx11", line);
I am encrypting the password and then storing that in file and hence using decryption.decrypt method , decryption is the class and decrypt is the method to decrypt encrypted password in runtime and use that.
Methods to encrypt and decrypt are like this , you an just google it also. Lot of ways to do it.
public static String encryptPwd(final String secret, final String data) {
byte[] decodedKey = Base64.getDecoder().decode(secret);
try {
Cipher cipher = Cipher.getInstance("AES");
// rebuild key using SecretKeySpec
SecretKey originalKey = new SecretKeySpec(Arrays.copyOf(decodedKey, 16), "AES");
cipher.init(Cipher.ENCRYPT_MODE, originalKey);
byte[] cipherText = cipher.doFinal(data.getBytes("UTF-8"));
return Base64.getEncoder().encodeToString(cipherText);
} catch (Exception e) {
throw new RuntimeException(
"Error occured while encrypting data", e);
}
}
public static String decrypt(final String secret,
final String encryptedString) {
byte[] decodedKey = Base64.getDecoder().decode(secret);
try {
Cipher cipher = Cipher.getInstance("AES");
// rebuild key using SecretKeySpec
SecretKey originalKey = new SecretKeySpec(Arrays.copyOf(decodedKey, 16), "AES");
cipher.init(Cipher.DECRYPT_MODE, originalKey);
byte[] cipherText = cipher.doFinal(Base64.getDecoder().decode(encryptedString));
return new String(cipherText);
} catch (Exception e) {
throw new RuntimeException(
"Error occured while decrypting data", e);
}
}
Thanks,
Amit
If helped, Please ACCEPT SOLUTION and give KUDOS.
02/15/2024 12:56 PM
Amit,
Can we not embed the properties file as part of jar itself and then read it?
02/15/2024 01:14 PM - edited 02/15/2024 01:15 PM
@Falcon , yeah that is fine too. I just wanted the encrypted password to be at a different place than the Jar. If you have the Jar alone you can't decrypt and know the password. Adds one more step to get the password re-engineered.
But that is an equally valid option even easier.
Thanks,
Amit
03/06/2024 01:27 AM
Hello @AmitM,
Does the path "/saviynt_shared//saviynt//Import//Datafiles//" remains same in all the EIC versions? Where can I find the full path?
Thankyou!
03/06/2024 02:46 AM
Hi @Ankky , you can ask that using a fresh desk ticket but this is the path that I have seen mostly.
You can also have this config within Jar / Java as another option. We separated file and Jar for adding bit more security as we tend to share Jars and then the password could also go with Jar.
Thanks,
Amit
03/06/2024 02:51 AM
Thanks Amit!
My idea to keep it separate was to make it easy by avoiding updating jar when we are migrating from dev to prod or the password has changed. Is there a way to update environment variables without rebuilding jar?
03/06/2024 02:55 AM
You can pass it as arguments when scheduling Job and calling method via Job.
Code will remain the same but Job argument will cahnge
03/06/2024 02:58 AM
I need to invoke it on user attribute updates. Is there a way I can pass additional input arguments in user update rule?
03/06/2024 03:05 AM - edited 03/06/2024 03:05 AM
I am not aware or tried to pass additional attributes in user update rule. user JSON is by default I think.
Do it with file directory only then.