Problem: Hibernate4 and Jasypt 1.9.0 would not authenticate using an encrypted password, but would authenticate fine using a plain text password. However, Hibernate3 and Jasypt 1.9.0 could utilize an encrypted password or plain text.
Background: I have recently been upgrading some stand alone desktop utilities that were written in java. They utilize Hibernate as their JPA persistence provider. They had not been using encrypted passwords. Interestingly, I have not been able to migrate from Hibernate 3 to 4 using Jasypt 1.9.0. The connection would fail as the user@host could not be authenticated (Using password = YES).
The original persistence.xml that works with Hibernate 3 is:
<persistence version="2.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
<persistence-unit name="demoPU" transaction-type="RESOURCE_LOCAL">
<property name="hibernate.connection.provider_class" value="org.jasypt.hibernate3.connectionprovider.EncryptedPasswordC3P0ConnectionProvider"/>
<property name="hibernate.connection.encryptor_registered_name" value="hibernateEncryptor"/>
<property name="hibernate.connection.password" value="ENC(8VYGVbnlbSf5Y4vllKEKyg==)"/>
<property name="hibernate.connection.url" value="jdbc:mysql://localhost:3697/til_lab"/>
<property name="hibernate.connection.username" value="root"/>
Changes to move from Hibernate 3 to 4:
• The libraries for Hibernate3 were replaced with those from Hibernate4
• hibernate.connection.provider_class was changed from
•Additionally, the Jasypt libraries were swapped out:
Result: With the above changes implemented, the use of and encrypted password in the persistence.xml would cause connection authentication to fail. A plain text password in the persistence.xml caused no problems.
Discussion: Upon further investigation of the objects, it the encrypted password is stored properly in the EntityManagerFactory as ENC(...). It seems as though the encrypted password connection provider is not decrypting the password when a connection is attempted.
The odd thing is that both simple and c3p0 encrypted connection providers function (for plain text and encrypted passwords) when using Hibernate3 as a provider, but neither of the Hibernate 4 seem to handle encrypted passwords.
As a consequence, the applications will have to continue to utilize the Hibernate3 libraries. I would like to know if anyone has any reasonable explanation for the observed behavior.