#18 Encrypted connection data does not work with Hibernate 4


(from http://forum.jasypt.org/Encrypted-passwords-using-JPA-2-0-Hibernate-3-amp-Hibernate-4-td5480483.html )

Problem: Hibernate4 and Jasypt 1.9.0 would not authenticate using an encrypted password, but would authenticate fine using a plain text password. However, Hibernate3 and Jasypt 1.9.0 could utilize an encrypted password or plain text.

Background: I have recently been upgrading some stand alone desktop utilities that were written in java. They utilize Hibernate as their JPA persistence provider. They had not been using encrypted passwords. Interestingly, I have not been able to migrate from Hibernate 3 to 4 using Jasypt 1.9.0. The connection would fail as the user@host could not be authenticated (Using password = YES).

The original persistence.xml that works with Hibernate 3 is:

<persistence version="2.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
<persistence-unit name="demoPU" transaction-type="RESOURCE_LOCAL">
<property name="hibernate.connection.provider_class" value="org.jasypt.hibernate3.connectionprovider.EncryptedPasswordC3P0ConnectionProvider"/>
<property name="hibernate.connection.encryptor_registered_name" value="hibernateEncryptor"/>
<property name="hibernate.connection.password" value="ENC(8VYGVbnlbSf5Y4vllKEKyg==)"/>
<property name="hibernate.connection.url" value="jdbc:mysql://localhost:3697/til_lab"/>
<property name="hibernate.connection.username" value="root"/>

Changes to move from Hibernate 3 to 4:
• The libraries for Hibernate3 were replaced with those from Hibernate4
• hibernate.connection.provider_class was changed from




•Additionally, the Jasypt libraries were swapped out:




Result: With the above changes implemented, the use of and encrypted password in the persistence.xml would cause connection authentication to fail. A plain text password in the persistence.xml caused no problems.

Discussion: Upon further investigation of the objects, it the encrypted password is stored properly in the EntityManagerFactory as ENC(...). It seems as though the encrypted password connection provider is not decrypting the password when a connection is attempted.

The odd thing is that both simple and c3p0 encrypted connection providers function (for plain text and encrypted passwords) when using Hibernate3 as a provider, but neither of the Hibernate 4 seem to handle encrypted passwords.

As a consequence, the applications will have to continue to utilize the Hibernate3 libraries. I would like to know if anyone has any reasonable explanation for the observed behavior.



  • fairct

    fairct - 2012-04-09

    This is the same issue as I reported in Bug ID: 3515222. At a guess, Hibernate 4 exposes a Map object now instead of a Properties object on startup, when the configure method gets called on whatever connection provider class specified. I confirmed this by copying the EncryptedPasswordC3P0ConnectionProvider class source into my own class and changing the configure method signature to have a Map parameter. My version of the configure method was then hit successfully, and the parameters are now decrypted.

  • Strong Liu

    Strong Liu - 2012-11-26

    Hi, I created a patch for this issue, but I have no idea where to attach it, so I created a gist, please go to https://gist.github.com/4147126

  • Earl Baugh

    Earl Baugh - 2015-12-10

    +1 Hitting same issue.

    Any chance of getting a new release with the few bugs on the bug list resolved?
    All of them are 5 min changes...


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks