Enhance ConfigurationImpl to use OSGi encryption service

Description

The current Pax Web implementation for encrypting/decrypting configuration properties is problematic because it assumes a specific implementation of a Jasypt property encryptor. Besides the fact that this is an OSGi anti-pattern, it makes it difficult to modify the property encryption and decryption capabilities so they are more secure (e.g. implementing the Jasypt interface so that it offloads encryption and decryption to an HSM).

I would like to propose that rather than simply instantiating a new StandardPBEStringEncryptor, the ConfigurationImpl class should maintain a service tracker for any implementations of org.jasypt.encryption.StringEncryptor registered with the OSGi container. This is the way property encryption/decryption is implemented in Pax JDBC and I feel that it is an overall better approach.

See the following links for reference
DataSourceConfigManager.java
Activator.java

Environment

None

Status

Assignee

Unassigned

Reporter

Dariush Amiri

Labels

None

Fix versions

Priority

Major
Configure