current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Programmers Stack Exchange is a question and answer site for professional programmers interested in conceptual questions about software development. It's 100% free, no registration required.
up vote 0 down vote favorite

Program Situation

I use Spring Framework to code my Web Service, using Dependency injection to inject a DataSource bean into the DAO bean that will be used by the Web Service.

I have all the database properties(Url, Password, Username, the stuff I don't want people to see) written in the DataSource Bean XML!

Workplace Situation

I have git setup to commit my entire project....(Hint: Including my DataSource Bean XML which has my password written in plain text)

I thought of using the .gitignore but the Bean XML is a crucial component in my Web Service project and it shouldn't be ignored. (Right?) But I also don't want the world to see my password.

What should I do?

share|improve this question

1 Answer 1

up vote 2 down vote accepted

Anything you put into the Spring XML is static and compiled into the binary. If there is some information which can change, it is always a good idea to externalize it into a properties file. Spring can read the properties file and then use the values as inputs to its beans.

You need to use a concept called the property placeholder to inject these properties. First, create a properties file, say, MyApp.properties and place it into a known directory, say, /settings/MyApp. The contents of the file will be in the format:

databaseUsername=USER
databasePassword=PWD
property3=value3
property4=value4
...

In your Spring XML, add the following tag:

<context:property-placeholder location="file:///settings/MyApp/MyApp.properties"/>

Now, you can simply use these external properties in your spring objects:

<bean id="dataSource" class="...">
    <property name="username" value="${databaseUsername}">
    <property name="password" value="${databasePassword}">
</bean

Now you can safely check in your Spring XML (but not MyApp.properties) and make sure that other users have their own MyApp.properties at the configured location.

There are other things you can do to make the property file lookup more dynamic. See this link for more details:

6 Tips for Managing Property Files with Spring

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.