Configuration files password encryption failing when propsToEncrypt is set to more than one property

Issue:

After executing ./js-install.sh (or js-install.bat) for installation of TIBCO JasperReports® Server version 7.9, plain-text passwords that were set in the configuration files were not encrypted after the installation. This is despite setting the propsToEncrypt property appropriately in the default_masters.properties file. 

As a use-case example, we have set the following :

propsToEncrypt=dbPassword,external.dbPassword

encrypt=true

but after installation, the external.jdbc.password in the configuration file, js.externalAuth.properties, was not encrypted.

In the previous version, TIBCO JasperReports® Server 7.5.1, we were getting encrypted passwords in the corresponding configuration files with the same default_master.properties settings. 

Solution:

This is a regression defect that was reported for TIBCO JasperReports® Server versions 7.8 and 7.9 under the following incident reference:

JS-59995: buildomatic does not encrypt more than one password at a time 

The defect is fixed for TIBCO JasperReports® Server 7.8 as a hotfix.

To obtain this hotfix, download the latest 7.8 cumulative hotfix from Support Portal and apply the hotfix as per the instructions. 

Note: When reviewing the included readme.txt file, the reference incident will be listed as:

"JS-59995 Update MasterPropertiesObfuscator to split propsToEncrypt by a comma"

At this time of writing, the defect is formally fixed in the upcoming major release after TIBCO JasperReports® Server version 7.9 but there is no equivalent hotfix for TIBCO JasperReports® Server version 7.9.

For users affected by this issue in TIBCO JasperReports® Server version 7.9, below are the steps to workaround this defect.

Workaround for TIBCO JasperReports® Server version 7.9 only

Before executing ./js-install.sh (or js-install.bat):

1> Edit default_master.properties file and only set one property to encrypt starting with dbPassword:

propsToEncrypt=dbPassword
encrypt=true

2> At the command line under buildomatic directory, run:

cd <js-install>/buildomatic
js-ant clean-config
js-ant gen-config

Note: The first js-ant command deletes all the files (and even default directory itself) in buildomatic/build_conf/default directory. The second re-builds the configuration settings and files are recreated in this directory.

3> Edit default_master.properties file and only set the next property to encrypt :

propsToEncrypt=external.dbPassword
encrypt=true

Important note: This file was changed from step 2 so that encrypt.done=true appears. This needs to be changed back into encrypt=true

4> At the command line under buildomatic directory, run:

js-ant gen-config

Note: do not run "js-ant clean-config" otherwise the first encrypted password will be invalidated.

After performing the above steps, navigate to buildomatic/build_conf/default and check the following files to verify the passwords are encrypted:

js.jdbc.properties - for validation of property dbPassword

js.externalAuth.properties - for validation of property external.dbPassword

Note: the default_master.properties file was updated as well to reflect on the encrypted passwords and encrypt=true becomes encrypt.done=true

You can then execute ./js-install.sh to carry out the installation. Post-installation, you can check the context.xml under /META-INF and js.externalAuth.properties under ../WEB-INF directory for the above two encrypted passwords.

Note: The workaround provides for a use-case where propsToEncrypt is set to two specific properties (dbPassword, external.dbPassword) but the workaround is applicable to all valid properties set as long as there are more than one properties set (which is what the issue was caused by). 

ref: 02042496