Fix decryption of indexed (list) properties.#1634
Fix decryption of indexed (list) properties.#1634ryanjbaxter merged 1 commit intospring-cloud:4.3.xfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request refactors the decryption logic for encrypted properties in Spring Cloud Context to fix issues with indexed (list) properties and relaxed binding. The changes streamline the decryption algorithm to only copy indexed properties that contain encrypted values and to properly handle relaxed binding scenarios where property names can have different formats (e.g., foo.text, FOO_TEXT, foo_text).
Changes:
- Rewrote
AbstractEnvironmentDecrypt.decrypt()to use a visitor pattern that tracks processed properties with relaxed binding support - Simplified API by removing unnecessary parameters and helper methods in multiple classes
- Added comprehensive tests in new
AbstractEnvironmentDecryptTestsclass to verify the fix - Updated existing tests to use modern Java syntax (
Map.of(),varkeyword)
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
AbstractEnvironmentDecrypt.java |
Complete rewrite of decryption logic with visitor pattern, relaxed binding support, and selective indexed property copying |
TextEncryptorUtils.java |
Simplified decrypt method signature to remove redundant parameter |
EnvironmentDecryptApplicationInitializer.java |
Updated to use simplified decrypt API and removed obsolete helper methods |
DecryptEnvironmentPostProcessor.java |
Updated to use simplified decrypt API |
AbstractEnvironmentDecryptTests.java |
New comprehensive test suite covering all decryption scenarios including relaxed binding and indexed properties |
EnvironmentDecryptApplicationInitializerTests.java |
Modernized test code with Java improvements and refactored composite property source test |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
kvmw
force-pushed
the
topic/kvmw/4.3.x/decrypt
branch
from
d48ccc4 to
8c515b7
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
kvmw
force-pushed
the
topic/kvmw/4.3.x/decrypt
branch
2 times, most recently
from
b80cfc0 to
9556774
Compare
When decrypting indexed properties all items of the list with at least one encrypted item should be copied to the new property-source but not the other lists. When searching for properties relaxed-binding should be considered. Signed-off-by: kvmw <[email protected]>
kvmw
force-pushed
the
topic/kvmw/4.3.x/decrypt
branch
from
9556774 to
8747fad
Compare
|
@ryanjbaxter Looks like this fix is still not merged to the mainline. |
|
@shitikanth yes it was merged in main That commit has a tag of 5.0.1. |
This pull request fixes #1253.
It also fixes the following cases:
For example, in the following case only
my-listshould be copied to the decrypted property source but current implementation copiesanother-listas well.foo.text : '{cipher}4ffef9'by addingFOO_TEXT : 'updated value'in another property source with higher priority.