Security - MTDdk/jawn GitHub Wiki

Enabling security

jawn has built-in hashing and encryption that can be used in all controllers.

The hashing algorithm(s) are always available, but the encryption algorithms need a key for the encryption/decryption phases.

In jawn.properties:

security.secret=<encryption key>

In development and test modes this security.secret will be automatically generated if not already present. The encryption key can be a string of any length. If the string is not long enough or too long according to the specification of the chosen algorithm, the key will automatically be extended or reduced by the framework. (The extension of the key will simply loop the characters to the end of the key to meet the algorithm criteria)

Only in production will the key not be generated, and the encryption algorithms will fail with an error in the log.

Usage

public class CryptoController extends Controller {
    @Inject
    Crypto crypto;
    
    @Inject
    MoviesDB movies;

    public void index() {
        Integer id = getId().asInt();
        Movie movie = movies.fetch(getId().asInt());
        
        // clone the movie and encrypt its name
        Movie clone = movie.clone();
        clone.name = crypto.encrypt().AES().encrypt(clone.name);
        
        respond().json(clone); // respond in json
    }
}

Available algorithms

String encrypt().AES().encrypt(String data);
String encrypt().AES().decrypt(String data);

String hash().SHA256().sign(String value, String key);