Integrating Jasypt with Spring 2.x

Jasypt provides the jasypt-spring2 artifact for integration with Spring Framework 2.x. Since jasypt 1.9.0, this artifact must be added to your classpath separately.

Using jasypt digesters and encryptors as Spring beans

You have nothing special to do register jasypt beans in Spring, as all of the encryption tools (digesters and encryptors) in jasypt have the adequate design to be correctly instantiated and dependency-injected from a Spring application context.


  <bean id="strongEncryptor"
    <property name="algorithm">
    <property name="password">

Besides, all digesters and encryptors in jasypt are thread-safe, which means that they can be safely treated as singletons, the default behaviour of Spring's bean container. This avoids concurrency problems in multi-threaded environments like web applications.

Integrating jasypt with Spring's application configuration infrastructure

Jasypt provides several Spring-specific configuration management classes:

  •, as a totally compatible replacement for Spring's PropertyPlaceholderConfigurer.
  •, as a totally compatible replacement for Spring's PropertyOverrideConfigurer.
  • as a totally compatible replacement for Spring's ServletContextPropertyPlaceholderConfigurer.
  • as a totally compatible replacement for Spring's PreferencesPlaceholderConfigurer.

Their use is analogue to the Spring equivalents, but we can use them to read encrypted property values from our configuration files and apply them to our beans.

If we have the properties file seen before (


We can define in our Spring context configuration:

 <!--                                                                      -->
 <!-- Configuration for encryptor, based on environment variables.         -->
 <!--                                                                      -->
 <!-- In this example, the encryption password will be read from an        -->
 <!-- environment variable called "APP_ENCRYPTION_PASSWORD" which, once    --> 
 <!-- the application has been started, could be safely unset.             -->
 <!--                                                                      -->
 <bean id="environmentVariablesConfiguration"
   <property name="algorithm" value="PBEWithMD5AndDES" />
   <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
 <!--                                                                      -->
 <!-- The will be the encryptor used for decrypting configuration values.  -->
 <!--                                                                      -->
 <bean id="configurationEncryptor"
   <property name="config" ref="environmentVariablesConfiguration" />

 <!--                                                                      -->
 <!-- The EncryptablePropertyPlaceholderConfigurer will read the           -->
 <!-- .properties files and make their values accessible as ${var}         -->
 <!--                                                                      -->
 <!-- Our "configurationEncryptor" bean (which implements                  --> 
 <!-- org.jasypt.encryption.StringEncryptor) is set as a constructor arg.  -->
 <!--                                                                      -->
 <bean id="propertyConfigurer"
   <constructor-arg ref="configurationEncryptor" />
   <property name="locations">

 <!--                                                                      -->
 <!-- Our datasource is configured here, in the usual way. Jasypt's        -->
 <!-- EncryptedPropertyPlaceholderConfigurer will make sure that the       -->
 <!-- ${datasource.password} file gets decrypted and the DBCP DataSource   -->
 <!-- will be correctly initialised.                                       -->
 <!--                                                                      -->
 <bean id="dataSource"
   <property name="driverClassName">
   <property name="url">
   <property name="username">
   <property name="password">

EncryptablePropertyPlaceholderConfigurer and EncryptablePropertyOverrideConfigurer objects can receive as a constructor argument both an org.jasypt.encryption.StringEncryptor implementation or an org.jasypt.util.TextEncryptor object.

Encryptable ServletContextPropertyPlaceholderConfigurer implementation for Spring

Jasypt includes, a subclass of which allows the transparent decryption of servlet context parameters in web applications (for example, parameters in WEB-INF/web.xml).

These encrypted parameters can be specified in a way equivalent to that of encrypted parameters in .properties files:


Encryptable PreferencesPlaceholderConfigurer implementation for Spring

Jasypt includes, a subclass of org.springframework.beans.factory.config.PreferencesPlaceholderConfigurer which allows the transparent decryption preferences set with JDK 1.4's Preferences API.

Integrating jasypt with Spring Security 2.x

For details on how to integrate jasypt with Spring Security 2.x, please have a look at this guide.