Home/ Questions/Q 8394189
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T19:59:33+00:00

I am creating a Spring MVC application which is a SOAP client. To communicate

  • 0

I am creating a Spring MVC application which is a SOAP client. To communicate with SOAP web-service I am suppose to pass the login credentials. My application doesn’t need to store any details dynamically and hence I am not using any db for this application. So kindly suggest a recommended practice to store the sensitive credential for my application. This credential will we managed by the system admin and must be easy for him to change according to the requirement.

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Store the username and password in a properties file external to your webapp spring context. That way the sysadmin can easily lock down read access on the properties file to the relevant parties (e.g. your application and himself). That should stop prying eyes seeing the password.

    In your spring context have something like:

    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
  <property name="location">
    <list>
      <value>/path/to/config.properties</value>
    </list>
  </property>
  <property name="ignoreUnresolvablePlaceholders" value="true"/>
</bean>

<bean id="myBean" class="...">
    <property name="username" value="{usernameFromExternalPropFile}" />
    <property name="password" value="{passwordFromExternalPropFile}" />
</bean>

    The sysadmin will then also be able to change the username/password independently from a build.

    See http://www.javaworld.com/community/node/8309/

    • 0