Use TLS for JDBC connection strings

org.openrewrite.java.spring.data.UseTlsJdbcConnectionString

Increasingly, for compliance reasons (e.g. NACHA), JDBC connection strings should be TLS-enabled. This recipe will update the port and optionally add a connection attribute to indicate that the connection is TLS-enabled.

Recipe source

GitHub, Issue Tracker, Maven Central

groupId: org.openrewrite.recipe
artifactId: rewrite-spring
version: 5.8.0

Options

Type Name Description Example

Type	Name	Description	Example
`String`	propertyKey	The Spring property key to perform updates against. If this value is specified, the specified property will be used for searching, otherwise a default of `spring.datasource.url` will be used instead.	`spring.datasource.url`
`Integer`	oldPort	The non-TLS enabled port number to replace with the TLS-enabled port. If this value is specified, no changes will be made to jdbc connection strings which do not contain this port number.	`1234`
`Integer`	port	The TLS-enabled port to use.	`1234`
`String`	attribute	A connection attribute, if any, indicating to the JDBC provider that this is a TLS connection.	`sslConnection=true`

String

propertyKey

The Spring property key to perform updates against. If this value is specified, the specified property will be used for searching, otherwise a default of spring.datasource.url will be used instead.

spring.datasource.url

Integer

oldPort

The non-TLS enabled port number to replace with the TLS-enabled port. If this value is specified, no changes will be made to jdbc connection strings which do not contain this port number.

1234

Integer

port

The TLS-enabled port to use.

1234

String

attribute

A connection attribute, if any, indicating to the JDBC provider that this is a TLS connection.

sslConnection=true

Usage

This recipe has required configuration parameters. Recipes with required configuration parameters cannot be activated directly. To activate this recipe you must create a new recipe which fills in the required parameters. In your rewrite.yml create a new recipe with a unique name. For example: com.yourorg.UseTlsJdbcConnectionStringExample. Here's how you can define and customize such a recipe within your rewrite.yml:

rewrite.yml

---
type: specs.openrewrite.org/v1beta/recipe
name: com.yourorg.UseTlsJdbcConnectionStringExample
displayName: Use TLS for JDBC connection strings example
recipeList:
  - org.openrewrite.java.spring.data.UseTlsJdbcConnectionString:
      propertyKey: spring.datasource.url
      oldPort: 1234
      port: 1234
      attribute: sslConnection=true

Now that com.yourorg.UseTlsJdbcConnectionStringExample has been defined activate it and take a dependency on org.openrewrite.recipe:rewrite-spring:5.8.0 in your build file:

Add the following to your build.gradle file:

build.gradle

plugins {
    id("org.openrewrite.rewrite") version("6.12.0")
}

rewrite {
    activeRecipe("com.yourorg.UseTlsJdbcConnectionStringExample")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-spring:5.8.0")
}

Run gradle rewriteRun to run the recipe.

Add the following to your pom.xml file:

pom.xml

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.29.0</version>
        <configuration>
          <activeRecipes>
            <recipe>com.yourorg.UseTlsJdbcConnectionStringExample</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-spring</artifactId>
            <version>5.8.0</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

Run mvn rewrite:run to run the recipe.

You will need to have configured the Moderne CLI on your machine before you can run the following command.

shell

mod run . --recipe UseTlsJdbcConnectionStringExample

See how this recipe works across multiple open-source repositories

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Contributors

Shannon Pamperl, Jonathan Schneider, Knut Wannheden, Sam Snyder, Kun Li

PreviousUse QuerydslPredicateExecutor NextSpring Framework

Last updated 3 days ago