diff --git a/spring-cloud-context/src/main/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializer.java b/spring-cloud-context/src/main/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializer.java index c851f38d..4842b504 100644 --- a/spring-cloud-context/src/main/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializer.java +++ b/spring-cloud-context/src/main/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializer.java @@ -212,15 +212,15 @@ public class EnvironmentDecryptApplicationInitializer implements } catch (Exception e) { String message = "Cannot decrypt: key=" + key; - if (this.failOnError) { - throw new IllegalStateException(message, e); - } if (logger.isDebugEnabled()) { logger.warn(message, e); } else { logger.warn(message); } + if (this.failOnError) { + throw new IllegalStateException(message, e); + } // Set value to empty to avoid making a password out of the // cipher text value = ""; diff --git a/spring-cloud-context/src/test/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializerTests.java b/spring-cloud-context/src/test/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializerTests.java index 8e1decee..3fc28c5f 100644 --- a/spring-cloud-context/src/test/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializerTests.java +++ b/spring-cloud-context/src/test/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializerTests.java @@ -19,8 +19,10 @@ package org.springframework.cloud.bootstrap.encrypt; import java.util.Collections; import java.util.Map; +import org.junit.Rule; import org.junit.Test; +import org.springframework.boot.test.rule.OutputCapture; import org.springframework.boot.test.util.TestPropertyValues; import org.springframework.boot.test.util.TestPropertyValues.Type; import org.springframework.context.ApplicationContext; @@ -49,6 +51,9 @@ public class EnvironmentDecryptApplicationInitializerTests { private EnvironmentDecryptApplicationInitializer listener = new EnvironmentDecryptApplicationInitializer( Encryptors.noOpText()); + @Rule + public OutputCapture outputCapture = new OutputCapture(); + @Test public void decryptCipherKey() { ConfigurableApplicationContext context = new AnnotationConfigApplicationContext(); @@ -77,14 +82,22 @@ public class EnvironmentDecryptApplicationInitializerTests { then(context.getEnvironment().getProperty("foo")).isEqualTo("spam"); } - @Test(expected = IllegalStateException.class) + @Test public void errorOnDecrypt() { this.listener = new EnvironmentDecryptApplicationInitializer( Encryptors.text("deadbeef", "AFFE37")); ConfigurableApplicationContext context = new AnnotationConfigApplicationContext(); TestPropertyValues.of("foo: {cipher}bar").applyTo(context); - this.listener.initialize(context); - then(context.getEnvironment().getProperty("foo")).isEqualTo("bar"); + // catch IllegalStateException and verify + try { + this.listener.initialize(context); + } + catch (Exception e) { + then(e).isInstanceOf(IllegalStateException.class); + } + // Assert logs contain warning even when exception thrown + String sysOutput = this.outputCapture.toString(); + then(sysOutput).contains("Cannot decrypt: key=foo"); } @Test @@ -95,6 +108,9 @@ public class EnvironmentDecryptApplicationInitializerTests { ConfigurableApplicationContext context = new AnnotationConfigApplicationContext(); TestPropertyValues.of("foo: {cipher}bar").applyTo(context); this.listener.initialize(context); + // Assert logs contain warning + String sysOutput = this.outputCapture.toString(); + then(sysOutput).contains("Cannot decrypt: key=foo"); // Empty is safest fallback for undecryptable cipher then(context.getEnvironment().getProperty("foo")).isEqualTo(""); }