在开发web程序时,配置数据库连接时,连接数据库的用户名和密码大多都是使用明文,这样做很不安全。
下面我们使用jasypt 来对配置文件中的数据库密码进行加密:
1.下载 jasypt
compile group: 'org.jasypt', name: 'jasypt', version: '1.9.2'
compile group: 'org.jasypt', name: 'jasypt-spring31', version: '1.9.0'
2. spring 配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.2.xsd ">
<bean id="environmentVariablesConfiguration"
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="password" value="jasypt" />
<!-- <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
密钥passwordEnvName使用环境变量APP_ENCRYPTION_PASSWORD 中设置的值
-->
</bean>
<!-- -->
<!-- The will be the encryptor used for decrypting configuration values. -->
<!-- -->
<bean id="configurationEncryptor"
class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config" ref="environmentVariablesConfiguration" />
</bean>
<bean id="propertyConfigurer"
class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="locations">
<list>
<value>classpath:configs/jdbc.properties</value>
</list>
</property>
</bean>
</beans>
3. jdbc.properties 数据库配置文件
jdbc.driver =oracle.jdbc.OracleDriver
#oracle.jdbc.OracleDriver
jdbc.url = jdbc:oracle:thin:@192.168.6.9:1521:YUN
jdbc.user = yun
jdbc.password =ENC(uQoEyRHMVxvgi0zddFcRx3NpodYP/pr/)
注意:uQoEyRHMVxvgi0zddFcRx3NpodYP/pr/ 为加密后的密码;使用ENC 包含密码后,连接数据库时jasypt 就会解密加密后的密码,还原成明文。
3.生成加密字符串的方法
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
import org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer;
/**
*把密文放到配置文件中的时候要注意:
* ENC(密文)
* @author
*/
public class ConfigEncryptUtils {
public static void main(String[] args){
//加密工具
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
//加密配置
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
config.setAlgorithm("PBEWithMD5AndDES");
//PBEWithMD5AndTripleDES
//生成秘钥的盐
config.setPassword("jasypt");
//应用配置
encryptor.setConfig(config);
//明文密码
String plaintext="yunboceceshi";
//加密
String ciphertext=encryptor.encrypt(plaintext);
System.out.println(plaintext + " : " + ciphertext);
//解密过程信息
//解密 过程
String pText=encryptor.decrypt(ciphertext);
System.out.println(ciphertext + " : " + pText);
}
}