SSM配置文件信息加密实现

  在web项目中数据库连接时的账号密码都直接写在配置文件中，直接被暴露出来，造成一定的安全隐患，所以在这里使用DES算法对密码进行加密，实现代码如下：

1、配置密码加密工具类：DESUtil

public class DESUtil {
	 
    private static Key key;
    //设置密钥
    private static String KEY_STR = "shepikey";
    private static String CHARSETNAME = "UTF-8";
    private static String ALGORITHM = "DES";
 
    static{
        try {
            KeyGenerator generator = KeyGenerator.getInstance(ALGORITHM);
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(KEY_STR.getBytes());
            generator.init(secureRandom);
            key = generator.generateKey();
            generator = null;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
    }
 
    //加密
    public static String getEncryptString(String str){
        BASE64Encoder encoder = new BASE64Encoder();
        try {
            byte[] bytes = str.getBytes(CHARSETNAME);
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] doFinal = cipher.doFinal(bytes);
            return encoder.encode(doFinal);
        } catch (Exception e) {
            e.printStackTrace();
//            throw ...
        }
        return null;
    }
 
    //解密
    public static String getDecryptString(String str){
        BASE64Decoder decoder = new BASE64Decoder();
        try {
            byte[] bytes = decoder.decodeBuffer(str);
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(Cipher.DECRYPT_MODE, key);
            byte[] doFinal = cipher.doFinal(bytes);
            return new String(doFinal, CHARSETNAME);
        } catch (Exception e) {
            e.printStackTrace();
            //throw ...
        }
        return null;
    }
}

2、

编写继承PropertyPlaceholderConfigurer 的加密处理工具

将需要加密的项先利用上面的加密算法手动加密后写入到配置文件中，之后将加密过的值的键写入到下面这个数组中，

也就是告诉程序那些配置文件中的值是需要解密的。

public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
    private String[] encryptProppNames = {"jdbc.username","jdbc.password","redis.password"};
 
    /**
     * 对关键的属性进行转换
     */
    @Override
    protected String convertProperty(String propertyName, String propertyValue) {
        if( isEncryptProp(propertyName) ){
            //解密
            String decryptValue = DESUtil.getDecryptString(propertyValue);
            return decryptValue;
        }else{
            return propertyValue;
        }
    }
 
    private boolean isEncryptProp(String propertyName){
        for( String encryptpropertyName : encryptProppNames ){
            if( encryptpropertyName.equalsIgnoreCase(propertyName) ){
                return true;
            }
        }
        return false;
    }
    
}

3、修改xml中导入配置文件的方式

由

<context:property-placeholder location="classpath:dbConfig/db.properties" ignore-unresolvable="true"/>

修改为：

<bean class="cn.hczl.huiyuan.util.EncryptPropertyPlaceholderConfigurer">
        <property name="locations">
            <list>
                <value>classpath:dbConfig/db.properties</value>
                <value>classpath:dbConfig/redis.properties</value>
            </list>
        </property>
        <property name="fileEncoding" value="UTF-8" />
    </bean>