When developing a web program, when configuring a database connection, most of the user names and passwords for connecting to the database are in plain text, which is very insecure.
Below we use jasypt to encrypt the database password in the configuration file:
1. Download jasypt
compile group: 'org.jasypt', name: 'jasypt', version: '1.9.2'
compile group: 'org.jasypt', name: 'jasypt-spring31', version: '1.9.0'
2. spring configuration file
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.2.xsd ">
<bean id="environmentVariablesConfiguration"
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="password" value="jasypt" />
<!-- <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
The key passwordEnvName uses the value set in the environment variable APP_ENCRYPTION_PASSWORD
-->
</bean>
<!-- -->
<!-- The will be the encryptor used for decrypting configuration values. -->
<!-- -->
<bean id="configurationEncryptor"
class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config" ref="environmentVariablesConfiguration" />
</bean>
<bean id="propertyConfigurer"
class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="locations">
<list>
<value>classpath:configs/jdbc.properties</value>
</list>
</property>
</bean>
</beans>
3. jdbc.properties database configuration file
jdbc.driver =oracle.jdbc.OracleDriver
#oracle.jdbc.OracleDriver
jdbc.url = jdbc:oracle:thin:@192.168.6.9:1521:YUN
jdbc.user = yun
jdbc.password =ENC(uQoEyRHMVxvgi0zddFcRx3NpodYP/pr/)
Note: uQoEyRHMVxvgi0zddFcRx3NpodYP/pr/ is the encrypted password; after using ENC to include the password, jasypt will decrypt the encrypted password and restore it to plaintext when connecting to the database.
3. Method of generating encrypted string
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
import org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer;
/**
*When putting the ciphertext into the configuration file, pay attention to:
* ENC (ciphertext)
* @author
*/
public class ConfigEncryptUtils {
public static void main(String[] args){
//encryption tool
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
//Encryption configuration
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
config.setAlgorithm("PBEWithMD5AndDES");
//PBEWithMD5AndTripleDES
//generate the salt of the key
config.setPassword("jasypt");
//apply configuration
encryptor.setConfig(config);
// plaintext password
String plaintext="yunboceceshi";
//encryption
String ciphertext=encryptor.encrypt(plaintext);
System.out.println(plaintext + " : " + ciphertext);
//decryption process information
//decryption process
String pText=encryptor.decrypt(ciphertext);
System.out.println(ciphertext + " : " + pText);
}
}