一、引入依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
二、定义配置类
package com.boshiyun.application;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @Author: zxb
* @Date: 2023/08/10 15:07
* @Description: Jasypt加密配置类
*/
@Configuration
public class JasyptConfig {
/**
* 加解密秘钥
*/
private static String PASSWORD = "你的密钥,随便定义";
/**
* 加密算法
*/
private static String ALGORITHM = "PBEWITHHMACSHA512ANDAES_256";
/**
* 迭代次数 iterations,加密过程中,通过多次重复应用密钥获取算法(Key Obtention Algorithm)来增加加密的强度和安全性。
*/
private static String ITERATIONS = "10000";
/**
* 加密池的大小,必须设置大于0
*/
private static Integer POOL_SIZE = 1;
/**
* 设置要为加密算法请求的安全提供程序的名称
*/
private static String SUN_JCE = "SunJCE";
/**
* 加密盐生成器名称
*/
private static String SALT_GENERATOR = "org.jasypt.salt.RandomSaltGenerator";
/**
* iv生成器名称
*/
private static String IV_GENERATOR = "org.jasypt.iv.RandomIvGenerator";
/**
* bean名称必须是jasyptStringEncryptor,初始化加密器
* 注入StringEncryptor请使用@Resource(name = "jasyptStringEncryptor")
* @return
*/
@Bean("jasyptStringEncryptor")
public PooledPBEStringEncryptor jasyptEncryptor(){
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(PASSWORD);
config.setAlgorithm(ALGORITHM);
config.setKeyObtentionIterations(ITERATIONS);
config.setPoolSize(POOL_SIZE);
config.setProviderName(SUN_JCE);
config.setSaltGeneratorClassName(SALT_GENERATOR);
config.setIvGeneratorClassName(IV_GENERATOR);
encryptor.setConfig(config);
return encryptor;
}
}
三、加密重要信息,并将重要信息替换为ENC(密文)
@Resource(name = "jasyptStringEncryptor")
private StringEncryptor encryptor;
@ApiOperation("测试Jasypt")
@GetMapping("testJasypt")
public ResponseData testJasypt(String text) {
String encrypt = encryptor.encrypt(text);
System.out.println("加密:" + encrypt);
String decrypt = encryptor.decrypt(encrypt);
System.out.println("解密:" + decrypt);
return ResponseData.getSuccessInstance();
}
spring:
redis:
database: 9
host: 127.0.0.1
# 使用Jasypt进行加解密
password: ENC(2b08VM0sTy0FHyMctmzqlrH3xNm+5e6XrJ9mEgnIcWOkD841XJUr+9)
port: 6379
lettuce:
pool:
min-idle: 8
max-idle: 500
max-active: 2000
max-wait: 10000
timeout: 300000
四、指定解密作用域
问题:目前指定nacos上配置文件会报错,指定项目中的application.yml文件正常
/**
* 在JasyptConfig类上新增以下注解
**/
@EncryptablePropertySources({
@EncryptablePropertySource("classpath:application.yml"),
@EncryptablePropertySource("classpath:xxx.yml")
})