对关键配置信息使用DES加密

首先在util下创建工具类

package com.edt.o2o.util;
import java.security.Key;
import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;

import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/**
 * DES是一种对称加密算法，所谓对称加密算法即:加密和解密使用相同密钥的算法
 * @author EDT灬谭泽豪
 *
 */
public class DESUtils {



		private static Key key;
		//设置密钥key
		private static String KEY_STR = "myKey";
		private static String CHARSETNAME = "UTF-8";
		private static String ALGORITHM = "DES";

		static {
			try {
				//生成DES算法对象
				KeyGenerator generator = KeyGenerator.getInstance(ALGORITHM);
				//运用SHA1安全策略
				SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
				//设置上密钥种子
				secureRandom.setSeed(KEY_STR.getBytes());
				//初始化基于SHA1的算法对象
				generator.init(secureRandom);
				//生成密钥对象
				key = generator.generateKey();
				generator = null;
			} catch (Exception e) {
				throw new RuntimeException(e);
			}
		}
//获取加密后的信息
		public static String getEncryptString(String str) {
			//基于BASE64编码，接收byte[]并转化成String
			BASE64Encoder base64encoder = new BASE64Encoder();
			try {
				//按UTF8编码
				byte[] bytes = str.getBytes(CHARSETNAME);
				//获取加密对象
				Cipher cipher = Cipher.getInstance(ALGORITHM);
				//初始化密码信息
				cipher.init(Cipher.ENCRYPT_MODE, key);
				//加密
				byte[] doFinal = cipher.doFinal(bytes);
				//byte[] to encode好的String并返回
				return base64encoder.encode(doFinal);
			} catch (Exception e) {
				// TODO: handle exception
				throw new RuntimeException(e);
			}
		}

		//获取解密之后的信息
		public static String getDecryptString(String str) {
			//基于BASE64编码，接收byte[]并转换成String
			BASE64Decoder base64decoder = new BASE64Decoder();
			try {
				//将字符串decode成byte[]
				byte[] bytes = base64decoder.decodeBuffer(str);
				//获取解密对象
				Cipher cipher = Cipher.getInstance(ALGORITHM);
				//吃实话解密信息
				cipher.init(Cipher.DECRYPT_MODE, key);
				//解密
				byte[] doFinal = cipher.doFinal(bytes);
				//返回解密之后的信息
				return new String(doFinal, CHARSETNAME);
			} catch (Exception e) {
				// TODO: handle exception
				throw new RuntimeException(e);
			}
		}
		//加密解密测试
		public static void main(String[] args) {
			System.out.println(getEncryptString("root"));
			System.out.println(getEncryptString("230230"));
			System.out.println(getDecryptString("WnplV/ietfQ="));
			System.out.println(getDecryptString("TdixoQRe6Y0="));
		}
}

在jdbc.propereties文件下 写入加密后的信息

jdbc.driver=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/o2o?useUnicode=true&characterEncoding=utf8&serverTimezone=UTC
jdbc.username=WnplV/ietfQ=         //加密后的信息
jdbc.password=TdixoQRe6Y0=		//加密后的信息

因为要在spring-dao.xml 中对jdbc.properties 的信息进行解密
则在util包中创建多 一个工具类

package com.edt.o2o.util;

import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;

public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer{
	//需要加密的字段数组
	private String[] encryptPropNames = { "jdbc.username", "jdbc.password" };
//对关键的属性进行转换
	@Override
	protected String convertProperty(String propertyName, String propertyValue) {
		if (isEncryptProp(propertyName)) {//判断是否加密
			//对已加密的字段进行解密工作
			String decryptValue = DESUtils.getDecryptString(propertyValue);
			return decryptValue;
		} else {
			return propertyValue;//若无加密则直接返回
		}
	}

	private boolean isEncryptProp(String propertyName) { //判断是否加密
		for (String encryptpropertyName : encryptPropNames) {
			if (encryptpropertyName.equals(propertyName))
				return true;
		}
		return false;
	}
}

在原来的spring-dao.xml 配置数据库文件中 删除此解析properties文件代码

<context:property-placeholder location="classpath:jdbc.properties"/>

换成

<bean class="com.edt.o2o.util.EncryptPropertyPlaceholderConfigurer">
		<property name="locations">
			<list>
				<value>classpath:jdbc.properties</value>
			</list>
		</property>
		<property name="fileEncoding" value="UTF-8" />
	</bean>

配置完成