spring*.xml配置文件明文加密
说明:客户要求spring.xml中Oracle/Redis/MongoDB的IP、端口、用户名、密码不能明文存放,接到需求的我,很无奈,但是还是的硬着头皮搞*
系统架构:spring+mvc(Oracle是用jdbc自己封装的接口)
1.数据库配置文件加密
原xml配置
<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"
default-autowire="byType">
<context:component-scan base-package="cn.geoff" use-default-filters="false">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Service"/>
</context:component-scan>
<!-- Database Connection Pool -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="url" value="jdbc:oracle:thin:@192.168.100.100:1521:orcl"/>
<property name="username" value="Geoff"/>
<property name="password" value="123456"/>
<property name="validationQuery" value="select 'x' from dual"/>
.....
</bean>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
</beans>
加密实现过程
思路:继承DruidDataSource,在初始化set值的时候进行解密
/**
* 数据库连接解密
* @author: Geoff
* @create: 2020-12-30 16:46
**/
public class DataBaseXml extends DruidDataSource {
/**
* Log4j logger
*/
private final static Logger lg = LoggerFactory.getLogger(DataBaseXml.class);
@Override
public String getUrl() {
return this.jdbcUrl;
}
@Override
public void setUrl(String jdbcUrl) {
if(GEOFF.DATA_BASE_IS_ENCRYPTION) {
lg.info("数据库【jdbcUrl】解密初始化加载...");
try {
jdbcUrl = Encryption.decrypt(jdbcUrl, GEOFF.DATA_BASE_ENCRYPTION_KEY);
} catch (Exception e) {
lg.error("数据库【jdbcUrl】密文解密失败...");
e.printStackTrace();
}
}
this.jdbcUrl = jdbcUrl;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public void setUsername(String username) {
if(GEOFF.DATA_BASE_IS_ENCRYPTION) {
lg.info("数据库【username】解密初始化加载...");
try {
username = Encryption.decrypt(username, GEOFF.DATA_BASE_ENCRYPTION_KEY);
} catch (Exception e) {
lg.error("数据库【username】密文解密失败...");
e.printStackTrace();
}
}
this.username = username;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public void setPassword(String password) {
if(GEOFF.DATA_BASE_IS_ENCRYPTION){
lg.info("数据库【password】解密初始化加载...");
try {
password = Encryption.decrypt(password, GEOFF.DATA_BASE_ENCRYPTION_KEY);
} catch (Exception e) {
lg.error("数据库【password】密文解密失败...");
e.printStackTrace();
}
}
this.password = password;
}
}
修改后配置文件
<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"
default-autowire="byType">
<context:component-scan base-package="cn.GEOFF" use-default-filters="false">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Service"/>
</context:component-scan>
<bean id="dataSource" class="cn.GEOFF.framework.core.DataBaseXml" init-method="init" destroy-method="close">
<property name="url" value="4lZ4l804zIDqOJ5Wt3VNVLZvSLSDqCuQwhg5cAbQ1VG/vx+x+pEJQ6VJmLPO+PKK"/>
<property name="username" value="PFEz8V4uvb06KhQxCLvLNA=="/>
<property name="password" value="mMckYd6C5fo="/>
<property name="validationQuery" value="select 'x' from dual"/>
.....
</bean>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
</beans>
2.Redis配置文件加密
原配