1.概述
SpringCloud-ConfigServer工程集成jasypt-spring-boot-starter对配置文件中的用户名和密码加密时,自定义的加密方法总是不生效。查不出什么原因。所以直接通过反编译代码的方式解决。
2. 导入maven依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.2</version>
</dependency>
<dependency>
<groupId>com.antherd</groupId>
<artifactId>sm-crypto</artifactId>
<version>0.3.2</version>
</dependency>
3. 写一个加密工具类
package cn.xxx.config.util;
import com.antherd.smcrypto.sm4.Sm4;
public class SM4Util {
/**默认key*/
private static String dataKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
/**
* 加密
* @param plainText 明文
* @param key key 16 进制字符串,要求为 128 比特,如果为null则使用默认key
* @return 返回密文
*/
public static String encrypt(String plainText, String key) {
if(null == key || key.trim().length() == 0) {
key = dataKey;
}
String cipherText = Sm4.encrypt(plainText, key);
return cipherText;
}
/**
* 解密
* @param cipherText 密文
* @param key key 16 进制字符串,要求为 128 比特,如果为null则使用默认key
* @return 返回明文
*/
public static String decrypt(String cipherText, String key) {
if(null == key || key.trim().length() == 0) {
key = dataKey;
}
String plainText = Sm4.decrypt(cipherText, key);
return plainText;
}
}
4. 修改配置文件中需要加密的信息
把
password: xxxxxx
改为
password: ENC(xxxxxxxxxxxxxxxxxxxxxxxxx)
5. 反编译org.springframework.cloud.config.server.environment.EnvironmentController,修改部分代码
package org.springframework.cloud.config.server.environment;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.servlet.http.HttpServletResponse;
import com.antherd.smcrypto.sm4.Sm4;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.ulisesbocchio.jasyptspringboot.detector.DefaultPropertyDetector;
import cn.xxxxx.config.util.SM4Util;
import org.yaml.snakeyaml.DumperOptions.FlowStyle;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.nodes.Tag;
import org.springframework.cloud.config.environment.Environment;
import org.springframework.cloud.config.environment.EnvironmentMediaType;
import org.springframework.cloud.config.environment.PropertySource;
import org.springframework.cloud.config.server.support.PathUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import static org.springframework.cloud.config.server.support.EnvironmentPropertySource.prepareEnvironment;
import static org.springframework.cloud.config.server.support.EnvironmentPropertySource.resolvePlaceholders;
@RestController
@RequestMapping(method = RequestMethod.GET,
path = "${spring.cloud.config.server.prefix:}")
public class EnvironmentController {
private DefaultPropertyDetector defaultPropertyDetector = new DefaultPropertyDetector();
.........
...........
public Environment getEnvironment(String name, String profiles, String label,
boolean includeOrigin) {
name = normalize(name);
label = normalize(label);
Environment environment = this.repository.findOne(name, profiles, label,
includeOrigin);
List<PropertySource> psList = environment.getPropertySources();
for (int i=0; i<psList.size(); i++) {
PropertySource ps = psList.get(i);
LinkedHashMap<Object,Object> map = (LinkedHashMap<Object,Object>)ps.getSource();
for(Map.Entry<Object, Object> entry : map.entrySet()) {
Object key = entry.getKey();
Object val = entry.getValue();
if(null != val && val.toString().startsWith("ENC(")) {
if(defaultPropertyDetector.isEncrypted(val.toString())) {
//System.out.println(this+"密文:"+val);
String value = defaultPropertyDetector.unwrapEncryptedValue(val.toString());
String plainText = SM4Util.decrypt(value, null);
map.put(key, plainText);
//System.out.println(this+"明文:"+plainText);
}
}
}
}
if (!this.acceptEmpty
&& (environment == null || environment.getPropertySources().isEmpty())) {
throw new EnvironmentNotFoundException("Profile Not found");
}
return environment;
}
........
.........
}