【SpringCloud-ConfigServer加密配置文件中的用户和密码的另一种方法】

最新推荐文章于 2024-03-07 18:15:04 发布

bingbao

最新推荐文章于 2024-03-07 18:15:04 发布

阅读量228

点赞数 7

本文链接：https://blog.csdn.net/bingbao/article/details/136498587

版权

本文讲述了在SpringCloudConfigServer中集成jasypt-spring-boot-starter进行配置文件加密时遇到的问题，作者通过自定义加密工具类并反编译核心控制器代码，解决了加密方法不生效的问题。

摘要由CSDN通过智能技术生成

1.概述

SpringCloud-ConfigServer工程集成jasypt-spring-boot-starter对配置文件中的用户名和密码加密时，自定义的加密方法总是不生效。查不出什么原因。所以直接通过反编译代码的方式解决。

2. 导入maven依赖

<dependency>
	<groupId>com.github.ulisesbocchio</groupId>
	<artifactId>jasypt-spring-boot-starter</artifactId>
	<version>3.0.2</version>
</dependency>
<dependency>
	<groupId>com.antherd</groupId>
	<artifactId>sm-crypto</artifactId>
	<version>0.3.2</version>
</dependency>

3. 写一个加密工具类

package cn.xxx.config.util;

import com.antherd.smcrypto.sm4.Sm4;


public class SM4Util {

	/**默认key*/
    private static String dataKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
    
    /**
     * 加密
     * @param plainText 明文
     * @param key key 16 进制字符串，要求为 128 比特,如果为null则使用默认key
     * @return 返回密文
     */
    public static String  encrypt(String plainText, String key) {
    	if(null == key || key.trim().length() == 0) {
    		key = dataKey;
    	}
    	String cipherText = Sm4.encrypt(plainText, key);
    	return cipherText;
    }
    
    /**
     * 解密
     * @param cipherText 密文
     * @param key key 16 进制字符串，要求为 128 比特,如果为null则使用默认key
     * @return 返回明文
     */
    public static String  decrypt(String cipherText, String key) {
    	if(null == key || key.trim().length() == 0) {
    		key = dataKey;
    	}
    	String plainText = Sm4.decrypt(cipherText, key);
    	return plainText;
    }

}

4. 修改配置文件中需要加密的信息

把
password: xxxxxx
改为
password: ENC(xxxxxxxxxxxxxxxxxxxxxxxxx)

5. 反编译org.springframework.cloud.config.server.environment.EnvironmentController，修改部分代码


package org.springframework.cloud.config.server.environment;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

import javax.servlet.http.HttpServletResponse;

import com.antherd.smcrypto.sm4.Sm4;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.ulisesbocchio.jasyptspringboot.detector.DefaultPropertyDetector;

import cn.xxxxx.config.util.SM4Util;

import org.yaml.snakeyaml.DumperOptions.FlowStyle;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.nodes.Tag;

import org.springframework.cloud.config.environment.Environment;
import org.springframework.cloud.config.environment.EnvironmentMediaType;
import org.springframework.cloud.config.environment.PropertySource;
import org.springframework.cloud.config.server.support.PathUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import static org.springframework.cloud.config.server.support.EnvironmentPropertySource.prepareEnvironment;
import static org.springframework.cloud.config.server.support.EnvironmentPropertySource.resolvePlaceholders;


@RestController
@RequestMapping(method = RequestMethod.GET,
		path = "${spring.cloud.config.server.prefix:}")
public class EnvironmentController {
	private DefaultPropertyDetector defaultPropertyDetector = new DefaultPropertyDetector();
	
	.........
	...........

	public Environment getEnvironment(String name, String profiles, String label,
			boolean includeOrigin) {
		name = normalize(name);
		label = normalize(label);
		Environment environment = this.repository.findOne(name, profiles, label,
				includeOrigin);
		List<PropertySource> psList = environment.getPropertySources();
		for (int i=0; i<psList.size(); i++) {
			PropertySource ps = psList.get(i);
			LinkedHashMap<Object,Object> map = (LinkedHashMap<Object,Object>)ps.getSource();
			for(Map.Entry<Object, Object> entry : map.entrySet()) {
				Object key = entry.getKey();
				Object val = entry.getValue();
				
				if(null != val && val.toString().startsWith("ENC(")) {
					if(defaultPropertyDetector.isEncrypted(val.toString())) {
						//System.out.println(this+"密文:"+val);
						String value = defaultPropertyDetector.unwrapEncryptedValue(val.toString());
						String plainText = SM4Util.decrypt(value, null);
						map.put(key, plainText);
						//System.out.println(this+"明文:"+plainText);
					}
				}
			}
		}
		if (!this.acceptEmpty
				&& (environment == null || environment.getPropertySources().isEmpty())) {
			throw new EnvironmentNotFoundException("Profile Not found");
		}
		return environment;
	}

	........
	.........

}

6.结束

bingbao

关注

7
点赞
踩
4

收藏

觉得还不错? 一键收藏
0
评论
【SpringCloud-ConfigServer加密配置文件中的用户和密码的另一种方法】

SpringCloud-ConfigServer工程集成jasypt-spring-boot-starter对配置文件中的用户名和密码加密时，自定义的加密方法总是不生效。查不出什么原因。所以直接通过反编译代码的方式解决。
复制链接

扫一扫