springboot配置文件加密

最新推荐文章于 2024-07-13 07:15:00 发布

空~自由

最新推荐文章于 2024-07-13 07:15:00 发布

阅读量736

点赞数 2

分类专栏： Java

本文链接：https://blog.csdn.net/liu_xue_xue/article/details/106690659

版权

Java 专栏收录该内容

48 篇文章 3 订阅

订阅专栏

主要有以下两种方式

一、通过jasypt 加解密

1.引入maven依赖

        <!-- 加密于解密 -->
        <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>2.1.0</version>
        </dependency>

2.application.yml添加如下配置

#加密解密配置
jasypt:
  encryptor:
    #密钥
    password: testl2020@jasypt
    property:
      prefix: "ENC@["
      suffix: "]"

注意：如果担心密钥配置在配置文件中不安全，则可以在springboot工程启动类中，通过System.setProperty("jasypt.encryptor.password","testl2020@jasypt");设置，操作如下：

@SpringBootApplication
public class WebApplication {

    public static void main(String[] args) {
        System.setProperty("jasypt.encryptor.password","testl2020@jasypt");
        SpringApplication.run(DataPlatformWebApplication.class, args);
    }


}

3. 对需要加密的内容进行加密

可以通过命令直接加密

java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="123456" password=linewell2020@jasypt algorithm=PBEWithMD5AndDES

通过Java程序加密



import org.jasypt.util.text.BasicTextEncryptor;

public class JasyptTest {

    public static void main(String[] args) {
        BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
        textEncryptor.setPassword("testl2020@jasypt");
        encrypt(textEncryptor);
        decrypt(textEncryptor,"Qg7LQ+dJRt391OL9TclmMw==");
        decrypt(textEncryptor,"2HSiW8ctsvFGtVgI6RusZg==");
    }
    private static void encrypt(BasicTextEncryptor textEncryptor) {

        String userName = textEncryptor.encrypt("root");
        System.out.println(userName);
        String password = textEncryptor.encrypt("123456");
        System.out.println(password);
    }

    private static void decrypt(BasicTextEncryptor textEncryptor, String obj) {
        String oldValue = textEncryptor.decrypt(obj);
        System.out.println(oldValue);
    }
}

4.配置中需要加密的内如替换

  #数据库配置    
  datasource:
    url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=true&zeroDateTimeBehavior=convertToNull
    username: root
    password: 123456
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource


##########################替换成##################################


  #数据库配置    
  datasource:
    url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=true&zeroDateTimeBehavior=convertToNull
    username: ENC@[Qg7LQ+dJRt391OL9TclmMw==]
    password: ENC@[2HSiW8ctsvFGtVgI6RusZg==]
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource

二、通过druid非对称加解密

1.引入maven

<dependency>
   <groupId>com.alibaba</groupId>
   <artifactId>druid-spring-boot-starter</artifactId>
   <version>1.1.10</version>
</dependency>

2.对需要加密内容加密

可通过命令生成

使用命令生成：java -cp druid-1.0.16.jar com.alibaba.druid.filter.config.ConfigTools you_password

通过java程序生成

public class DruidEncryptTest {

    @Test
    public void druidEncrypt() throws Exception {
        //密码明文
        String password = "123456";
        System.out.println("明文密码: " + password);
        String[] keyPair = ConfigTools.genKeyPair(512);
        //私钥
        String privateKey = keyPair[0];
        //公钥
        String publicKey = keyPair[1];

        //用私钥加密后的密文
        password = ConfigTools.encrypt(privateKey, password);

        System.out.println("privateKey:" + privateKey);
        System.out.println("publicKey:" + publicKey);

        System.out.println("password:" + password);

        String decryptPassword = ConfigTools.decrypt(publicKey, password);
        System.out.println("解密后:" + decryptPassword);
    }

}

3.修改配置文件

#---------密码加密------------------------
spring.datasource.username=root
#原密码123456
spring.datasource.password=CFJ5PUOf0GLY56E27pCPI12eHFqtFzVk/XcBN49qr1e/ya/X1eN4FtGLnaEe/7VPefF40UKPgSqFMbnfPLKAiA==
#---------开启ConfigFilter支持-----------
spring.datasource.druid.filter.config.enabled=true
#---------设置公钥------------------------
spring.datasource.publicKey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAINRom1IY639dDMD0FFw7zMsxRVABYGJnKxSpO84dyJgXaIkoTZkE1JaWE2/gtgli28vgM72UHf2EGhxbLZwzhsCAwEAAQ==
#---------设置连接属性---------------------
spring.datasource.druid.connection-properties=config.decrypt=true;config.decrypt.key=${spring.datasource.publicKey}

完整配置：

#=============jdbc dataSource=========================
spring.datasource.name=druidDataSource
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.url=jdbc:mysql://localhost:3306/test?characterEncoding=utf-8&allowMultiQueries=true&autoReconnect=true

#账号密码明文显示
#spring.datasource.username=root
#spring.datasource.password=123456

#方案一:jasypt加解密
#spring.datasource.username=ENC(Qg7LQ+dJRt391OL9TclmMw==)
#spring.datasource.password=ENC(2HSiW8ctsvFGtVgI6RusZg==)
#jasypt加密
#jasypt.encryptor.password=linewell2020@jasypt

#方案二:druid自带非对称加密
spring.datasource.username=root
spring.datasource.password=ai9lB7h4oR9AHrQzU8H38umcelX9dBmx4aSycDOgJWa/2sv5U0GzbyI9sx54sL3nJ0kGayGrTHl3N/Bp1sSJ4w==

spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.druid.initial-size=5
spring.datasource.druid.max-active=20
spring.datasource.druid.min-idle=5
spring.datasource.druid.max-wait=10
spring.datasource.druid.validationQuery=SELECT 1
spring.datasource.druid.filter.config.enabled=true
spring.datasource.publicKey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAINRom1IY639dDMD0FFw7zMsxRVABYGJnKxSpO84dyJgXaIkoTZkE1JaWE2/gtgli28vgM72UHf2EGhxbLZwzhsCAwEAAQ==
spring.datasource.druid.connection-properties=config.decrypt=true;config.decrypt.key=${spring.datasource.publicKey}