为了使application.properties文件中的数据库连接用户名和密码保存成密文,我们做如下处理:首先使用加密程序算出密文,然后spring 加载配置文件的时候再解密,其实就是在数据库连接池调用之前进行了解密工作。
原配置文件如:
jdbc.driverClassName=oracle.jdbc.driver.OracleDriver jdbc.url=jdbc:oracle:thin:@192.168.0.1:1521:orcl jdbc.username=oracle jdbc.password=oracle
加密后的配置文件[生成此密文的秘钥和下面常量里面的秘钥不同]:
jdbc.driverClassName=eb04a2effc62b4119af9fc911259d3346835eff4edf1de6bbfd187f7a2c73828 jdbc.url=ecb893755ede111c849a884924d16f1ea3874f16546e457950d8a541d3b2aee1ce7bd2073ebd0e3f jdbc.username=ff91f4d795574a71 jdbc.password=ff91f4d795574a71
我使用的javax.crypto.Cipher加密解密类,根据项目使用不同可以随意更换自己的加密解密算法,之后添加PropertyPlaceholderConfigurer的子类,在processProperties方法中解密即可,代码如下:
import java.util.Properties;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import com.joinsoft.LoginConstants;
public class EncryptablePropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer{
private static final String key = LoginConstants.JDBC_DESC_KEY;
protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
throws BeansException {
try {
EncryptionDecryption decryption = new EncryptionDecryption(key);
String username = props.getProperty(LoginConstants.JDBC_DATASOURCE_USERNAME_KEY);
if (username != null) {
props.setProperty(LoginConstants.JDBC_DATASOURCE_USERNAME_KEY, decryption.decrypt(username));
}
String password = props.getProperty(LoginConstants.JDBC_DATASOURCE_PASSWORD_KEY);
if (password != null) {
props.setProperty(LoginConstants.JDBC_DATASOURCE_PASSWORD_KEY, decryption.decrypt(password));
}
String url = props.getProperty(LoginConstants.JDBC_DATASOURCE_URL_KEY);
if (url != null) {
props.setProperty(LoginConstants.JDBC_DATASOURCE_URL_KEY, decryption.decrypt(url));
}
String driverClassName = props.getProperty(LoginConstants.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY);
if(driverClassName != null){
props.setProperty(LoginConstants.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY, decryption.decrypt(driverClassName));
}
super.processProperties(beanFactory, props);
} catch (Exception e) {
e.printStackTrace();
throw new BeanInitializationException(e.getMessage());
}
}
}
附1,加密解密程序:
import java.security.Key;
import java.security.Security;
import javax.crypto.Cipher;
import com.sun.crypto.provider.SunJCE;
public class EncryptionDecryption {
private static String strDefaultKey = "goodluck";
private Cipher encryptCipher = null;
private Cipher decryptCipher = null;
public static String byteArr2HexStr(byte[] arrB) throws Exception {
int iLen = arrB.length;
StringBuffer sb = new StringBuffer(iLen * 2);
for (int i = 0; i < iLen; i++) {
int intTmp = arrB[i];
while (intTmp < 0) {
intTmp = intTmp + 256;
}
if (intTmp < 16) {
sb.append("0");
}
sb.append(Integer.toString(intTmp, 16));
}
return sb.toString();
}
public static byte[] hexStr2ByteArr(String strIn) throws Exception {
byte[] arrB = strIn.getBytes();
int iLen = arrB.length;
byte[] arrOut = new byte[iLen / 2];
for (int i = 0; i < iLen; i = i + 2) {
String strTmp = new String(arrB, i, 2);
arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16);
}
return arrOut;
}
public EncryptionDecryption() throws Exception {
this(strDefaultKey);
}
public EncryptionDecryption(String strKey) throws Exception {
Security.addProvider(new SunJCE());
Key key = getKey(strKey.getBytes());
encryptCipher = Cipher.getInstance("DES");
encryptCipher.init(Cipher.ENCRYPT_MODE, key);
decryptCipher = Cipher.getInstance("DES");
decryptCipher.init(Cipher.DECRYPT_MODE, key);
}
public byte[] encrypt(byte[] arrB) throws Exception {
return encryptCipher.doFinal(arrB);
}
public String encrypt(String strIn) throws Exception {
return byteArr2HexStr(encrypt(strIn.getBytes()));
}
public byte[] decrypt(byte[] arrB) throws Exception {
return decryptCipher.doFinal(arrB);
}
public String decrypt(String strIn) throws Exception {
try {
return new String(decrypt(hexStr2ByteArr(strIn)));
} catch (Exception e) {
return "";
}
}
private Key getKey(byte[] arrBTmp) throws Exception {
byte[] arrB = new byte[8];
for (int i = 0; i < arrBTmp.length && i < arrB.length; i++) {
arrB[i] = arrBTmp[i];
}
Key key = new javax.crypto.spec.SecretKeySpec(arrB, "DES");
return key;
}
}
附2,常量定义:
//jdbc文件加密
public static final String JDBC_DESC_KEY = "missyou";
public static final String JDBC_DATASOURCE_USERNAME_KEY = "jdbc.username";
public static final String JDBC_DATASOURCE_PASSWORD_KEY = "jdbc.password";
public static final String JDBC_DATASOURCE_URL_KEY = "jdbc.url";
public static final String JDBC_DATASOURCE_DRIVERCLASSNAME_KEY = "jdbc.driverClassName";