本文介绍了如何在SSM(Spring、SpringMVC、MyBatis)框架中配置加密解密数据库连接信息。首先,需要在spring-dao.xml中注释掉默认的属性替换,然后编写自定义的EncryptPropertyPlaceholderConfigurer类,继承PropertyPlaceholderConfigurer并实现加密解密的convertProperty方法。接着,在jdbc.properties文件中使用加密后的字符串。当读取配置文件时,通过自定义的转换器完成加密解密过程,确保数据库连接信息的安全。
1、在spring-dao.xml 中配置bean
需注释 <context:property-placeholder location="classpath:jdbc.properties,classpath:redis.properties"/>,默认表示从 .properties 文件中属性值以String 形式转换到配置文 件中的 ${ } 值中
<bean class="com.qhf.o2o.util.EncryptPropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:jdbc.properties</value>
<value>classpath:redis.properties</value>
</list>
</property>
<property name="fileEncoding" value="UTF-8"></property>
</bean>
<!-- 2.数据库连接池,配置C3P0 数据源 -->
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
<property name="driverClass" value="${jdbc.driverClass}"></property>
<property name="jdbcUrl" value="${jdbc.jdbcUrl}"></property>
<property name="user" value="${jdbc.username}"></property>
<property name="password" value="${jdbc.password}"></property>
</bean>
2、编写 EncryptPropertyPlaceholderConfigurer 类和 DESUtil 类
继承 PropertyPlaceholderConfigurer 类重写 convertProperty 方法来实现资源文件中属性值到配置文件中 ${ } 中的转换
public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
//需要加密的字段数组
private String[] encryptPropNames = {"jdbc.username", "jdbc.password"};
protected String convertProperty(String propertyName, String propertyValue) {
//如果加密了,则需要解密
if(isEncryptProp(propertyName)) {
String decryptValue = DESUtil.getDecryptString(propertyValue);//解密
return decryptValue;
} else {
return propertyValue;
}
}
/**
* 加密的属性名是否相等
* @param propertyName
* @return
*/
private boolean isEncryptProp(String propertyName) {
//若等于需要加密的field,则进行加密
for(String encryptpropertyName: encryptPropNames) {
if(encryptpropertyName.equals(propertyName))
return true;
}
return false;
}
}
/**
* DES 是对称加密算法,加密和解密运用同一个密匙
* @author Walker
*
*/
public class DESUtil {
private static Key key;
private static String KEY_STR = "myKey";
private static String CHARSETNAME = "UTF-8";
private static String ALGORITHM = "DES";
static {
try {
KeyGenerator generator = KeyGenerator.getInstance(ALGORITHM);//生成des算法对象
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");//运用sha1安全策略
secureRandom.setSeed(KEY_STR.getBytes());//设置密匙种子
generator.init(secureRandom);//初始化基于sha1的算法对象
key = generator.generateKey();//生成密匙对象
generator = null;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static String getEncryptString(String str) {
BASE64Encoder base64encoder = new BASE64Encoder();//基于base64编码,接收byte[]并转换成string
try {
byte[] bytes = str.getBytes(CHARSETNAME);//utf8编码
Cipher cipher = Cipher.getInstance(ALGORITHM);//获取加密对象
cipher.init(Cipher.ENCRYPT_MODE, key);//初始化加密对象
byte[] doFinal = cipher.doFinal(bytes);//加密
return base64encoder.encode(doFinal);//byte[]转换为string
} catch(Exception e) {
throw new RuntimeException(e);
}
}
public static String getDecryptString(String str) {
BASE64Decoder base64decoder = new BASE64Decoder();//基于base64编码,接收byte[]并转换成string
try {
byte[] bytes = base64decoder.decodeBuffer(str);//utf8编码
Cipher cipher = Cipher.getInstance(ALGORITHM);//获取加密对象
cipher.init(Cipher.DECRYPT_MODE, key);//初始化密码信息
byte[] doFinal = cipher.doFinal(bytes);//加密
return new String(doFinal, CHARSETNAME);
} catch(Exception e) {
throw new RuntimeException(e);
}
}
public static void main(String[] args) {
System.out.println(getEncryptString("root"));//WnplV/ietfQ=
System.out.println(getDecryptString("WnplV/ietfQ="));
System.out.println(getEncryptString("rootroot"));//u1+5PQQS+58fJAfVsP+M2w==
System.out.println(getDecryptString("u1+5PQQS+58fJAfVsP+M2w=="));
}
}
3、jdbc.properties 中修改为已经加密的字符串
jdbc.username=WnplV/ietfQ=
jdbc.password=u1+5PQQS+58fJAfVsP+M2w==
4、读取配置文件时便会配置数据库连接,因有 ${ } 值,才要用<context:property-placeholder location="classpath:jdbc.properties"/>来使该值转换为对应的jdbc.properties中的属性值,如果要自定义,则需编写类来继承 PropertyPlaceholderConfigurer 类并重写 convertProperty 方法,使得转换过程中可以加密和解密。
扫一扫
303
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
