一、说明
我们在写Springboot项目时候,配置文件中需要配置数据库连接,用户名和密码都是明文配置的。这样做很不安全,容易密码泄露。
二、加密方案
1、加密方案有好多种,下来介绍一种本人用的,比较简单的加密方法。
2、使用说明:
使用密码加密工具类,生成加密后的字符串,配置到你的项目配置文件中,项目启动后,springboot项目会根据你写的解密方法去自行解密,从而链接到你的数据库。
三、相关代码
1、application.yml
spring:
datasource:
url: jdbc:mysql://127.0.0.1:3306/patient?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=UTC
username: test
password: oiWRKCcmZH/pQes5KH03kgVSHza7OK/G
jpa:
hibernate:
ddl-auto: update
show-sql: true
2、密码加密工具类
package com.jianqi.HL7Service.config;
import org.jasypt.properties.PropertyValueEncryptionUtils;
import org.jasypt.util.text.BasicTextEncryptor;
public final class JasyptEncryptorUtils {
private static final String salt = "test666";
private static BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
static {
basicTextEncryptor.setPassword(salt);
}
private JasyptEncryptorUtils(){}
/**
* 明文加密
* @param plaintext
* @return
*/
public static String encode(String plaintext){
System.out.println("明文字符串:" + plaintext);
String ciphertext = basicTextEncryptor.encrypt(plaintext);
return ciphertext;
}
/**
* 解密
* @param ciphertext
* @return
*/
public static String decode(String ciphertext){
ciphertext = "ENC(" + ciphertext + ")";
if (PropertyValueEncryptionUtils.isEncryptedValue(ciphertext)){
String plaintext = PropertyValueEncryptionUtils.decrypt(ciphertext,basicTextEncryptor);
return plaintext;
}
System.out.println("解密失败");
return "";
}
public static void main(String[] args) {
// 需要加密的明文
String plaintext = "patient113";
// 加密明文
String encryptedText = JasyptEncryptorUtils.encode(plaintext);
System.out.println("加密后字符串:" + encryptedText);
// 解密密文
String decryptedText = JasyptEncryptorUtils.decode(encryptedText);
System.out.println("解密后的字符串:" + decryptedText);
}
}
3、数据库配置类
package com.jianqi.HL7Service.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.boot.jdbc.DataSourceBuilder;
import javax.sql.DataSource;
@Configuration
@EnableJpaRepositories(basePackages = "com.jianqi.HL7Service.repository")
@EnableTransactionManagement
public class DatabaseConfig {
@Value("${spring.datasource.url}")
private String dbUrl;
@Value("${spring.datasource.username}")
private String dbUsername;
@Value("${spring.datasource.password}")
private String dbEncryptedPassword;
@Bean
public DataSource dataSource() {
// 使用 JasyptEncryptorUtils 解密数据库密码
String dbPassword = JasyptEncryptorUtils.decode(dbEncryptedPassword);
return DataSourceBuilder.create()
.url(dbUrl)
.username(dbUsername)
.password(dbPassword)
.build();
}
@Bean
public PlatformTransactionManager transactionManager() {
JpaTransactionManager transactionManager = new JpaTransactionManager();
transactionManager.setDataSource(dataSource());
return transactionManager;
}
}