对web项目数据库user pwd实行加密
思路:1.写properties配置文件,导入el变量
2.加密properties文件user,pwd
3.在spring加载器解密
1.jdbc.properties配置文件
driverClassName=oracle.jdbc.driver.OracleDriver
url=MyuOSAj6tbjyR9+19rwt9bGkRwEVfqUIYYdzeYgYtbiGRTn8GG
#username=加密后user
#password=加密后pwd
username=WnplV/ietfQ=
password=QAHlVoUc49w=
2.applicationContext.xml配置文件
<!-- 使用加密配置-->
<bean id="propertyConfig" class="com.spring.util.PropertyPlaceholderConfigurerExt">
<!--此类为自定义类-->
<property name="locations">
<list>
<value>classpath*:jdbc.properties</value>
</list>
</property>
</bean>
<!--dataSource-->
<property name="driverClass" value="${driverClassName}" />
<property name="jdbcUrl" value="${url}" />
<property name="user" value="${username}" />
<property name="password" value="${password}" />
3.1加密算法
使用DEC可逆加密方式,导入 sun.misc.BASE64Decoder.jar
DECUtils.java加密文件
package com.spring.util;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class DESUtils {
private static Key key;
private static String KEY_STR = "myKey";// 密钥
private static String CHARSETNAME = "UTF-8";// 编码
private static String ALGORITHM = "DES";// 加密类型
static {
try {
KeyGenerator generator = KeyGenerator.getInstance(ALGORITHM);
generator.init(new SecureRandom(KEY_STR.getBytes()));
key = generator.generateKey();
generator = null;
} catch (Exception e) {
// TODO: handle exception
throw new RuntimeException(e);
}
}
/**
* 对str进行DES加密
*
* @param str
* @return
*/
public static String getEncryptString(String str) {
BASE64Encoder base64encoder = new BASE64Encoder();
try {
byte[] bytes = str.getBytes(CHARSETNAME);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] doFinal = cipher.doFinal(bytes);
return base64encoder.encode(doFinal);
} catch (Exception e) {
// TODO: handle exception
throw new RuntimeException(e);
}
}
/**
* 对str进行DES解密
*
* @param str
* @return
*/
public static String getDecryptString(String str) {
BASE64Decoder base64decoder = new BASE64Decoder();
try {
byte[] bytes = base64decoder.decodeBuffer(str);
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] doFinal = cipher.doFinal(bytes);
return new String(doFinal, CHARSETNAME);
} catch (Exception e) {
// TODO: handle exception
throw new RuntimeException(e);
}
}
}
3.2 重写spring加载器
PropertyPlaceholderConfigurerExt.java
package com.spring.util;
import java.util.Properties;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
public class PropertyPlaceholderConfigurerExt extends PropertyPlaceholderConfigurer{
/**
*
* 重写spring加载器 载入自定义参数
* */
@Override
protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
throws BeansException {
String url = props.getProperty("url");
String username = props.getProperty("username");
String password = props.getProperty("password");
if (password != null && username != null) {
//解密jdbc.password属性值,并重新设置
props.setProperty("url", DESUtils.getDecryptString(url));
props.setProperty("username", DESUtils.getDecryptString(username));
props.setProperty("password", DESUtils.getDecryptString(password));
}
super.processProperties(beanFactory, props);
}
}
以上
—2017/02/14更新
发现一个新问题,当整合MyBatis时,加密数据key解析失败 并报错505Connections could not be acquired from the underlying database!
解决方案:更改mapper bean的property 因为之前的写法在初始化时就加载url,user,pwd
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="up.dao"></property>
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" />
<!-- 因为使用了加密 所以连接驱动要改变 -->
<!-- <property name="sqlSessionFactory" ref="sqlSessionFactory"></property> -->
</bean>
以上