springboot自定义加密数据库密码
具体思路
-
springboot 启动时候动态解密数据库密码
-
数据库密码在 springboot 配置文件中
-
springboot 启动完成前得到 spring.datasource.password
-
解密数据库密码
新建springboot项目
application.properties
# 应用名称
spring.application.name=demo
#下面这些内容是为了让MyBatis映射
#指定Mybatis的Mapper文件
mybatis.mapper-locations=classpath:mappers/*xml
#指定Mybatis的实体目录
mybatis.type-aliases-package=com.example.demo.mybatis.entity
# 应用服务 WEB 访问端口
server.port=8080
# 数据库驱动:
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
# 数据源名称
spring.datasource.name=defaultDataSource
# 数据库连接地址
spring.datasource.url=jdbc:mysql://192.168.56.10:3306/zhenhe?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai
# 数据库用户名&密码:
spring.datasource.username=root
spring.datasource.password=032cd8ba6bc515c2e7986e6dfa0918a6
实现 EnvironmentPostProccessor
MySqlPasswordSecurityProcessor.java
package com.example.config;
import cn.hutool.core.map.MapUtil;
import cn.hutool.crypto.Mode;
import cn.hutool.crypto.Padding;
import cn.hutool.crypto.symmetric.AES;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.boot.env.OriginTrackedMapPropertySource;
import org.springframework.core.Ordered;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.PropertySource;
import java.util.HashMap;
/**
* 1.定义 EnvironmentPostProcessor
* 2.项目中定义 META-INF/spring.factories , 声明 自定义 的 EnvironmentPostProcessor
*/
public class MySqlPasswordSecurityProcessor implements EnvironmentPostProcessor
// , Ordered
{
public static final String SPRING_DATASOURCE_PASSWORD = "spring.datasource.password";
public static final AES AES = new AES(Mode.CBC, Padding.PKCS5Padding,
"1234567890123456".getBytes(), "1234567890123456".getBytes());
@Override
public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) {
System.out.println("environment = " + environment + ", application = " + application);
System.out.println(environment.getPropertySources());
for (PropertySource<?> propertySource : environment.getPropertySources()) {
/**
* ConfigurationPropertySourcesPropertySource {name='configurationProperties'}
* StubPropertySource {name='servletConfigInitParams'}
* StubPropertySource {name='servletContextInitParams'}
* PropertiesPropertySource {name='systemProperties'}
* OriginAwareSystemEnvironmentPropertySource {name='systemEnvironment'}
* RandomValuePropertySource {name='random'}
* OriginTrackedMapPropertySource {name='applicationConfig: [classpath:/application.properties]'}
*/
// AES aes = new AES(Mode.CBC, Padding.PKCS5Padding,
// "1234567890123456".getBytes(), "1234567890123456".getBytes());
// String encryptHex = aes.encryptHex("root");
// System.out.println(encryptHex);
// System.out.println(aes.decryptStr(encryptHex));
if(propertySource instanceof OriginTrackedMapPropertySource){
// System.out.println(Arrays.toString(((OriginTrackedMapPropertySource) propertySource).getPropertyNames()));
/**
[spring.application.name, mybatis.mapper-locations, mybatis.type-aliases-package, server.port, spring.datasource.driver-class-name, spring.datasource.name, spring.datasource.url, spring.datasource.username, spring.datasource.password]
*/
String password = (String) propertySource.getProperty(SPRING_DATASOURCE_PASSWORD);
System.out.println("加密的密码 : "+password);
HashMap<Object, Object> map = MapUtil.newHashMap(1);
map.put(SPRING_DATASOURCE_PASSWORD,AES.decryptStr(password));
System.out.println("解密后的密码: "+AES.decryptStr(password));
OriginTrackedMapPropertySource originTrackedMapPropertySource = new OriginTrackedMapPropertySource(SPRING_DATASOURCE_PASSWORD,
map);
environment.getPropertySources().addFirst(originTrackedMapPropertySource);
}
}
}
// @Override
// public int getOrder() {
// return Ordered.HIGHEST_PRECEDENCE + 1;
return Ordered.HIGHEST_PRECEDENCE + 10+1;
// }
}
添加自定义 EnvironmentPostProcessor 到 spring.factories
src/main/resources/META-INF/spring.factories
org.springframework.boot.env.EnvironmentPostProcessor=com.example.config.MySqlPasswordSecurityProcessor
控制台打印
environment = StandardServletEnvironment {activeProfiles=[], defaultProfiles=[default], propertySources=[ConfigurationPropertySourcesPropertySource {name=‘configurationProperties’}, StubPropertySource {name=‘servletConfigInitParams’}, StubPropertySource {name=‘servletContextInitParams’}, PropertiesPropertySource {name=‘systemProperties’}, OriginAwareSystemEnvironmentPropertySource {name=‘systemEnvironment’}, RandomValuePropertySource {name=‘random’}, OriginTrackedMapPropertySource {name=‘applicationConfig: [classpath:/application.properties]’}]}, application = org.springframework.boot.SpringApplication@4a00d9cf
[ConfigurationPropertySourcesPropertySource {name=‘configurationProperties’}, StubPropertySource {name=‘servletConfigInitParams’}, StubPropertySource {name=‘servletContextInitParams’}, PropertiesPropertySource {name=‘systemProperties’}, OriginAwareSystemEnvironmentPropertySource {name=‘systemEnvironment’}, RandomValuePropertySource {name=‘random’}, OriginTrackedMapPropertySource {name=‘applicationConfig: [classpath:/application.properties]’}]
加密的密码 : 032cd8ba6bc515c2e7986e6dfa0918a6
解密后的密码: root
其它插件推荐
参考网址:
https://javazhiyin.blog.csdn.net/article/details/124521578
相关 maven 依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
```