源码:https://github.com/ulisesbocchio/jasypt-spring-boot
1.引入依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>1.17</version>
</dependency>
这个对应的springboot版本是1.5.4.RELEASE到2.0以下
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
这个对应的springboot版本是2.xRELEASE
2.在配置文件中配置盐(自已定义)
jasypt.encryptor.password=jasypt
如果觉得放在配置文件不安全,可以在启动jar的时候带上:
java -Djasypt.encryptor.password=jasypt -jar xxx.jar 或者
java -jar xxx.jar --jasypt.encryptor.password=jasypt
3.获取加密字符串
第一种方式:使用测试类
import org.jasypt.encryption.StringEncryptor;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class JasyptTest {
@Autowired
private StringEncryptor stringEncryptor;
@Test
public void encryptPwd() {
//加密123456
String result = stringEncryptor.encrypt("123456");
System.out.println(result);
}
}
第二种方式:使用工具类
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
/**
* @author shuzhuo
* @date 2019/1/9 9:56
*/
public class JasyptUtil {
/**
* Jasypt生成加密结果
* @param password 配置文件中设定的加密密
* @param value 加密值
* @return
*/
public static String encyptPwd(String password,String value){
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setConfig(cryptor(password));
String result = encryptor.encrypt(value);
return result;
}
/**
* 解密
* @param password 配置文件中设定的加密密码
* @param value 解密密文
* @return
*/
public static String decyptPwd(String password,String value){
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setConfig(cryptor(password));
String result = encryptor.decrypt(value);
return result;
}
public static SimpleStringPBEConfig cryptor(String password){
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(password);
config.setAlgorithm("PBEWithMD5AndDES");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
return config;
}
public static void main(String[] args){
//加密
System.out.println(encyptPwd("jasypt","123456"));
//解密
System.out.println(decyptPwd("jasypt","lnzpDZItgjAntHqsYPFTew=="));
}
}
4.将生成的加密密匙配置在配置文件中即可,ENC 是约定的关键字,在启动时会解析所有 PropertySource 中的加密属性。
4.1 这里更改yml配置中连接数据库的密码
spring:
datasource:
password: ENC(lnzpDZItgjAntHqsYPFTew==)
5.测试取值
编写一个配置类ConfigT
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
/**
* Created by yusy02 on 2020/02/29 11:58
*/
@Component
public class ConfigT {
@Value("${spring.datasource.password}")
String name;
public void getName() {
System.out.println("password----"+name);
}
}
测试取值:
@RunWith(SpringRunner.class)
@SpringBootTest
public class DeldemoApplicationTests {
// @Autowired
// DruidDataSource druidDataSource;
@Autowired
ConfigT configT;
@Test
public void contextLoads() {
configT.getName();
}
}
可以发现,打印出来的就是之前的值
最后启动应用就可以了;
如果在启动应用的时候,获取到的不是原值,那么可以考虑增加配置jasyp环境:
As of version 1.7 1.15, a 4th method of enabling encryptable properties
exists for some special cases. A custom ConfigurableEnvironment class is provided:
EncryptableEnvironment StandardEncryptableEnvironment and StandardEncryptableServletEnvironment
that can be used with SpringApplicationBuilder to define the custom environment this way:
new SpringApplicationBuilder()
.environment(new StandardEncryptableEnvironment())
.sources(YourApplicationClass.class).run(args);
参考:
https://blog.csdn.net/chenshuzhuo/article/details/86154293
https://www.jianshu.com/p/838f4d2b926a