Java 开发时,经常涉及到读取Properties配置文件来加载一些配置信息,但是一些敏感信息,比如:登陆密码,数据库访问密码等,就会暴露在配置文件里面。
现介绍一种加密方法Jasypt框架,来实现对敏感信息的加密。
1,通过Java代码实现
先将明文密码加密:
StandardPBEStringEncryptor encrypter = new StandardPBEStringEncryptor();
//密钥
encrypter.setPassword("1234567890");
String newPassword = encrypter.encrypt("BB2012");
System.out.println(newPassword);
将加密密文配置到配置文件:
# setting of c3p0
c3p0.driverClass=oracle.jdbc.driver.OracleDriver
c3p0.jdbcUrl=jdbc:oracle:thin:@172.16.27.34:1521:vmdb
c3p0.user=BB_BGW
c3p0.password=ENC(s+x/tTsknpvuTSRy/xoTUw==)
解密处理类:(密钥暂时写死,生产上会单独配置)
package com.bestpay.sag.common;
import java.io.InputStream;
import java.util.Properties;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.properties.EncryptableProperties;
/*
* @author weizhi
*
* @Date 20130710
*/
public class DbUtil {
private static DbUtil instance = new DbUtil();
// 密钥
private static String KEY = "1234567890";
private static StandardPBEStringEncryptor encryptor;
private static Properties p;
public static DbUtil getInstance() {
return instance;
}
static {
initProperties();
}
// 初始化配置
public static void initProperties() {
try {
encryptor = new StandardPBEStringEncryptor();
encryptor.setPassword(KEY);
InputStream in = ClassLoader
.getSystemResourceAsStream("c3p0.properties");
p = new EncryptableProperties(encryptor);
p.load(in);
} catch (Exception e) {
e.printStackTrace();
}
}
// 取Properties Value值
public String getValue(String name) {
try {
String pass = p.getProperty(name);
return pass;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
解梦结果:
public class TestEncrypt {
/**
* @param args
*/
public static void main(String[] args) {
System.out.println(DbUtil.getInstance().getValue("c3p0.password"));
}
}
output : BB2013
2.Spring方式实现
配置文件c3p0配置密文
Spring applicationContext.xml配置增加如下配置:
<bean id="environmentVariablesConfiguration"
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<!-- 指定加密算法: PBEWithMD5AndDES -->
<property name="algorithm" value="PBEWithMD5AndDES" />
<!--指定密钥:PTSPASSWORD-->
<property name="password" value="1234567890" />
</bean>
<!--指定加密类: StandardPBEStringEncryptor -->
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config" ref="environmentVariablesConfiguration" />
</bean>
<!--指定要已被加密的属性文件c3p0.properties Jasypt集成了对spring的属性文件解密 -->
<bean id="propertyConfigurer"
class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="locations">
<list>
<value>c3p0.properties</value>
</list>
</property>
</bean>