前提
JDK:1.8
spring-cloud-starter-bootstrap:3.1.5
boot:2.7.6
加解密nacos配置文件密码项
1.添加jasypt依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot</artifactId>
<version>3.0.5</version>
</dependency>
2.使用工具类生成密码
public class JasyptUtil {
/**
* Jasypt生成加密结果
*
* @param salt 配置文件中设定的加密密码 (盐)jasypt.encryptor.password
* @param source 待加密值
* @return
*/
public static String encryptPwd(String salt, String source) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr(salt));
return encryptOr.encrypt(source);
}
/**
* 解密
*
* @param password 配置文件中设定的加密密码(盐) jasypt.encryptor.password
* @param password 待解密密文
* @return
*/
public static String decryptPwd(String salt, String password) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr(salt));
return encryptOr.decrypt(password);
}
/**
* 默认配置,可以根据启动项目时日志看到默认的项
* @param password
* @return
*/
public static SimpleStringPBEConfig cryptOr(String password) {
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(password);
config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName(null);
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
config.setStringOutputType("base64");
return config;
}
}
加解密nacos连接密码
重写NacosConfigProperties读取密码
import com.alibaba.cloud.nacos.NacosConfigProperties;
import org.apache.commons.lang3.StringUtils;
import org.springframework.boot.context.properties.ConfigurationProperties;
import javax.annotation.PostConstruct;
@ConfigurationProperties(NacosConfigProperties.PREFIX)
public class CustomNacosConfigProperties extends NacosConfigProperties {
@Override
@PostConstruct
public void init() {
super.init();
if (!StringUtils.isEmpty(this.getPassword())) {
String salt = this.getEnvironment().resolveRequiredPlaceholders("${jasypt.encryptor.password:}");
this.setPassword(JasyptUtil.decyptPwd(salt,this.getPassword()));
}
}
}
import com.alibaba.cloud.nacos.NacosConfigProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class CustomNacosBootstrapAutoConfig {
@Bean
public NacosConfigProperties nacosConfigProperties() {
return new CustomNacosConfigProperties();
}
}
重写NacosDiscoveryProperties读取密码
import com.alibaba.cloud.nacos.NacosDiscoveryProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.core.env.Environment;
@ConfigurationProperties(NacosDiscoveryProperties.PREFIX)
public class CustomNacosDiscoveryProperties extends NacosDiscoveryProperties {
@Override
public void overrideFromEnv(Environment env) {
super.overrideFromEnv(env);
String salt = env.resolveRequiredPlaceholders("${jasypt.encryptor.password:}");
this.setPassword(JasyptUtil.decyptPwd(salt,this.getPassword()));
}
}
import com.alibaba.cloud.nacos.NacosDiscoveryProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class CustomNacosConfiguration {
@Bean
public NacosDiscoveryProperties nacosDiscoveryProperties() {
return new CustomNacosDiscoveryProperties();
}
}
添加文件
注意对应CustomNacosBootstrapAutoConfig的包名
org.springframework.cloud.bootstrap.BootstrapConfiguration=xx.xx.xx.CustomNacosBootstrapAutoConfig