SSM框架和SpringBoot的加密

SSM框架和SpringBoot的加密:
  1) SSM框架的加密(Druid加密):
      目的:防止过多人知道数据库密码,造成公司不必要的损失
      步骤:
          第一步:根据阿里的jar(druid-1.1.9.jar版本可以自己查),生成密匙
                 1)CMD命令进入E:\01-Application\02-Maven\.m2\repository\com\alibaba\druid\1.1.9                   
                       该路径为本地仓库druid的jar包存放路径   
                  2)执行命令:java -cp .\druid-1.1.9.jar com.alibaba.druid.filter.config.ConfigTools root,
                        其中root为待加密的明文密码  
                  3)取生成的publicKey和password到配置文件中即可
 
          第二步:配置数据源
               1) 数据源配置[spring-mybatis.xml文件]
                 <!-- 配置数据源 -->
                 <bean name="dataSource" class="com.alibaba.druid.pool.DruidDataSource"                
                             init-method="init" destroy-method="close">
                     <property name="driverClassName" value="${jdbc.driver}" />
                      <property name="url" value="${jdbc.url}" />
                      <property name="username" value="${jdbc.username}" />
                      <property name="password" value="${jdbc.password}" />
 
                      <!-- 配置初始化大小、最小、最大 -->
                      <property name="initialSize" value="${jdbc.pool.init}" />     
                      <property name="minIdle" value="${jdbc.pool.minIdle}" />      
                       <property name="maxActive" value="${jdbc.pool.maxActive}" />
                       <!-- 配置获取连接等待超时的时间 -->
                        <property name="maxWait" value="60000" />
                        <!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
                       <property name="timeBetweenEvictionRunsMillis" value="60000" />
                        <!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
                        <property name="minEvictableIdleTimeMillis" value="300000" />
                        <property name="validationQuery" value="${jdbc.validation.query}" />
                        <property name="testWhileIdle" value="true" />
                        <property name="testOnBorrow" value="false" />
                        <property name="testOnReturn" value="false" />
                        <!-- 打开PSCache,并且指定每个连接上PSCache的大小(Oracle使用)
                        <property name="poolPreparedStatements" value="true" />
                       <property name="maxPoolPreparedStatementPerConnectionSize" value="20" /> -->
                       <!-- 配置监控统计拦截的filters 此处为druid加密检查-->    
                      <!--<property name="filters" value="stat" /> -->
                       <property name="filters" value="${jdbc.filters}" />
                        <property name="connectionProperties" value="${jdbc.connectionProperties}"/>            
                   </bean>
 
                2)数据库配置[ms.properties 一般为项目.properties配置文件]
                    #mysql
                    jdbc.type=mysql
                    jdbc.driver=com.mysql.jdbc.Driver
                    jdbc.url=jdbc:mysql://localhost:3306/test_cmsnewdb?
                                 useUnicode=true&characterEncoding=utf8
                                 &zeroDateTimeBehavior=convertToNull
                                 &autoReconnect=true&allowMultiQueries=true
                    jdbc.username=test_cmsnewdb
                    jdbc.password= DwVqlwsQ4DO3cNBYh3E4d+K0buSzX9ICy+wS
                                             KwODDcmXMy8XAGwymQivLoCB mAnI4wDRlN5uds2
                                             5uFN9dsVACw==
                   #此处为druid加密检查
                   jdbc.filters=stat,configjdbc.connectionProperties=config.decrypt=true;
                                        config.decrypt.key=${jdbc.publicKey}
                    jdbc.publicKey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAIv1DA8byv/lmR1
                                             LlR3cbl3BQ/WPKjRy+/o49QDrd3bUFQaXpzPil2dE9+h1MmXgje
                                             2URYfKwluOLVVGBnL01q0CAwEAAQ==
 
 
    2)SpringBoot使用jasypt-spring-boot-starter加密
         步骤:
                1)导入Maven依赖(注意,我的springboot版本为1.5.9,建议最好版本别相差太多,否则                  
                      会出现依赖冲突等问题)    
                      <dependency>
                          <groupId>com.github.ulisesbocchio</groupId>
                          <artifactId>jasypt-spring-boot-starter</artifactId>
                          <version>1.16</version>
                       </dependency>
                 2)编写测试类

package cn.test;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentPBEConfig;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.test.context.junit4.SpringRunner;
import com.blog.springboot.Application;
import com.blog.springboot.service.UsersService;
import cn.hutool.core.util.RandomUtil;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
public class JunitTest {

    @Test
    public void testEncrypt() throws Exception {
            StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
            EnvironmentPBEConfig config = new EnvironmentPBEConfig();
            config.setAlgorithm("PBEWithMD5AndDES");          // 加密的算法,这个算法是默认的
            config.setPassword("lyh");                        // 加密的密钥
            standardPBEStringEncryptor.setConfig(config);
            //加密用户信息
            String plainText = "youcong";
            String encryptedText = standardPBEStringEncryptor.encrypt(plainText);
            //加密密码信息
            String Enpassword = "youcong";
            String EnpasswordText = standardPBEStringEncryptor.encrypt(Enpassword);
            String db="wordpress";
            String dbEnc = standardPBEStringEncryptor.encrypt(db);
            //加密地址信息
            String DBAUrl = "jdbc:mysql://localhost:3306/blog?autoReconnect=true&useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=false";
            String DBAUrlText = standardPBEStringEncryptor.encrypt(DBAUrl);
            System.out.println("用户:"+encryptedText);
            System.out.println("密码:"+EnpasswordText);
            System.out.println("地址:"+DBAUrlText);
            System.out.println("db:"+dbEnc);
        }
}
 
3)在springboot的配置文件添加如下配置(这里我以application.yml配置为例)
                    jasypt:
                         encryptor:
                               password: lyh
                     
                     问:为什么要加这段?
                     答:这里的password对应的值lyh相当于密钥,主要用于解密。
                         你在单元测试中以什么作为加密,那么在yml中就以什么作为解密。
 
                 4)配置application.yml中的数据源(ENC相当于告诉程序需要解密操作)
                    datasource:
                        url:     
                             ENC(cY3NmQF349TpBB0z0KavaiEPNDux/mKEss0UFeA11VTFC545
                                      rHh6t1rLC46GlX1b2rm8s5lzX49JmzFE4odcSiPa
                                      fGZfQvnsHl2yVlLWM3kJg5DvVI4D0l5na3RUPTio4uz1
                                      gG9nML1u9ceHuj/yPb1097ZZfbCUsLSyRoeWvhhKuPxAM5
                                      mvGLZh641ArtVfRchNcdVZ1W4=)
                    username: ENC(BcbIdbvEq4yN8kezH5mDjg==)
                    password:  ENC(Isk3pYM71258wxWTQOt3Dg==)
                    db-name:   ENC(CZcfw3ZJN6TVCVxkCW9Ey6z6iAuszHO8)
                    filters: log4j,wall,mergeStat1   
 
posted @ 2020-07-17 17:07  小窝蜗  阅读(367)  评论(0编辑  收藏  举报