SSM框架和SpringBoot的加密
SSM框架和SpringBoot的加密:
1) SSM框架的加密(Druid加密):
目的:防止过多人知道数据库密码,造成公司不必要的损失
步骤:
第一步:根据阿里的jar(druid-1.1.9.jar版本可以自己查),生成密匙
1)CMD命令进入E:\01-Application\02-Maven\.m2\repository\com\alibaba\druid\1.1.9
该路径为本地仓库druid的jar包存放路径
2)执行命令:java -cp .\druid-1.1.9.jar com.alibaba.druid.filter.config.ConfigTools root,
其中root为待加密的明文密码
3)取生成的publicKey和password到配置文件中即可
第二步:配置数据源
1) 数据源配置[spring-mybatis.xml文件]
<!-- 配置数据源 -->
<bean name="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
init-method="init" destroy-method="close">
<property name="driverClassName" value="${jdbc.driver}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
<!-- 配置初始化大小、最小、最大 -->
<property name="initialSize" value="${jdbc.pool.init}" />
<property name="minIdle" value="${jdbc.pool.minIdle}" />
<property name="maxActive" value="${jdbc.pool.maxActive}" />
<!-- 配置获取连接等待超时的时间 -->
<property name="maxWait" value="60000" />
<!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
<property name="timeBetweenEvictionRunsMillis" value="60000" />
<!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
<property name="minEvictableIdleTimeMillis" value="300000" />
<property name="validationQuery" value="${jdbc.validation.query}" />
<property name="testWhileIdle" value="true" />
<property name="testOnBorrow" value="false" />
<property name="testOnReturn" value="false" />
<!-- 打开PSCache,并且指定每个连接上PSCache的大小(Oracle使用)
<property name="poolPreparedStatements" value="true" />
<property name="maxPoolPreparedStatementPerConnectionSize" value="20" /> -->
<!-- 配置监控统计拦截的filters 此处为druid加密检查-->
<!--<property name="filters" value="stat" /> -->
<property name="filters" value="${jdbc.filters}" />
<property name="connectionProperties" value="${jdbc.connectionProperties}"/>
</bean>
2)数据库配置[ms.properties 一般为项目.properties配置文件]
#mysql
jdbc.type=mysql
jdbc.driver=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/test_cmsnewdb?
useUnicode=true&characterEncoding=utf8
&zeroDateTimeBehavior=convertToNull
&autoReconnect=true&allowMultiQueries=true
jdbc.username=test_cmsnewdb
jdbc.password= DwVqlwsQ4DO3cNBYh3E4d+K0buSzX9ICy+wS
KwODDcmXMy8XAGwymQivLoCB mAnI4wDRlN5uds2
5uFN9dsVACw==
#此处为druid加密检查
jdbc.filters=stat,configjdbc.connectionProperties=config.decrypt=true;
config.decrypt.key=${jdbc.publicKey}
jdbc.publicKey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAIv1DA8byv/lmR1
LlR3cbl3BQ/WPKjRy+/o49QDrd3bUFQaXpzPil2dE9+h1MmXgje
2URYfKwluOLVVGBnL01q0CAwEAAQ==
2)SpringBoot使用jasypt-spring-boot-starter加密
步骤:
1)导入Maven依赖(注意,我的springboot版本为1.5.9,建议最好版本别相差太多,否则
会出现依赖冲突等问题)
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>1.16</version>
</dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>1.16</version>
</dependency>
2)编写测试类
package cn.test;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentPBEConfig;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.test.context.junit4.SpringRunner;
import org.jasypt.encryption.pbe.config.EnvironmentPBEConfig;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.test.context.junit4.SpringRunner;
import com.blog.springboot.Application;
import com.blog.springboot.service.UsersService;
import com.blog.springboot.service.UsersService;
import cn.hutool.core.util.RandomUtil;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
public class JunitTest {
@RunWith(SpringRunner.class)
@SpringBootTest(classes = Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
public class JunitTest {
@Test
public void testEncrypt() throws Exception {
StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
EnvironmentPBEConfig config = new EnvironmentPBEConfig();
config.setAlgorithm("PBEWithMD5AndDES"); // 加密的算法,这个算法是默认的
config.setPassword("lyh"); // 加密的密钥
standardPBEStringEncryptor.setConfig(config);
//加密用户信息
String plainText = "youcong";
String encryptedText = standardPBEStringEncryptor.encrypt(plainText);
//加密密码信息
String Enpassword = "youcong";
String EnpasswordText = standardPBEStringEncryptor.encrypt(Enpassword);
String db="wordpress";
String dbEnc = standardPBEStringEncryptor.encrypt(db);
//加密地址信息
String DBAUrl = "jdbc:mysql://localhost:3306/blog?autoReconnect=true&useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=false";
String DBAUrlText = standardPBEStringEncryptor.encrypt(DBAUrl);
System.out.println("用户:"+encryptedText);
System.out.println("密码:"+EnpasswordText);
System.out.println("地址:"+DBAUrlText);
System.out.println("db:"+dbEnc);
}
}
3)在springboot的配置文件添加如下配置(这里我以application.yml配置为例)
jasypt:
encryptor:
password: lyh
encryptor:
password: lyh
问:为什么要加这段?
答:这里的password对应的值lyh相当于密钥,主要用于解密。
你在单元测试中以什么作为加密,那么在yml中就以什么作为解密。
4)配置application.yml中的数据源(ENC相当于告诉程序需要解密操作)
datasource:
url:
url:
ENC(cY3NmQF349TpBB0z0KavaiEPNDux/mKEss0UFeA11VTFC545
rHh6t1rLC46GlX1b2rm8s5lzX49JmzFE4odcSiPa
fGZfQvnsHl2yVlLWM3kJg5DvVI4D0l5na3RUPTio4uz1
gG9nML1u9ceHuj/yPb1097ZZfbCUsLSyRoeWvhhKuPxAM5
mvGLZh641ArtVfRchNcdVZ1W4=)
username: ENC(BcbIdbvEq4yN8kezH5mDjg==)
password: ENC(Isk3pYM71258wxWTQOt3Dg==)
db-name: ENC(CZcfw3ZJN6TVCVxkCW9Ey6z6iAuszHO8)
filters: log4j,wall,mergeStat1
username: ENC(BcbIdbvEq4yN8kezH5mDjg==)
password: ENC(Isk3pYM71258wxWTQOt3Dg==)
db-name: ENC(CZcfw3ZJN6TVCVxkCW9Ey6z6iAuszHO8)
filters: log4j,wall,mergeStat1