【Spring Boot】使用jasypt对数据库用户名密进行加密
有时因为安全问题,在配置文件中配置的数据库用户名和密码需要进行加密处理,Spring Boot下可以使用jasypt进行加密处理
Maven导入:
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>3.0.4</version> </dependency>
配置文件:
jasypt: encryptor: password: mykey algorithm: PBEWithMD5AndDES iv-generator-classname: org.jasypt.iv.NoIvGenerator
数据库配置:
spring: datasource: driver-class-name: dm.jdbc.driver.DmDriver url: jdbc:dm://ip:port/xxxx?zeroDateTimeBehavior=convertToNull&useUnicode=true&characterEncoding=utf-8&clobAsString=true username: ENC(xU9yNLOa0MsHQ054swj93g==) password: ENC(qYRUoMjLCVFceU+Ybl05E9u37wddzkhb)
※username和passw一定要用ENC()包起来
启动类注解:@EnableEncryptableProperties
加密方法: 执行方法中的main,即可得到加密后的配置参数
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor; import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig; public class JasyptUtil { public static void main(String[] args) { // 加密 String encPwd1 = encyptPwd("mykey", "username"); // 加密 String encPwd2 = encyptPwd("mykey", "password"); System.out.println(encPwd1); System.out.println(encPwd2); } /** * 加密方法 * @param password jasypt所需要的加密密码配置 * @param value 需要加密的密码 */ public static String encyptPwd(String password, String value) { PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor(); SimpleStringPBEConfig config = new SimpleStringPBEConfig(); config.setPassword(password); config.setAlgorithm("PBEWithMD5AndDES"); config.setKeyObtentionIterations("1000"); config.setPoolSize("1"); config.setProviderName("SunJCE"); config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator"); config.setStringOutputType("base64"); encryptor.setConfig(config); String result = encryptor.encrypt(value); return result; } }