springboot项目数据库连接信息加密(application.yml)
一,整合druid数据库密码加密功能
1.依赖引入
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.21</version>
</dependency>
2,打开jar包文件路径,终端执行命令:java -cp druid-1.2.8.jar com.alibaba.druid.filter.config.ConfigTools 数据库密码 > pwd.txt
3,打开pwd.txt文件,将生成数据库密码和公匙配置在配置文件
spring: application: name: javaSEBase datasource: username: root password: RuacV1QzH80HVwZpR5MqagLoOWbRPYPj+yXKJrfEXJxIVchnWfGpdi2PTJCAlWoi7hNN+y4hhDmiGEvdYscW4w== url: jdbc:mysql://localhost:3306/article?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai driver-class-name: com.mysql.jdbc.Driver type: com.alibaba.druid.pool.DruidDataSource
publickey: XXXXXXXXXX #druid 数据源专有配置 druid: initialSize: 5 minIdle: 5 maxActive: 20 maxWait: 60000 timeBetweenEvictionRunsMillis: 60000 minEvictableIdleTimeMillis: 300000 validationQuery: SELECT 1 FROM DUAL testWhileIdle: true testOnBorrow: false testOnReturn: false #解密这个要打开 filter: config: enabled: true #指定每个连接上PSCache的大小 maxPoolPreparedStatementPerConnectionSize: 20 #合并多个DruidDataSource的监控数据 useGlobalDataSourceStat: true #通过connectProperties属性来打开mergeSql功能;慢SQL记录;配置数据库密码解密; connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=2000;config.decrypt=true;config.decrypt.key=${spring.druid.publickey}
二,springboot使用jasypt加密密码信息
1,引入依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
2,加密
package com.zl.common.utils; import org.jasypt.encryption.StringEncryptor; import org.jasypt.encryption.pbe.PooledPBEStringEncryptor; import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig; /** * @Author lei * @Date 2022/10/28 14:10 * @Version 1.0 */ public class JasyptUtil { public static final StringEncryptor encryptor = stringEncryptor(); public static void main(String[] arg) { String name = encryptor.encrypt("root"); String password = encryptor.encrypt("123456"); //秘钥, String my = "ENCKEY"; //密码进行加密 System.out.println("加密后账号:" + name); System.out.println("加密后密码:" + password); } public static StringEncryptor stringEncryptor() { PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor(); SimpleStringPBEConfig config = new SimpleStringPBEConfig(); config.setPassword("ENCKEY"); config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256"); config.setKeyObtentionIterations("1000"); config.setPoolSize("1"); config.setProviderName("SunJCE"); config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator"); config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator"); config.setStringOutputType("base64"); encryptor.setConfig(config); return encryptor; } }
配置文件yml
jasypt: encryptor: password: aaa algorithm: PBEWITHHMACSHA512ANDAES_256 # 应用名称 spring: application: name: red_envelope datasource: driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/snatch_red_envelope?serverTimezone=Asia/Shanghai&useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&useSSL=false&allowPublicKeyRetrieval=true username: ENC(LHOktYhYZXmRbcw9PYSkyPHmWoFeRlrg/A6B5M4fkyigc8e6yglI1tXg7EKOD1o6) password: ENC(wveztKwMgrWvkBI9Z+gtr/wk2XO7fY4B6GoC6Q0bSeG0r8MPTHZQF37UxrHEkDEh) jackson: date-format: yyyy-MM-dd HH:mm:ss time-zone: GMT+8 serialization: write-dates-as-timestamps: false # 应用服务 WEB 访问端口 server: port: 8080 mybatis-plus: configuration: map-underscore-to-camel-case: true auto-mapping-behavior: full log-impl: org.apache.ibatis.logging.stdout.StdOutImpl mapper-locations: classpath:/mapper/**/*Mapper.xml global-config: # 逻辑删除配置 db-config: # 删除前 logic-not-delete-value: 1 # 删除后 logic-delete-value: 0 #配置控制台打印日志Debug logging: level: com.jd.mapper: debug
注意:java8版本会报错,不支持强加密(可以换成3版本以下,不过我m1的mac zulujdk没有问题)
解决方案
JDK8安装JCE无限强度
步骤1:
去官网下载jar包
https://www.oracle.com/java/technologies/javase-jce8-downloads.html
步骤2:
下载的两个jar包
替换掉
原来jdk下
\jdk1.8.0_91\jre\lib\security)的jar包
-------------------------
加密
PS C:\Users\Tuhuadmin\.m2\repository\org\jasypt\jasypt\1.9.3> java -cp .\jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=root password=fulfillForward algorithm=PBEWithMD5AndDES
配置
jasypt需要设置用于加密明文的密钥password,它会对input内容加密。解释下参数:
| 参数 | 说明 |
|
input |
明文密码 |
| password | 加密的盐值 |
| algorithm | 加密策略,对称加密 |
心有所想,必有回响
