springboot项目数据库连接信息加密(application.yml)

一,整合druid数据库密码加密功能

1.依赖引入

<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>druid-spring-boot-starter</artifactId>
    <version>1.1.21</version>
</dependency>

2,打开jar包文件路径,终端执行命令:java -cp druid-1.2.8.jar com.alibaba.druid.filter.config.ConfigTools 数据库密码 > pwd.txt

 

 

 3,打开pwd.txt文件,将生成数据库密码和公匙配置在配置文件

spring:
  application:
    name: javaSEBase

  datasource:
    username: root
    password: RuacV1QzH80HVwZpR5MqagLoOWbRPYPj+yXKJrfEXJxIVchnWfGpdi2PTJCAlWoi7hNN+y4hhDmiGEvdYscW4w==
    url: jdbc:mysql://localhost:3306/article?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource
   publickey: XXXXXXXXXX #druid 数据源专有配置 druid: initialSize:
5 minIdle: 5 maxActive: 20 maxWait: 60000 timeBetweenEvictionRunsMillis: 60000 minEvictableIdleTimeMillis: 300000 validationQuery: SELECT 1 FROM DUAL testWhileIdle: true testOnBorrow: false testOnReturn: false #解密这个要打开 filter: config: enabled: true #指定每个连接上PSCache的大小 maxPoolPreparedStatementPerConnectionSize: 20 #合并多个DruidDataSource的监控数据 useGlobalDataSourceStat: true #通过connectProperties属性来打开mergeSql功能;慢SQL记录;配置数据库密码解密; connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=2000;config.decrypt=true;config.decrypt.key=${spring.druid.publickey}

 

二,springboot使用jasypt加密密码信息

1,引入依赖

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.4</version>
</dependency>

 2,加密

package com.zl.common.utils;

import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;

/**
 * @Author lei
 * @Date 2022/10/28 14:10
 * @Version 1.0
 */
public class JasyptUtil {

    public static final StringEncryptor encryptor = stringEncryptor();


    public static void main(String[] arg) {

        String name = encryptor.encrypt("root");
        String password = encryptor.encrypt("123456");
        //秘钥,
        String my = "ENCKEY";

        //密码进行加密
        System.out.println("加密后账号:" + name);
        System.out.println("加密后密码:" + password);
 }


    public static StringEncryptor stringEncryptor() {
        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
        config.setPassword("ENCKEY");
        config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
        config.setKeyObtentionIterations("1000");
        config.setPoolSize("1");
        config.setProviderName("SunJCE");
        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
        config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
        config.setStringOutputType("base64");
        encryptor.setConfig(config);
        return encryptor;
    }

}

配置文件yml

jasypt:
  encryptor:
    password: aaa
    algorithm: PBEWITHHMACSHA512ANDAES_256


# 应用名称
spring:
  application:
    name: red_envelope
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://localhost:3306/snatch_red_envelope?serverTimezone=Asia/Shanghai&useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&useSSL=false&allowPublicKeyRetrieval=true
    username: ENC(LHOktYhYZXmRbcw9PYSkyPHmWoFeRlrg/A6B5M4fkyigc8e6yglI1tXg7EKOD1o6)
    password: ENC(wveztKwMgrWvkBI9Z+gtr/wk2XO7fY4B6GoC6Q0bSeG0r8MPTHZQF37UxrHEkDEh)
    jackson:
      date-format: yyyy-MM-dd HH:mm:ss
      time-zone: GMT+8
      serialization:
        write-dates-as-timestamps: false


# 应用服务 WEB 访问端口
server:
  port: 8080

mybatis-plus:
  configuration:
    map-underscore-to-camel-case: true
    auto-mapping-behavior: full
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
  mapper-locations: classpath:/mapper/**/*Mapper.xml
  global-config:
    # 逻辑删除配置
    db-config:
      # 删除前
      logic-not-delete-value: 1
      # 删除后
      logic-delete-value: 0

#配置控制台打印日志Debug
logging:
  level:
    com.jd.mapper: debug

注意:java8版本会报错,不支持强加密(可以换成3版本以下,不过我m1的mac zulujdk没有问题)

解决方案
JDK8安装JCE无限强度
步骤1:
去官网下载jar包
https://www.oracle.com/java/technologies/javase-jce8-downloads.html
步骤2:
下载的两个jar包
替换掉
原来jdk下
\jdk1.8.0_91\jre\lib\security)的jar包

-------------------------

加密

PS C:\Users\Tuhuadmin\.m2\repository\org\jasypt\jasypt\1.9.3>  java -cp .\jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=root password=fulfillForward algorithm=PBEWithMD5AndDES
 

配置

jasypt需要设置用于加密明文的密钥password,它会对input内容加密。解释下参数:

参数 说明

input

明文密码
password 加密的盐值
algorithm 加密策略,对称加密

 

posted @ 2022-11-02 11:44  风子磊  阅读(2071)  评论(0编辑  收藏  举报