Spring資料來源及配置檔案資料加密實現過程詳解
阿新 • • 發佈:2020-05-13
The following example shows the corresponding XML configuration:
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}"/>
<property name="url" value="${jdbc.url}"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
</bean>
<context:property-placeholder location="jdbc.properties"/>Spring在第三方依賴包中包含了兩個資料來源的實現類包,其一是:Apache的DBCP;其二是C3P0,可以在Spring配置檔案中利用二者的任何一個配置資料來源.
The next two examples show the basic connectivity and configuration for DBCP and C3P0. To learn about more options that help control the pooling features,see the product documentation for the respective connection pooling implementations.
The following example shows DBCP configuration:
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${jdbc.driverClassName}"/>
<property name="url" value="${jdbc.url}"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
</bean>
<context:property-placeholder location="jdbc.properties"/>The following example shows C3P0 configuration:
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
<property name="driverClass" value="${jdbc.driverClassName}"/>
<property name="jdbcUrl" value="${jdbc.url}"/>
<property name="user" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
</bean>
<context:property-placeholder location="jdbc.properties"/>
在jdbc.properties檔案中定義屬性的值,如下:
jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3309/sampledb
jdbc.username=root
jdbc.password=123456
但是這些屬性是以明文形式存放,那麼任何擁有伺服器登入許可權的人都可以檢視這些機密資訊,容易造成資料庫訪問許可權的洩露.
這就要求對應用程式配置檔案對某些屬性進行加密,讓Spring容器在讀取屬性檔案後,在記憶體中對屬性進行解密,然後再將解密後的屬性賦給目標物件.
這裡提供一個加密解密工具(DES對稱加密解密)程式碼:
package com.springboot.utils;
import java.security.Key;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Base64.Decoder;
import java.util.Base64.Encoder;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
public class DESUtils {
//指定DES加密解密所用的金鑰
private static Key key;
private static String KEY_STR = "myKey";
static {
try {
KeyGenerator generator = KeyGenerator.getInstance("DES");
generator.init(new SecureRandom(KEY_STR.getBytes()));
key = generator.generateKey();
generator = null;
}catch(Exception e) {
throw new RuntimeException(e);
}
}
public static String getEncryptString(String str) {
Encoder encoder = Base64.getEncoder();
try {
byte[] strBytes = str.getBytes("UTF8");
Cipher cipher = Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE,key);
byte[] encryptStrBytes = cipher.doFinal(strBytes);
return encoder.encodeToString(encryptStrBytes);
}catch(Exception e) {
throw new RuntimeException(e);
}
}
public static String getDecryptString(String str) {
Decoder decoder = Base64.getDecoder();
try {
byte[] strBytes = decoder.decode(str);
Cipher cipher = Cipher.getInstance("DES");
cipher.init(Cipher.DECRYPT_MODE,key);
byte[] decryptStrBytes = cipher.doFinal(strBytes);
return new String(decryptStrBytes,"UTF8");
}catch(Exception e) {
throw new RuntimeException(e);
}
}
public static void main(String[] args) throws Exception{
if(args == null || args.length < 1) {
System.out.println("請輸入要加密的字元,用空格分隔.");
}else {
for(String arg : args) {
System.out.println(arg + ":" + getEncryptString(arg));
}
}
}
}
針對配置檔案中加密資訊的解密
package com.springboot.utils;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
public class EncryptPropertyPlaceholderConfigurer extends PropertySourcesPlaceholderConfigurer{
private String[] encryptPropNames = {"userName","password"};
private boolean isEncryptProp(String propertyName) {
for(String encryptProName : encryptPropNames) {
if(encryptProName.equals(propertyName)) {
return true;
}
}
return false;
}
@Override
protected String convertProperty(String propertyName,String propertyValue) {
if(isEncryptProp(propertyName)) {
String decryptVal = DESUtils.getDecryptString(propertyValue);
System.out.println("decryptVal = " + decryptVal);
return decryptVal;
}else {
return propertyValue;
}
}
}
xml配置檔案內容
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/aop https://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd">
<bean class="com.springboot.utils.EncryptPropertyPlaceholderConfigurer"
p:location="classpath:application.properties"
p:fileEncoding="utf-8"/>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close"
p:driverClassName="${driverClassName}"
p:url="${url}"
p:username="${userName}"
p:password="${password}"/>
</beans>
通過在控制檯執行我們的加密程式碼獲取加密後的密文
yusuwudeMacBook-Pro:classes yusuwu$ java com.springboot.utils.DESUtils root 123
獲取密文:
root:jxlNoW/DjKw=
123:RbtzyNE4tjY=
在application.properties中配置
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/springboot
userName=jxlNoW/DjKw=
password=RbtzyNE4tjY=
以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支援我們。