Spring+Hibernate 資料庫配置資訊的加密
阿新 • • 發佈:2019-02-16
在hibernate.cfg.xml中,使用者和密碼是明文存放的,存放某些安全問題,可以重寫dataSource類來實現對配置資訊加密的解密方法
<bean
id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property
name="driverClassName"
value="${jdbc.driverClassName}" />
<property
name="url"
value="${jdbc.url}" />
<property
name="username"
value="${jdbc.username}" />
<property
name="password"
value="${jdbc.password}" />
</bean>
比如這個配置中我們需要重寫org.springframework.jdbc.datasource.DriverManagerDataSource
這個類繼承於AbstractDriverBasedDataSource
可以寫個類繼承AbstractDriverBasedDataSource,重寫裡面的方法
比如使用者、密碼照著DriverManagerDataSource改掉相應的方法
/**
* Create a new DriverManagerDataSource with the given standard
* DriverManager parameters.
* @param url the JDBC URL to use for accessing the DriverManager
* @param username the JDBC username to use for accessing the DriverManager
* @param password the JDBC password to use for accessing the DriverManager
* @see java.sql.DriverManager#getConnection(String, String, String)
*/
public DriverManagerDataSource(String url, String username, String password) {
setUrl(url);
setUsername(username);
setPassword(password);
}
/**
* Create a new DriverManagerDataSource with the given JDBC URL,
* not specifying a username or password for JDBC access.
* @param url the JDBC URL to use for accessing the DriverManager
* @param conProps JDBC connection properties
* @see java.sql.DriverManager#getConnection(String)
*/
public DriverManagerDataSource(String url, Properties conProps) {
setUrl(url);
setConnectionProperties(conProps);
}
修改後
/**
* Create a new DriverManagerDataSource with the given standard
* DriverManager parameters.
* @param url the JDBC URL to use for accessing the DriverManager
* @param username the JDBC username to use for accessing the DriverManager
* @param password the JDBC password to use for accessing the DriverManager
* @see java.sql.DriverManager#getConnection(String, String, String)
*/
public DriverManagerDataSource(String url, String username, String password) {
setUrl(url);
setUsername(DesEncrypter.getInstance().decrypt(username));
setPassword(DesEncrypter.getInstance().decrypt(password));
}
/**
* Create a new DriverManagerDataSource with the given JDBC URL,
* not specifying a username or password for JDBC access.
* @param url the JDBC URL to use for accessing the DriverManager
* @param conProps JDBC connection properties
* @see java.sql.DriverManager#getConnection(String)
*/
public DriverManagerDataSource(String url, Properties conProps) {
setUrl(url);
if(conProps.containsKey("user")){
conProps.setProperty("user", DesEncrypter.getInstance().decrypt(conProps.getProperty("user")));
}
if(conProps.containsKey("password")){
conProps.setProperty("password", DesEncrypter.getInstance().decrypt(conProps.getProperty("password")));
}
setConnectionProperties(conProps);
}
最後把dataSource改為重寫的類
<bean
id="dataSource"
class="com.ht.platform.datasource.DriverManagerDataSource">
PS:如果使用第三方的聯結器,CustomDriverManagerConnectionProvider則需要繼承於相應的聯結器,如C3P0ConnectionProvider