北京企业官网网站建设,自己房子怎么挂网站做民宿,旅游网站建设ppt模板,cms网站模板下载1背景#xff1a;
springboot项目中要求不能采用明文密码#xff0c;故采用配置文件加密.
目前采用有密码的有redis nacos rabbitmq mysql 这些配置文件
2技术
2.1 redis nacos rabbitmq 配置文件加密
采用加密方式是jasypt 加密
2.1.1 加密步骤
2.1.2 引入maven依赖 …1背景
springboot项目中要求不能采用明文密码故采用配置文件加密.
目前采用有密码的有redis nacos rabbitmq mysql 这些配置文件
2技术
2.1 redis nacos rabbitmq 配置文件加密
采用加密方式是jasypt 加密
2.1.1 加密步骤
2.1.2 引入maven依赖
!-- 加密相关start --dependencygroupIdcom.github.ulisesbocchio/groupIdartifactIdjasypt-spring-boot-starter/artifactIdversion3.0.3/version/dependency!-- 加密相关end --2.1.3 加注解EnableEncryptableProperties
在启动类中加入EnableEncryptableProperties
2.1.4 在配置文件中配置盐 加密方案
jasypt:encryptor:# 加密算法algorithm: PBEWITHHMACSHA512ANDAES_256# 加密使用的盐password: jaspyt_password2.1.5 编写测试类加密/解密密码
/*** author * description: 加密解密测试*/
SpringBootTest(classes MycodeApplication.class)
RunWith(SpringRunner.class)
EnableEncryptableProperties
public class JasyptTest {Autowiredprivate StringEncryptor stringEncryptor;/*** 加密解密测试*/Testpublic void jasyptTest() {// 加密System.out.println(stringEncryptor.encrypt(nacos)); // JSrINYe4IBotHndGjX1hnmY3mtPNUJlXjP12cx1pHqUz2FNXGPu3Frnajh3QCXg// 解密System.out.println(stringEncryptor.decrypt(0q/CVaDpjJ/kG7Je5Z2GjL99ahQvOxqjLXDHsDShkQIZlmnI7UWup7Sltd2N4cV7));// System.out.println(stringEncryptor.decrypt(rP4MtUODPjDz66wFfm20DR0y5YvWCI8bX1cKcoyPmEzPBZ7ylVJuyUAZL1dz7gfW)); // root}public static void main(String[] args) throws Exception{/* String[] arr ConfigTools.genKeyPair(512);System.out.println(privateKey:arr[0]);System.out.println(publicKey:arr[1]);String publicKey MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJByhUUvx4LNlBZFWDhyhaTRvy2J0W9QJ2XXccOJaCBPhUb9Af7UnyaYUra0pRvwlX1VqMCtM4n3du5IpXedAwcCAwEAAQ;String encryptStr XgBw9PoKkns4FP1oYIvLc7UtjawEl8VWvSmcLYI5ekxUm0CoDa2saIB8ndQylo2jNXfqbYm6jz8Vzq7dOOpXg;System.out.println(encryptStr:encryptStr);System.out.println(decryptStr:ConfigTools.decrypt(publicKey,encryptStr));*/String privateKey MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAkHKFRS/Hgs2UFkVYOHKFpNG/LYnRb1AnZddxw4loIEFRv0B/tSfJphStrSlG/CVfVWowK0zifd27kild50DBwIDAQABAkAn8kPA2nHGTqwBbLP1CFbFOeww38g3jGcY1vfzJ3DQXj/tf2fiBtiwzXQkB9c2Z24XiXBo/fo3c1tTOxEtdHBAiEA9SsvZgwa1ZM2QpKmrkcXC5wdN/2FaptTWGOK0yjCp8CIQCW0W7QYwsbPcLKDTLLZ9iCDT6ckx3sl/ynnPeWc34WmQIgJ8x7T7M6eNHjW3uKHtPvS7UlkQcX9vwLhVdzG1MaUCIQCROnM72DOhpaAAl2bSRBPi3lzRKdYILMGpDw2AFi2YQIhAO5eAxXQwe65AM2lVg0C38rwMBvmyqU0ljnOLkRkL1t;String encryptStr ConfigTools.encrypt(privateKey,Safm987);System.out.println(encryptStr);String dbpassword ConfigTools.decrypt(MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJByhUUvx4LNlBZFWDhyhaTRvy2J0W9QJ2XXccOJaCBPhUb9Af7UnyaYUra0pRvwlX1VqMCtM4n3du5IpXedAwcCAwEAAQ, XgBw9PoKkns4FP1oYIvLc7UtjawEl8VWvSmcLYI5ekxUm0CoDa2saIB8ndQylo2jNXfqbYm6jz8Vzq7dOOpXg);System.out.println(dbpassword);//System.out.println();}
}2.1.6 在用加密之后的秘钥替换要来的密码
注意要用ENC包裹起来 注意要用ENC包裹起来 注意要用ENC包裹起来
server:port: 9105
jasypt:encryptor:# 加密算法algorithm: PBEWITHHMACSHA512ANDAES_256# 加密使用的盐password: jaspyt_password
spring:mvc:pathmatch:matching-strategy: ant_path_matchermain:allow-circular-references: trueapplication:name: dp-ccb### cloud 相关配置cloud:nacos:discovery:server-addr: 172.0.0.1:8848namespace: publicusername: nacos# 使用ENC()包裹标识为加密之后的否则无法解密会报错password: ENC(rP4MtUODPjDz66wFfm20DR0y5YvWCI8bX1cKcoyPmEzPBZ7ylVJuyUAZL1dz7gfW)2.2 mysql 加密
驱动为DruidDataSource的方式上面的加密方式不能解析密码 加密方式为import com.alibaba.druid.filter.config.ConfigTools.decrypt
2.2.1 技术实现原理
在创建链接的时候注入密码解密器。
2.2.2 代码实现
自己实现DruidPasswordCallback 重写setProperties方法
package com.example.mycode.utils;import com.alibaba.druid.filter.config.ConfigTools;
import com.alibaba.druid.util.DruidPasswordCallback;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;import java.util.Properties;/*** author sz* version 1.0* date 2023-02-13 21:07*/public class MyDataSourceCallback extends DruidPasswordCallback {private static final Logger LOGGER LoggerFactory.getLogger(MyDataSourceCallback.class);Overridepublic void setProperties(Properties properties) {super.setProperties(properties);String password (String) properties.get(password);String publickey (String) properties.get(publickey);if (StringUtils.isNotBlank(password)) {try {String dbpassword ConfigTools.decrypt(publickey, password);setPassword(dbpassword.toCharArray());} catch (Exception e) {LOGGER.error(Druid ConfigTools.decrypt, e);}}}
}
2.2.3 用import com.alibaba.druid.filter.config.ConfigTools.decrypt 自带的加密解密方式 加密密码
public static void main(String[] args) throws Exception{String privateKey MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAkHKFRS/Hgs2UFkVYOHKFpNG/LYnRb1AnZddxw4loIEFRv0B/tSfJphStrSlG/CVfVWowK0zifd27kild50DBwIDAQABAkAn8kPA2nHGTqwBbLP1CFbFOeww38g3jGcY1vfzJ3DQXj/tf2fiBtiwzXQkB9c2Z24XiXBo/fo3c1tTOxEtdHBAiEA9SsvZgwa1ZM2QpKmrkcXC5wdN/2FaptTWGOK0yjCp8CIQCW0W7QYwsbPcLKDTLLZ9iCDT6ckx3sl/ynnPeWc34WmQIgJ8x7T7M6eNHjW3uKHtPvS7UlkQcX9vwLhVdzG1MaUCIQCROnM72DOhpaAAl2bSRBPi3lzRKdYILMGpDw2AFi2YQIhAO5eAxXQwe65AM2lVg0C38rwMBvmyqU0ljnOLkRkL1t;String encryptStr ConfigTools.encrypt(privateKey,123456);System.out.println(encryptStr);String dbpassword ConfigTools.decrypt(MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJByhUUvx4LNlBZFWDhyhaTRvy2J0W9QJ2XXccOJaCBPhUb9Af7UnyaYUra0pRvwlX1VqMCtM4n3du5IpXedAwcCAwEAAQ, XgBw9PoKkns4FP1oYIvLc7UtjawEl8VWvSmcLYI5ekxUm0CoDa2saIB8ndQylo2jNXfqbYm6jz8Vzq7dOOpXg);System.out.println(dbpassword);//System.out.println();}2.2.4 在配置文件中配置信息
核心关键是配置connectionProperties 和passwordCallbackClassName 注意要connectionProperties 配置公钥和加密的密码 passwordCallbackClassName 要配置自定义的解密限定名
dataSources:ds:dataSourceClassName: com.alibaba.druid.pool.DruidDataSourceurl: jdbc:mysql://172.27.15.74:3306/alter_table_test?serverTimezoneGMT%2B8useUnicodetruecharacterEncodingUTF-8useSSLfalseautoReconnecttruefailOverReadOnlyfalseallowMultiQueriestrueusername: rootpassword: XgBw9PoKkns4FP1oYIvLc7UtjawEl8VWvSmcLYI5ekxUm0CoDa2saIB8ndQylo2jNXfqbYm6jz8Vzq7dOOpXgpasswordCallbackClassName: com.example.mycode.utils.MyDataSourceCallbackconnectionProperties: config:decrypttrue;publickeyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJByhUUvx4LNlBZFWDhyhaTRvy2J0W9QJ2XXccOJaCBPhUb9Af7UnyaYUra0pRvwlX1VqMCtM4n3du5IpXedAwcCAwEAAQ;passwordXgBw9PoKkns4FP1oYIvLc7UtjawEl8VWvSmcLYI5ekxUm0CoDa2saIB8ndQylo2jNXfqbYm6jz8Vzq7dOOpXginitial-size: 20min-idle: 5max-active: 50max-wait: 60000time-between-eviction-runs-millis: 60000min-evictable-idle-time-millis: 300000validation-query-timeout: 10000test-while-idle: truetest-on-borrow: falsetest-on-return: falsepool-prepared-statements: falsemax-pool-prepared-statement-per-connection-size: 20
