For those applications that define datasources in Hibernate's hibernate.cfg.xml file, Jasypt provides two Connection Provider (org.hibernate.connection.ConnectionProvider) implementations which let the user declare the datasource parameters (driver, url, username and password) in an encrypted manner:
- org.jasypt.hibernate3|hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider, which extends Hibernate's Driver Manager connection provider (a very simplistic pool implementation).
- org.jasypt.hibernate3|hibernate4.connectionprovider.EncryptedPasswordC3P0ConnectionProvider, which extends Hibernate's C3P0-based connection provider.
They are used like this in hibernate.cfg.xml:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD//EN"
"http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
<property name="connection.provider_class">
org.jasypt.hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider
</property>
<property name="connection.encryptor_registered_name">
configurationHibernateEncryptor
</property>
<property name="connection.url">jdbc:mysql://localhost/reportsdb</property>
<property name="connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="connection.username">reportsUser</property>
<property name="connection.password">ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)</property>
<property name="connection.pool_size">12</property>
<property name="show_sql">true</property>
<property name="dialect">org.hibernate.dialect.MySQLDialect</property>
<!-- Mappings etc... -->
</session-factory>
</hibernate-configuration>
In this configuration, Hibernate is told to use Jasypt's DriverManager-based connection provider and is passed a set of configuration parameters which contain an encrypted value, the connection.password property. Then, Hibernate is also told about which is the encryptor object to be used for decrypting the encrypted parameters (connection.encryptor_registered_name).
This encryptor object should have been registered beforehand as a Hibernate Encryptor, as explained in the 'Transparent data encryption' section.
注:本文转载自:http://www.jasypt.org/hibernate.html
本文介绍如何使用Jasypt加密库与Hibernate整合,实现数据库连接参数的安全配置。通过两个不同的ConnectionProvider实现,可以在hibernate.cfg.xml文件中加密存储数据库URL、用户名和密码。
268

被折叠的 条评论
为什么被折叠?



