SpringBoot配置信息加密

Pluto_CSND

已于 2024-10-30 10:17:51 修改

阅读量506

点赞数 4

分类专栏： SpingBoot 文章标签： spring boot java

于 2024-10-29 15:57:15 首次发布

SpingBoot 专栏收录该内容

15 篇文章

订阅专栏

文章介绍基于jasypt加密算法对springboot项目的配置信息（如密码等敏感信息）进行加密的详细实现步骤，以期帮助服务提高安全性能，实测可用。该加密方式的实现原理后续再作介绍。

1、配置项

server:
  port: 8081

spring:
  datasource:
    driver-class-name: org.postgresql.Driver
    url: jdbc:postgresql://*.*.*.*:5432/public?currentSchema=gxpt&useSSL=false&useUnicode=true&characterEncoding=UTF-8
    username: user
    # jasypt加密后的密码
    password: ENC(jACln5JMwhsI0ELEIIi3lGCcNn22****)

# jasypt.encryptor.password 用于接收启动项目时传入的配置参数：
# java -jar your-app.jar --jasypt.encryptor.password=你的密钥
jasypt:
#  crack: Gxpt@2024
  crack: ${jasypt.encryptor.password}
  
mybatis:
  mapper-locations: classpath:mapper/*.xml
  type-aliases-package: com.chf.pojo
  configuration:
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl

2、依赖项

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-dependencies</artifactId>
            <version>2.7.14</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>
<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
        <version>2.7.14</version>
    </dependency>
   <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
        <version>2.7.14</version>
   </dependency>
   <dependency>
        <groupId>org.postgresql</groupId>
        <artifactId>postgresql</artifactId>
        <version>42.2.22</version>
    </dependency>
    <dependency>
        <groupId>org.mybatis.spring.boot</groupId>
        <artifactId>mybatis-spring-boot-starter</artifactId>
        <version>2.2.2</version>
    </dependency>
	<dependency>
	    <groupId>com.github.ulisesbocchio</groupId>
	    <artifactId>jasypt-spring-boot</artifactId>
	    <version>3.0.1</version>
	</dependency>
<dependencies>

3、代码块

3.1 jasypt 加解密工具类

import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;

public final class JasyptUtils {

    /// 加密算法
    private static final String PBEWITHMD5ANDDES = "PBEWithMD5AndDES";

    /// 加密
    public static String encryptWithMD5(String text, String crack) {
        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
        EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
        config.setAlgorithm(PBEWITHMD5ANDDES);
        config.setPassword(crack);
        encryptor.setConfig(config);
        return encryptor.encrypt(text);
    }
    
	/// 解密
    public static String decryptWithMD5(String text, String crack) {
        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
        EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
        config.setAlgorithm(PBEWITHMD5ANDDES);
        config.setPassword(crack);
        encryptor.setConfig(config);
        return encryptor.decrypt(text);
    }
}

3.2 重写 jasypt 加解密类

import com.smy.mybatispack.util.JasyptUtils;
import org.jasypt.encryption.StringEncryptor;

public class CustomStringEncryptor implements StringEncryptor {

    /// 密钥
    private String crack = null;

    public CustomStringEncryptor() {
        super();
        if(this.crack == null || this.crack.isEmpty()){
            this.crack = "Gxpt@2024";
        }
    }

    public CustomStringEncryptor(String crack) {
        super();
        if(crack == null || crack.isEmpty()){
            this.crack = "Gxpt@2024";
        }else{
            this.crack = crack;
        }
    }

    /// 加密
    @Override
    public String encrypt(String s) {
        return JasyptUtils.encryptWithMD5(s,crack);
    }

    /// 解密
    @Override
    public String decrypt(String s) {
        return JasyptUtils.decryptWithMD5(s,crack);
    }

//    public static void main(String[] args) {
//        CustomStringEncryptor customStringEncryptor = new CustomStringEncryptor();
//        System.out.println(customStringEncryptor.encrypt("原始密码"));
//        System.out.println(customStringEncryptor.decrypt("加密密码"));
//    }
}

3.3 装载jasypt加解密类的bean(此时设置了密钥)，服务启动时，该bean会自动解密ENC()里的密文

import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;

@Configuration
@EnableEncryptableProperties  //jasypt解密使能
public class JasyptEncryptorConfig {

    @Value("${jasypt.crack}")
    private String crack;

    @Bean(name = "jasyptStringEncryptor")
    public StringEncryptor jasyptStringEncryptor() {
        // System.out.println("密钥：" + this.crack);
        return new CustomStringEncryptor(this.crack);
    }
}

4、服务启动

当配置文件中明文配置密钥或代码中硬编码密钥时，服务jar正常启动即可:
java -jar mybatis-proj-0.1.jar
当配置文件中已变量方式配置密钥时，需在启动jar包时设置密钥，启动命令如下：
java -jar mybatis-proj-0.1.jar --jasypt.encryptor.password=“Gxpt@2024”