文章介绍基于jasypt加密算法对springboot项目的配置信息(如密码等敏感信息)进行加密的详细实现步骤,以期帮助服务提高安全性能,实测可用。该加密方式的实现原理后续再作介绍。
1、配置项
server:
port: 8081
spring:
datasource:
driver-class-name: org.postgresql.Driver
url: jdbc:postgresql://*.*.*.*:5432/public?currentSchema=gxpt&useSSL=false&useUnicode=true&characterEncoding=UTF-8
username: user
# jasypt加密后的密码
password: ENC(jACln5JMwhsI0ELEIIi3lGCcNn22****)
# jasypt.encryptor.password 用于接收启动项目时传入的配置参数:
# java -jar your-app.jar --jasypt.encryptor.password=你的密钥
jasypt:
# crack: Gxpt@2024
crack: ${jasypt.encryptor.password}
mybatis:
mapper-locations: classpath:mapper/*.xml
type-aliases-package: com.chf.pojo
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
2、依赖项
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.7.14</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<version>2.7.14</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.7.14</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>42.2.22</version>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.2</version>
</dependency>
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot</artifactId>
<version>3.0.1</version>
</dependency>
<dependencies>
3、代码块
3.1 jasypt 加解密工具类
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
public final class JasyptUtils {
/// 加密算法
private static final String PBEWITHMD5ANDDES = "PBEWithMD5AndDES";
/// 加密
public static String encryptWithMD5(String text, String crack) {
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
config.setAlgorithm(PBEWITHMD5ANDDES);
config.setPassword(crack);
encryptor.setConfig(config);
return encryptor.encrypt(text);
}
/// 解密
public static String decryptWithMD5(String text, String crack) {
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
config.setAlgorithm(PBEWITHMD5ANDDES);
config.setPassword(crack);
encryptor.setConfig(config);
return encryptor.decrypt(text);
}
}
3.2 重写 jasypt 加解密类
import com.smy.mybatispack.util.JasyptUtils;
import org.jasypt.encryption.StringEncryptor;
public class CustomStringEncryptor implements StringEncryptor {
/// 密钥
private String crack = null;
public CustomStringEncryptor() {
super();
if(this.crack == null || this.crack.isEmpty()){
this.crack = "Gxpt@2024";
}
}
public CustomStringEncryptor(String crack) {
super();
if(crack == null || crack.isEmpty()){
this.crack = "Gxpt@2024";
}else{
this.crack = crack;
}
}
/// 加密
@Override
public String encrypt(String s) {
return JasyptUtils.encryptWithMD5(s,crack);
}
/// 解密
@Override
public String decrypt(String s) {
return JasyptUtils.decryptWithMD5(s,crack);
}
// public static void main(String[] args) {
// CustomStringEncryptor customStringEncryptor = new CustomStringEncryptor();
// System.out.println(customStringEncryptor.encrypt("原始密码"));
// System.out.println(customStringEncryptor.decrypt("加密密码"));
// }
}
3.3 装载jasypt加解密类的bean(此时设置了密钥),服务启动时,该bean会自动解密ENC()里的密文
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;
@Configuration
@EnableEncryptableProperties //jasypt解密使能
public class JasyptEncryptorConfig {
@Value("${jasypt.crack}")
private String crack;
@Bean(name = "jasyptStringEncryptor")
public StringEncryptor jasyptStringEncryptor() {
// System.out.println("密钥:" + this.crack);
return new CustomStringEncryptor(this.crack);
}
}
4、服务启动
当配置文件中明文配置密钥或代码中硬编码密钥时,服务jar正常启动即可:
java -jar mybatis-proj-0.1.jar
当配置文件中已变量方式配置密钥时,需在启动jar包时设置密钥,启动命令如下:
java -jar mybatis-proj-0.1.jar --jasypt.encryptor.password=“Gxpt@2024”