1、前言
生产环境的配置文件中的各种账户、密码一般都是隐私数据,这些明文的配置容易泄露,不安全,推荐一个加密这些配置的软件jasypt。
Jasypt是一个Java的加密库,可以用来加密数据库、Redis等账号,再也不用担心账号泄密了。
github: https://github.com/ulisesbocchio/jasypt-spring-boot
2、SpringBoot项目中集成
2.1、依赖
需引入依赖:
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.1</version>
</dependency>
完整依赖:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.3.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.2.0</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.47</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
2.2、新增配置文件application.yml
server:
port: 8888
jasypt:
encryptor:
password: '!qaz@wsx#edc' # 加密密钥(盐)
spring:
application:
name: springboot-jasypt
datasource:
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/springboot-jasypt?useUnicode=true&characterEncoding=utf8&allowMultiQueries=true&useSSL=false
username: ENC(pe74VTciYi87R5QRXYmGjA==) # root
password: ENC(19zfUn1PS7p3lrIKl5UD0w==) # 123456
jasypt.encryptor.password
加密的密钥,线下可以放在配置文件,生产环境建议配置在启动参数中:
-Djasypt.encryptor.password=!qaz@wsx#edc
其他配置参考:
com.ulisesbocchio.jasyptspringboot.properties.JasyptEncryptorConfigurationProperties
获取数据库用户名和密码的密文,可以使用如下代码:
import org.jasypt.util.text.BasicTextEncryptor;
public class EncryptUtil {
public static void main(String[] args) {
BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
// 加密秘钥(盐)
textEncryptor.setPassword("!qaz@wsx#edc");
// 要加密的数据(数据库的用户名或密码)
String username = textEncryptor.encrypt("root");
String password = textEncryptor.encrypt("123456");
System.out.println("username:" + username);
System.out.println("password:" + password);
}
}
原用户名和密码可以使用: ENC(密文) 替代。
2.3、数据库访问测试类
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
public interface UserMapper extends BaseMapper<User> {
}
import lombok.Data;
@Data
public class User {
private Long id;
private String name;
private Integer age;
private String email;
}
2.4、启动类
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
@MapperScan(basePackages = "cn.river.springboot.jasypt")
public class JasyptApplication {
public static void main(String[] args) {
SpringApplication.run(JasyptApplication.class, args);
}
}
2.5、单元测试类
import cn.river.springboot.jasypt.mapper.UserMapper;
import lombok.extern.slf4j.Slf4j;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import javax.annotation.Resource;
@Slf4j
@RunWith(SpringRunner.class)
@SpringBootTest
public class BaseTest {
@Resource
UserMapper userMapper;
@Test
public void testDB() {
Integer count = userMapper.selectCount(null);
log.info("total: {}", count);
}
}