1、前言

生产环境的配置文件中的各种账户、密码一般都是隐私数据,这些明文的配置容易泄露,不安全,推荐一个加密这些配置的软件jasypt。
Jasypt是一个Java的加密库,可以用来加密数据库、Redis等账号,再也不用担心账号泄密了。
github: https://github.com/ulisesbocchio/jasypt-spring-boot

2、SpringBoot项目中集成

2.1、依赖

需引入依赖:

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>2.1.1</version>
</dependency>

完整依赖:

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.1.3.RELEASE</version>
</parent>

<dependencies>
    <dependency>
        <groupId>com.github.ulisesbocchio</groupId>
        <artifactId>jasypt-spring-boot-starter</artifactId>
        <version>2.1.1</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    
    <dependency>
        <groupId>com.baomidou</groupId>
        <artifactId>mybatis-plus-boot-starter</artifactId>
        <version>3.2.0</version>
    </dependency>
   
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <version>5.1.47</version>
    </dependency>
   
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <optional>true</optional>
    </dependency>
</dependencies>

2.2、新增配置文件application.yml

server:
  port: 8888
 
jasypt:
  encryptor:
    password: '!qaz@wsx#edc'  # 加密密钥(盐)
 
spring:
  application:
    name: springboot-jasypt
  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://127.0.0.1:3306/springboot-jasypt?useUnicode=true&characterEncoding=utf8&allowMultiQueries=true&useSSL=false
    username: ENC(pe74VTciYi87R5QRXYmGjA==)   # root
    password: ENC(19zfUn1PS7p3lrIKl5UD0w==)   # 123456
 

jasypt.encryptor.password
加密的密钥,线下可以放在配置文件,生产环境建议配置在启动参数中:
-Djasypt.encryptor.password=!qaz@wsx#edc
其他配置参考:
com.ulisesbocchio.jasyptspringboot.properties.JasyptEncryptorConfigurationProperties

获取数据库用户名和密码的密文,可以使用如下代码:

import org.jasypt.util.text.BasicTextEncryptor;
 
public class EncryptUtil {
 
    public static void main(String[] args) {
        BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
        // 加密秘钥(盐)
        textEncryptor.setPassword("!qaz@wsx#edc");
        // 要加密的数据(数据库的用户名或密码)
        String username = textEncryptor.encrypt("root");
        String password = textEncryptor.encrypt("123456");
        System.out.println("username:" + username);
        System.out.println("password:" + password);
    }
 
}

原用户名和密码可以使用: ENC(密文) 替代。

2.3、数据库访问测试类

import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 
public interface UserMapper extends BaseMapper<User> {
 
}
import lombok.Data;
 
@Data
public class User {
    private Long id;
    private String name;
    private Integer age;
    private String email;
}

2.4、启动类

import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
 
@SpringBootApplication
@MapperScan(basePackages = "cn.river.springboot.jasypt")
public class JasyptApplication {
 
    public static void main(String[] args) {
        SpringApplication.run(JasyptApplication.class, args);
    }
}

2.5、单元测试类

import cn.river.springboot.jasypt.mapper.UserMapper;
import lombok.extern.slf4j.Slf4j;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
 
import javax.annotation.Resource;
 
@Slf4j
@RunWith(SpringRunner.class)
@SpringBootTest
public class BaseTest {
 
    @Resource
    UserMapper userMapper;
 
    @Test
    public void testDB() {
        Integer count = userMapper.selectCount(null);
        log.info("total: {}", count);
    }
}