背景
随着互联网的不断发展,信息安全越来越被人们所重视,对一些敏感信息的加密要求也越来越高。按等保要求,项目配置文件里的明文密码导致的数据泄漏等问题也需要解决。本文简单介绍基于Jasypt的配置文件加密使用(jasypt-spring-boot-starter方式)。
Jasypt 简介
官网: http://www.jasypt.org/
githup: https://github.com/jasypt/jasypt
简单使用(jasypt-spring-boot-starter)
1、POM依赖
<properties><jasypt.version>3.0.4</jasypt.version>
</properties><dependencies><dependency><groupId>com.github.ulisesbocchio</groupId><artifactId>jasypt-spring-boot-starter</artifactId><version>${jasypt.version}</version></dependency>
</dependencies>
2、生成密文账密
2.1、YML配置
jasypt:encryptor:# 指定加密的盐值password: DbG1GppXOsFa2G69PnmADvQFI3esceEhJYbaEIKCcEO5C85JEqGAhfcjFMGnoRFf
2.2、生成密文函数
@SpringBootTest
public class JasyptTest {private final String orgUsername = "rycloud";private final String orgPassword = "rycloud";@Autowiredprivate StringEncryptor stringEncryptor;@Testvoid encrypt() {System.out.println("密文username: " + stringEncryptor.encrypt(orgUsername));System.out.println("密文password: " + stringEncryptor.encrypt(orgPassword));}}
3、业务应用中使用
3.1、YML配置
密文配置语法: prefix + 配置密文值 + suffix
Tips:
默认前缀:
ENC(, 默认后缀:)
例:ENC(N1kLdL9IDh3L+hW9CCVV+SXj5do9PaNo3IverJ2cBIpb31FMj1e9uTgoy5PepsZE)
# 此处为演示用,生产千万不要在配置文件中,泄露了就可以直接根据盐值解码成密文了,生产通过jar运行参数方式传入
# 指定加密的盐值,必须和生成密文的盐值一致
# jasypt:
# encryptor:
# password: DbG1GppXOsFa2G69PnmADvQFI3esceEhJYbaEIKCcEO5C85JEqGAhfcjFMGnoRFf
spring:datasource:dynamic:datasource:# 主库数据源master:driver-class-name: oracle.jdbc.driver.OracleDriverurl: jdbc:oracle:thin:@192.168.1.8:1528/xe# 配置上述2.2中生成的密文账密信息username: ENC(N1kLdL9IDh3L+hW9CCVV+SXj5do9PaNo3IverJ2cBIpb31FMj1e9uTgoy5PepsZE)password: ENC(0YZ7rj3/+s5ImEnMe2bactYPpzbbsEhnAy1Avr414tmzKHRs6YLlKbKmJOcgTrNx)
3.2、使用示例
@SpringBootTest
public class ExampleJasyptTests {private final String orgUsername = "jasypt_name";private final String orgPassword = "jasypt_password";@Autowiredprivate StringEncryptor stringEncryptor;@Value("${spring.datasource.dynamic.datasource.master.username}")private String username ;@Value("${spring.datasource.dynamic.datasource.master.password}")private String password ;@Testvoid encrypt() {System.out.println("密文username: " + stringEncryptor.encrypt(orgUsername));System.out.println("密文password: " + stringEncryptor.encrypt(orgPassword));}@Testvoid decrypt() {System.out.println("注入的username: " + username);System.out.println("注入的password: " + password);Assertions.assertEquals(orgUsername, username);Assertions.assertEquals(orgPassword, password);}
}
如图所示
jar运行参数方式传入盐值(jasypt.encryptor.password)
idea 添加VM option参数
-Djasypt.encryptor.password=DbG1GppXOsFa2G69PnmADvQFI3esceEhJYbaEIKCcEO5C85JEqGAhfcjFMGnoRFf
controller
@RequestMapping("/jasypt")
@RestController
public class JasyptTestController {@Value("${spring.datasource.dynamic.datasource.master.username}")private String username ;@Value("${spring.datasource.dynamic.datasource.master.password}")private String password ;@GetMappingpublic String get(){return "username: " + username + "\npassword: " + password;}}
访问
4、jasypt-spring-boot-starter配置
yml中可以查看jasypt-spring-boot-starter的配置,有需要的话 按需配置即可,包括配置前后缀 等
以上简单介绍了 基于 springboot starter 入门简单使用,其他高级使用参照:https://github.com/ulisesbocchio/jasypt-spring-boot-samples
参考资料
官网: http://www.jasypt.org/
githup: https://github.com/jasypt/jasypt
githup使用案例: https://github.com/ulisesbocchio/jasypt-spring-boot-samples
![Java byte[] 转 String的简单转换](https://upload-images.jianshu.io/upload_images/7208373-b6b96e0acc5cf05f.png)