我们在日常使用中有需要加密设置数据库连接配置的情况,我们可以使用第三方的依赖jasypt来实现我们的数据库配置加密,从而提高系统的安全性。
一、引入jasypt依赖
<!--jasypt-->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
完整的项目pom文件如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<!--modelVersion指定了pom文件的模型版本-->
<modelVersion>4.0.0</modelVersion>
<!--parent指定父依赖项目-->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.13</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<!--groupId代表项目所在组信息-->
<groupId>com.example</groupId>
<!--artifactId代表项目总组内的唯一标识-->
<artifactId>SpringBootDemo</artifactId>
<!--version代表项目版本-->
<version>0.0.1-SNAPSHOT</version>
<!--name是项目的名称-->
<name>SpringBootDemo</name>
<!--description是项目的描述-->
<description>SpringBootDemo</description>
<!--packaging代表项目的打包方式,默认为jar-->
<packaging>jar</packaging>
<!--properties用来存放各种属性-->
<properties>
<!--java.version指定JDK版本-->
<java.version>1.8</java.version>
</properties>
<!--dependencies用来管理依赖的Jar包坐标信息-->
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.31</version>
</dependency>
<!--jasypt-->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<!--build用来配置项目的构建信息-->
<build>
<!--plugins用于配置构建项目所需的插件-->
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
二、配置jasypt密钥
在application.properties文件中我们进行密钥的设置,密钥可以自定义。
#jasypt密钥
jasypt.encryptor.password=Z832MVEYRTDTY452mz5
完整的application.properties文件如下所示:
#??????
server.port=8088
#srs???IP
srs.server.ip=192.168.99.100:1989
#mysql未加密的情况
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/srs?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf-8&useSSL=false&rewriteBatchedStatements=true
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.username=root
spring.datasource.password=123456
#jpa
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
#jasypt密钥
jasypt.encryptor.password=Z832MVEYRTDTY452mz5
三、手动生成数据库连接配置的加密数据
package com.example.springbootdemo;
import lombok.extern.slf4j.Slf4j;
import org.jasypt.encryption.StringEncryptor;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
@Slf4j
class SpringBootDemoApplicationTests {
@Autowired
private StringEncryptor encryptor;
@Test
void contextLoads() {
String url = encryptor.encrypt("jdbc:mysql://127.0.0.1:3306/srs?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf-8&useSSL=false&rewriteBatchedStatements=true");
String username = encryptor.encrypt("root");
String password = encryptor.encrypt("123456");
log.info("url:{}", url);
log.info("username:{}", username);
log.info("password:{}", password);
}
}
执行这个测试方法后,我们在控制台中获取到加密后的配置消息,我们可以先保存好,后面在配置文件中会用到这些数据。
2023-08-19 22:10:01.714 INFO 8496 --- [ main] c.e.s.SpringBootDemoApplicationTests : url:luLD7r+V0sJ/n8Dxyc9iW7cVXUdsAaV+MVczwWdZFITg2hYmghy3hhBzxmPCU3bVxpg5J7S3AnR4hg/0kyjTmwEUquyUYAyG2fwgosb1XUrLYDA5OXqi9QRgA9BZ8WQXZVCDgH8V9ZnGEHLPzZfxRdrJLXfSUcUwzU9DLnt4PeeBNzoEkwc9ZSYmXpYVPKiWZMJDFjrmBsCnDQ1xcZ1ZrrBB6OZe+nMzJKGQLCEfsF8=
2023-08-19 22:10:01.714 INFO 8496 --- [ main] c.e.s.SpringBootDemoApplicationTests : username:A4Ayw18isKD5aVxujeEaClS8I0M/ZkBKvGCl/UVqMqZzBctajhIyiI3nkg2M81aS
2023-08-19 22:10:01.714 INFO 8496 --- [ main] c.e.s.SpringBootDemoApplicationTests : password:zS/DmzPQwDhX8oA5AT2HOFjy39/82s5OE5w4Ai+DAsCGLSsJ+mPvAuV6BWmkg6dM
四、application.properties文件配置
我们在application.properties文件中对数据库的配置进行加密的配置。默认使用ENC进行包裹 也可以使用jasypt.encryptor.property.prefix='ENC(' 和jasypt.encryptor.property.suffix=')'进行自定义的前缀和后缀的配置。
设置好的文件如下所示:
#??????
server.port=8088
#srs???IP
srs.server.ip=192.168.99.100:1989
#mysql数据库连接加密后的配置 使用jasypt的ENC包裹 默认前缀为ENC( 后缀为)
#spring.datasource.url=jdbc:mysql://127.0.0.1:3306/srs?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf-8&useSSL=false&rewriteBatchedStatements=true
spring.datasource.url=ENC(luLD7r+V0sJ/n8Dxyc9iW7cVXUdsAaV+MVczwWdZFITg2hYmghy3hhBzxmPCU3bVxpg5J7S3AnR4hg/0kyjTmwEUquyUYAyG2fwgosb1XUrLYDA5OXqi9QRgA9BZ8WQXZVCDgH8V9ZnGEHLPzZfxRdrJLXfSUcUwzU9DLnt4PeeBNzoEkwc9ZSYmXpYVPKiWZMJDFjrmBsCnDQ1xcZ1ZrrBB6OZe+nMzJKGQLCEfsF8=)
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.username=ENC(A4Ayw18isKD5aVxujeEaClS8I0M/ZkBKvGCl/UVqMqZzBctajhIyiI3nkg2M81aS)
spring.datasource.password=ENC(zS/DmzPQwDhX8oA5AT2HOFjy39/82s5OE5w4Ai+DAsCGLSsJ+mPvAuV6BWmkg6dM)
#spring.datasource.username=root
#spring.datasource.password=123456
#jpa
spring.jpa.hibernate.ddl-auto=update
# 显示sql语句
spring.jpa.show-sql=true
#jasypt密钥
jasypt.encryptor.password=Z832MVEYRTDTY452mz5
五、自定义一个数据库实体类
我们使用JPA的相关注解来设置数据实体。
package com.example.springbootdemo.bean;
import lombok.Data;
import javax.persistence.*;
/**
* @author qx
* @date 2023/08/19
* @desc 测试用的数据库实体类
*/
@Entity
@Table(name = "t_user")
@Data
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String name;
private Integer age;
private String address;
}
六、测试
我们启动项目,在控制台中我们可以看到打印的sql语句中新建了一个数据表。
2023-08-19 22:19:11.055 INFO 8248 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.MySQL8Dialect
Hibernate: create table t_user (id bigint not null auto_increment, address varchar(255), age integer, name varchar(255), primary key (id)) engine=InnoDB
2023-08-19 22:19:12.980 INFO 8248 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2023-08-19 22:19:12.991 INFO 8248 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
我们可以在数据库中查看到新增的数据表。
这样我们就实现了使用jasypt来对数据库的配置进行加密的操作,从而提高了系统的安全性。
标签:加密,SpringBoot,jasypt,boot,datasource,spring,org,password From: https://blog.51cto.com/u_13312531/7160927