针对目前越来越严的安全等级要求,我们在做产品研发和项目开发时,越来越需要注意安全问题,各种账号密码的在配置文件中明文存储就是一个很大的安全隐患。
现针对数据库密码加解密方面,利用druid工具类进行数据库加密,实现项目配置文件中数据库密码密文存储,一定程度上保证了数据安全。
步骤一:pom中引入druid依赖
<!-- druid数据源驱动 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid-spring-boot-starter</artifactId> <version>1.1.17</version> </dependency>
步骤二:添加druid的filter
package com.huatech.cloud.filter; import java.security.PublicKey; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import com.alibaba.druid.filter.FilterAdapter; import com.alibaba.druid.filter.config.ConfigTools; import com.alibaba.druid.pool.DruidDataSource; import com.alibaba.druid.proxy.jdbc.DataSourceProxy; import lombok.extern.slf4j.Slf4j; @Slf4j @Component public class DruidDataSourceFilter extends FilterAdapter { @Value("${crypto.public-key}") private String decryptKey; @Override public void init(DataSourceProxy dataSourceProxy) { if (!(dataSourceProxy instanceof DruidDataSource)) { log.error("ConfigLoader only support DruidDataSource"); return; } DruidDataSource dataSource = (DruidDataSource) dataSourceProxy; // 判断是否需要解密,如果需要就进行解密行动 if (isNotEmpty(decryptKey)) { decrypt(dataSource); } } public void decrypt(DruidDataSource dataSource) { try { String encryptedUsername = null, encryptedPassword = null; if (encryptedUsername == null || encryptedUsername.length() == 0) { encryptedUsername = dataSource.getUsername(); } if (encryptedPassword == null || encryptedPassword.length() == 0) { encryptedPassword = dataSource.getPassword(); } PublicKey publicKey = ConfigTools.getPublicKey(decryptKey); String usernamePlainText = ConfigTools.decrypt(publicKey, encryptedUsername); String passwordPlainText = ConfigTools.decrypt(publicKey, encryptedPassword); dataSource.setUsername(usernamePlainText); dataSource.setPassword(passwordPlainText); } catch (Exception e) { throw new IllegalArgumentException("Failed to decrypt.", e); } } public boolean isNotEmpty(String source) { return source != null && !"".equals(source.trim()); } }
步骤三:通过Druid的ConfigTools工具类生成秘钥对,最后一个参数为待加密内容
java -cp druid-1.1.17.jar com.alibaba.druid.filter.config.ConfigTools abc privateKey:MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAlL2KkAHx1etX6V/A8JrTmLtvd4H/3yectN0RdkEro2z/ItPNdt/gP7W1PTOusSUrD/N4EVbMWNwaUrzBbRYwgwIDAQABAkB9DY693KSyshdLgtH4eHOGabAhzg6OVAOQnHzd65UA5I6sD1ehGT3jjLvNFovenOpzGY0TeYoIonWTlzIb/NJhAiEAyMU9C6l89KIVOiShC/XPEXgj1LtEO4ik/ZlJ6GNbye8CIQC9qDbmctuX8fNeyJMdSluwXjyUNCmVsOE0cnijY37mrQIgTbnudEFdmufVB/l+T78ON1knpggJ1nKETZm2vz0YIAkCIFphz8gC9KN0qoaBD5rl1Mw4HKaENU0g/jIAW32B7PgBAiEAooZbdtng4IrLw47/5SDWiunYrC2BHR59rApQnKkia1A= publicKey:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJS9ipAB8dXrV+lfwPCa05i7b3eB/98nnLTdEXZBK6Ns/yLTzXbf4D+1tT0zrrElKw/zeBFWzFjcGlK8wW0WMIMCAwEAAQ== password:N9Noez2waEtPZSjc6UI2v3wZVaORBX5JPPZsL4IxUlFCa49wIhGZF71c3hV6z6Gm3s8MvMk0ief5rWdr5+p63g==
步骤四:application.yml中配置数据源信息和秘钥对公钥
#配置数据源 spring: datasource: druid: type: com.alibaba.druid.pool.DruidDataSource driverClassName: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/weapp-mall?serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false&useAffectedRows=true username: N9Noez2waEtPZSjc6UI2v3wZVaORBX5JPPZsL4IxUlFCa49wIhGZF71c3hV6z6Gm3s8MvMk0ief5rWdr5+p63g==
password: N9Noez2waEtPZSjc6UI2v3wZVaORBX5JPPZsL4IxUlFCa49wIhGZF71c3hV6z6Gm3s8MvMk0ief5rWdr5+p63g== # rsa算法加解密配置,配置公钥 crypto: public-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJS9ipAB8dXrV+lfwPCa05i7b3eB/98nnLTdEXZBK6Ns/yLTzXbf4D+1tT0zrrElKw/zeBFWzFjcGlK8wW0WMIMCAwEAAQ==
如果觉得RSA加密算法太过复杂,可以使用jasypt工具类来加解密,具体操作如下。
STEP1:pom.xml中添加依赖
<!-- druid数据源驱动 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid-spring-boot-starter</artifactId> <version>1.1.17</version> </dependency> <!-- jasypt --> <dependency> <groupId>org.jasypt</groupId> <artifactId>jasypt</artifactId> <version>${jasypt.version}</version> </dependency>
STEP2:引入加解密工具类EncryptorTools
package com.huatech.cloud.config; import org.jasypt.encryption.StringEncryptor; import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; import org.jasypt.encryption.pbe.config.EnvironmentPBEConfig; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; @Configuration public class EncryptorTools implements Ordered { @Value("${encryptor.password}") private String password; @ConditionalOnProperty(name = "encryptor.enable", havingValue = "true", matchIfMissing = true) @Bean public StringEncryptor stringEncryptor() { StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor(); EnvironmentPBEConfig config = new EnvironmentPBEConfig(); config.setPassword(password); standardPBEStringEncryptor.setConfig(config); return standardPBEStringEncryptor; } public static String decrypt(StringEncryptor stringEncryptor, final String encodedValue) { if(stringEncryptor != null) { try { return stringEncryptor.decrypt(encodedValue); }catch(Exception e) { return encodedValue; } }else { return encodedValue; } } public static String encrypt(StringEncryptor stringEncryptor, final String plainVaue) { if(stringEncryptor != null) { try { return stringEncryptor.encrypt(plainVaue); }catch(Exception e) { return plainVaue; } }else { return plainVaue; } } public static String encrypt(String password, String plainText){ StandardPBEStringEncryptor stringEncryptor = new StandardPBEStringEncryptor(); EnvironmentPBEConfig config = new EnvironmentPBEConfig(); config.setPassword(password); stringEncryptor.setConfig(config); return stringEncryptor.encrypt(plainText); } public static void main(String[] args) { System.out.println(encrypt("rdc", "root")); } @Override public int getOrder() { return 0; } }
STEP3:添加druid的filterJasyptDataSourceFilter
package com.huatech.cloud.filter; import org.jasypt.encryption.StringEncryptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import com.alibaba.druid.filter.FilterAdapter; import com.alibaba.druid.pool.DruidDataSource; import com.alibaba.druid.proxy.jdbc.DataSourceProxy; import com.huatech.cloud.config.EncryptorTools; import lombok.extern.slf4j.Slf4j; @Slf4j @Component public class JasyptDataSourceFilter extends FilterAdapter { @Autowired(required = false) private StringEncryptor stringEncryptor; @Override public void init(DataSourceProxy dataSourceProxy) { if (!(dataSourceProxy instanceof DruidDataSource)) { log.error("ConfigLoader only support DruidDataSource"); return; } DruidDataSource dataSource = (DruidDataSource) dataSourceProxy; // 判断是否需要解密,如果需要就进行解密行动 dataSource.setUsername(decrypt(dataSource.getUsername())); dataSource.setPassword(decrypt(dataSource.getPassword())); } public String decrypt(String ecryptValue) { return EncryptorTools.decrypt(stringEncryptor, ecryptValue); } }
STEP4:application.yml中配置数据源信息和加解密密码信息
# jasypt加解密配置 encryptor: enable: true password: rdc #配置数据源 spring: datasource: druid: type: com.alibaba.druid.pool.DruidDataSource driverClassName: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/weapp-mall?serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false&useAffectedRows=true username: 8rYwAh2Qj7E7iqLB7S3QOg== password: 8rYwAh2Qj7E7iqLB7S3QOg==
本文相关代码已上传至gitee
相关推荐
SpringBoot(七)SpringBoot整合Druid实现数据库密码加密 SpringBoot(七)SpringBoot整合Druid实现数据库密码加密 SpringBoot(七)SpringBoot整合Druid实现数据库密码加密
SpringBoot(伍)SpringBoot整合Druid实现数据库可视化监控SpringBoot(伍)SpringBoot整合Druid实现数据库可视化监控SpringBoot(伍)SpringBoot整合Druid实现数据库可视化监控SpringBoot(伍)SpringBoot整合Druid实现...
springboot+mybatis+druid+redis实现数据库读写分离和缓存
主要介绍了Springboot项目对数据库用户名密码实现加密过程解析,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
SpringBoot+MyBatis+Druid+MySQL实现数据库操作 SpringBoot+MyBatis+Druid+MySQL实现数据库操作 SpringBoot+MyBatis+Druid+MySQL实现数据库操作
一般druid-1.0.4.jar的配置只能实现springmvc端密码的加,本文扩展了这一限制,将加密范围扩展到用户名,甚至还可以对url和driver 进行加密
Springboot中使用Druid+JPA,列举了在Springboot中如何搭配使用Druid+JPA操作数据库。
主要介绍了SpringBoot整合Mybatis使用Druid数据库连接池,具有一定的参考价值,感兴趣的小伙伴们可以参考一下
集成druid实现数据库密码加密功能.zip
源码主要用于学习通过SpringBoot结合AOP简单实现数据库读写分离,数据源使用Alibaba Druid,数据
SpringBoot整合JDBC&Druid;数据源示例,整合看一下监控页面,拿来即用,省时省力,增加了自定义配置,注册自己的配置参数。
SpringBoot2.0整合Druid连接池详细步骤
踩坑实录 亲测可用的springboot 整合mybatis druid 多数据源切换方案 使用注解方式更加灵活
druid对配置文件中的数据库密码的加密................................................
这是一个基于Spring 2.0,基于Mysql8.0,Springboot2.0,Druid 1.1,Jpa demo搭建的,本资源对应的博客链接https://blog.csdn.net/qq_37925580/article/details/88398066
springboot+druid+mybatis+postgresql框架搭建,使用mybatis-generator自动生成pojo+mapper+dao
搞了一下午 见识到了springboot和druid的好用之处 监控太好用搞了一下午 见识到了springboot和druid的好用之处 监控太好用
本文主要介绍如何用springboot整合druid和mybatis连接gbase8s v8.7数据库,实现增删改查; 后台使用springmvc作为web框架,提供restful风格接口,swagger作为测试及文档工具,使用student表作为演示示例。
基于SpringBoot框架,结合druid数据库连接池,实现多数据源自动切换的一个示例
druid配置数据库连接使用密文密码,数据库密码使用明文是不安全的