原 spring boot 集成jasypt3.0.3
版权声明:本文为博主原创文章,请尊重他人的劳动成果,转载请附上原文出处链接和本声明。
本文链接:https://www.91mszl.com/zhangwuji/article/details/1364
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
jasypt:
encryptor:
password: mszl #盐值
algorithm: PBEWithMD5AndDES #加密方式(固定写死)
iv-generator-classname: org.jasypt.iv.NoIvGenerator # 固定写死
package com.mszl.utils;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
public class JasyptUtils {
/**
* 加密
* @param password 配置文件中设定的加密盐值
* @param value 要加密的字符串
*/
public static String encyptPwd(String password, String value){
PooledPBEStringEncryptor encryptor=new PooledPBEStringEncryptor();
encryptor.setConfig(cryptor(password));
String result=encryptor.encrypt(value);
return result;
}
/**
* 解密
* @param password 配置文件中设定的加密盐值
* @param value 解密字符串
*/
public static String decyptPwd(String password, String value){
PooledPBEStringEncryptor encryptor=new PooledPBEStringEncryptor();
encryptor.setConfig(cryptor(password));
String result=encryptor.decrypt(value);
return result;
}
public static SimpleStringPBEConfig cryptor(String password){
SimpleStringPBEConfig config=new SimpleStringPBEConfig();
config.setPassword(password);
config.setAlgorithm("PBEWithMD5AndDES");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
return config;
}
public static void main(String[] args) {
// 加密
String encPwd=encyptPwd("mszl", "root");
System.out.println(encPwd);
// 解密
String decPwd=decyptPwd("mszl", encPwd);
System.out.println(decPwd);
}
}
回答:是为了让数据库更加的安全,不能让所有人都知道数据库的账号和密码。
回答:非常不安全。如果把jasypt的盐值放在配置文件中等于没有加密,因为别人知道了盐值后就可以解密了。
回答:我们可以将盐值放到启动命令中。如下所示。
java -jar -Djasypt.encryptor.password=mszl mszl.jar
jasypt:
encryptor:
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.NoIvGenerator
数据库加密后的配置如下所示:
spring:
application:
name: mszl-read
datasource:
master:
driver-class-name: com.p6spy.engine.spy.P6SpyDriver
jdbc-url: ENC(WiZsfrGfhhGPKASuZ1/7nsj9ynoNsxjepkoZQgeRWOKCfE4E31koPWSSHbn3UxkF9z1NZu+sJPoSNKAd1srhvZc6XfK7rHuH1QT1BoMSubUKaSDHgTKF7VjEgvUHgiPmIGAtgv6DTGG4qXpJvHiotLZQqw7rOMGI7tb8BAHOE+w=)
username: ENC(/57eSwxOkiTXBBGtm0kLTw==)
password: ENC(pM+rHIGOTRVVBA/WZ3fG9Q==)
注意:加密的内容都需要用ENC括起来
2021-11-11 09:02:27 阅读(2061)
名师出品,必属精品 https://www.91mszl.com
博主信息