jasypt dubbo配置密文存放使用详解
作者:点墨
这篇文章主要介绍了jasypt dubbo配置密文存放使用详解,有需要的朋友可以借鉴参考下,希望能够有所帮助,祝大家多多进步,早日升职加薪
jasypt进行密码密文存放
许多项目里会对配置文件中的敏高文件进行加密处理,避免了信息泄露问题。在springboot项目里,可以通过引入jasypt进行密码密文存放
jasypt使用
1.引入jasypt-spring-boot-starter包
2.配置信息
jasypt:
encryptor:
algorithm: PBEWithHMACSHA512AndAES_256
password: 123456 //salt或将password放在启动行参数里
3.启动项添加注解
4.生成密文
可以通过网上的密码工具生成,也可以使用jasypt生成
AES256TextEncryptor stringEncryptor = new AES256TextEncryptor();
stringEncryptor.setPassword("123456"); //salt
String encrypt = stringEncryptor.encrypt("test"); //加密 test为你的密码
String decrypt = stringEncryptor.decrypt(encrypt); //解密5.将生成的encrypt放到原来的密码处并用ENC()包裹即可,ENC()可通过jasypt.encryptor.algorithm.property.prefix/suffix进行配置
test: ENC(sdjflskdjfsjdflksdjalfjdslkfjksdjfkldsjkfsf) //此处放上面生成的encrypt
jasypt:
encryptor:
algorithm: PBEWithHMACSHA512AndAES_256
property:
prefix: #默认为ENC(
suffix: #默认为)与Dubbo联用
它会存在一个问题,就是无法对dubbo的配置进行加密,解决方法如下:
将下面文件添加到项目里,目前仅支持PBEWithHMACSHA512AndAES_256,如需要支持其他,可自行在TODO处添加处理逻辑
//JasyptPreparedEnvListener.java
package com.demo.listener;
import org.jasypt.util.text.AES256TextEncryptor;
import org.springframework.boot.context.event.ApplicationEnvironmentPreparedEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.PropertySource;
import org.springframework.web.context.support.StandardServletEnvironment;
import java.util.Iterator;
import java.util.Map;
/**
* use jasypt to decrypt the data
*/
@Configuration
public class JasyptPreparedEnvListener implements ApplicationListener<ApplicationEnvironmentPreparedEvent> {
private String getSalt(StandardServletEnvironment env ){
String salt = env.getProperty("jasypt.encryptor.password");
if(salt == null || salt.isBlank()) {
return null;
}
return salt;
}
private String getConfigPrefix(StandardServletEnvironment env ){
String rst = env.getProperty("jasypt.encryptor.property.config.prefix");
if(rst == null || rst.isBlank()) {
return "CONFIG_ENC(";
}
return rst;
}
private String getConfigSuffix(StandardServletEnvironment env ){
String rst = env.getProperty("jasypt.encryptor.property.config.suffix");
if(rst == null || rst.isBlank()) {
return ")";
}
return rst;
}
private boolean isEncrypted(String value,String prefix,String suffix){
if(value == null || value.isBlank()){
return false;
}
String trimValue = value.trim();
return trimValue.startsWith(prefix) && trimValue.endsWith(suffix);
}
private String unwrapEncryptedValue(String value,String prefix,String suffix){
return value.substring(prefix.length(),value.length() - suffix.length());
}
private String getAlgorithm(StandardServletEnvironment env){
String rst = env.getProperty("jasypt.encryptor.algorithm");
if(rst == null || rst.isBlank()) {
return "PBEWithHMACSHA512AndAES_256";
}
return rst;
}
private Object getDecryptor(StandardServletEnvironment env){
String algorithm = getAlgorithm(env);
Object obj = null;
if(algorithm.equals("PBEWithHMACSHA512AndAES_256")){
String salt = getSalt(env);
if(salt != null){
obj = new AES256TextEncryptor();
((AES256TextEncryptor)obj).setPassword(salt);
}
}//TODO add other decryptor logic here
return obj;
}
private String decrypt(StandardServletEnvironment env,Object decryptpr,String value){
String algorithm = getAlgorithm(env);
if(algorithm.equals("PBEWithHMACSHA512AndAES_256")){
AES256TextEncryptor aes256TextEncryptor = (AES256TextEncryptor)decryptpr;
try{
return aes256TextEncryptor.decrypt(value);
}catch (Exception e){
System.out.println("decrypt failed: " + e);
return value;
}
} //TODO add other decryptor logic here
return value;
}
@Override
public void onApplicationEvent(ApplicationEnvironmentPreparedEvent event) {
StandardServletEnvironment env =(StandardServletEnvironment) event.getEnvironment();
// 1. get decryptor
Object decryptor = getDecryptor(env);
if(decryptor == null){
return;
}
String configPrefix = getConfigPrefix(env);
String configSuffix = getConfigSuffix(env);
// 2. loop property
Iterator<PropertySource<?>> iterator = env.getPropertySources().iterator();
while (iterator.hasNext()) {
PropertySource<?> source = iterator.next();
String name = source.getName();
if (name.startsWith("applicationConfig")) {
Object o = source.getSource();
if (o instanceof Map) {
for (Map.Entry<String, Object> entry : ((Map<String, Object>) o).entrySet()) {
String key = entry.getKey();
String value = env.getProperty(key);
if (isEncrypted(value, configPrefix, configSuffix)) {
//3.解密
String newValue = decrypt(env, decryptor, unwrapEncryptedValue(value, configPrefix, configSuffix));
System.setProperty(key, newValue);
}
}
}
}
}
}
}- 在resources资源文件夹下新增META-INF/spring.factories,添加以下内容 或在main函数启动里通过addListener api进行添加
org.springframework.context.ApplicationListener = com.demo.listener.JasyptPreparedEnvListener
将需要密文存储的地方使用CONFIG_ENC()包裹即可,CONFIG_ENC也可配置
jasypt:
encryptor:
algorithm: PBEWithHMACSHA512AndAES_256
property:
config:
prefix: #默认为CONFIG_ENC(
suffix: #默认为)它的思路就是在Springboot的ApplicationEnvironmentPreparedEvent事件里对配置文件信息进行处理
ApplicationEnvironmentPreparedEvent: spring boot 对应Enviroment已经准备完毕,但此时上下文context还没有创建。在该监听中获取到ConfigurableEnvironment后可以对配置信息做操作,例如:修改默认的配置信息,增加额外的配置信息等等
以上就是jasypt dubbo配置密文存放使用详解的详细内容,更多关于jasypt dubbo配置密文存放的资料请关注脚本之家其它相关文章!