dbcp数据源加密

为了数据库的安全，密码是需要加密放在配置文件中的，这样别人就不能轻易的从配置文件中获取到数据库的明文密码，然后登陆我们的数据库，造成数据泄露。

通过分析dbcp的数据源源码，我们发现，主要的密码和用户名是在getConnection的时候用来获取datasource的。

（一）通过修改dabasource源码，使用对称加密解密算法，解密已经加密并且放在配置文件中的数据库密码，然后创建数据库连接。

public class BasicDataSource
	implements DataSource
{

	

	pprotected ConnectionFactory createConnectionFactory()
		throws SQLException
	{
		Class driverFromCCL = null;
		if (driverClassName != null)
			try
			{
				try
				{
					if (driverClassLoader == null)
						Class.forName(driverClassName);
					else
						Class.forName(driverClassName, true, driverClassLoader);
				}
				catch (ClassNotFoundException cnfe)
				{
					driverFromCCL = Thread.currentThread().getContextClassLoader().loadClass(driverClassName);
				}
			}
			catch (Throwable t)
			{
				String message = (new StringBuilder()).append("Cannot load JDBC driver class '").append(driverClassName).append("'").toString();
				logWriter.println(message);
				t.printStackTrace(logWriter);
				throw new SQLNestedException(message, t);
			}
		Driver driver = null;
		try
		{
			if (driverFromCCL == null)
			{
				driver = DriverManager.getDriver(url);
			} else
			{
				driver = (Driver)driverFromCCL.newInstance();
				if (!driver.acceptsURL(url))
					throw new SQLException("No suitable driver", "08001");
			}
		}
		catch (Throwable t)
		{
			String message = (new StringBuilder()).append("Cannot create JDBC driver of class '").append(driverClassName == null ? "" : driverClassName).append("' for connect URL '").append(url).append("'").toString();
			logWriter.println(message);
			t.printStackTrace(logWriter);
			throw new SQLNestedException(message, t);
		}
		if (validationQuery == null)
		{
			setTestOnBorrow(false);
			setTestOnReturn(false);
			setTestWhileIdle(false);
		}
		String user = username;
		if (user != null)
			connectionProperties.put("user", user);
		else
			log("DBCP DataSource configured without a 'username'");
		String pwd = reset(password);
		if (pwd != null)
			connectionProperties.put("password", pwd);
		else
			log("DBCP DataSource configured without a 'password'");
		ConnectionFactory driverConnectionFactory = new DriverConnectionFactory(driver, url, connectionProperties);
		return driverConnectionFactory;
	}
	private String reset(String secret)
		throws SQLNestedException
	{
		byte decode[];
		byte kbytes[] = "xxxx".getBytes();
		SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
		BigInteger n = new BigInteger(secret, 16);
		byte encoding[] = n.toByteArray();
		Cipher cipher = Cipher.getInstance("Blowfish");
		cipher.init(2, key);
		decode = cipher.doFinal(encoding);
		return new String(decode);
		Exception e;
		e;
		throw new SQLNestedException((new StringBuilder()).append("Cannot decode password: ").append(e.getMessage()).toString(), e);
	}

	static 
	{
		DriverManager.getDrivers();
	}
}

重新打包发布一个dbcp的jar包，然后项目中使用这个jar包即可。

springContext.xml的配置：

    
     org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
        
        
        
        
         
        
        
        
        
      
    

pom.xml文件中，引入我们自己重新发布的包：

  	     
		  dbcp
		  dbcp
		  1.4.d2