java使用Jasypt对数据库密码等重要信息进行加解密

一、引入依赖

    <dependency>
      <groupId>com.github.ulisesbocchiogroupId>
      <artifactId>jasypt-spring-boot-starterartifactId>
      <version>3.0.4version>
    dependency>

二、定义配置类

package com.boshiyun.application;

import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @Author: zxb
 * @Date: 2023/08/10 15:07
 * @Description: Jasypt加密配置类
 */
@Configuration
public class JasyptConfig {
    /**
     * 加解密秘钥
     */
    private static String PASSWORD = "你的密钥,随便定义";

    /**
     * 加密算法
     */
    private static String ALGORITHM = "PBEWITHHMACSHA512ANDAES_256";

    /**
     * 迭代次数 iterations,加密过程中,通过多次重复应用密钥获取算法(Key Obtention Algorithm)来增加加密的强度和安全性。
     */
    private static String ITERATIONS = "10000";

    /**
     * 加密池的大小,必须设置大于0
     */
    private static Integer POOL_SIZE = 1;

    /**
     * 设置要为加密算法请求的安全提供程序的名称
     */
    private static String SUN_JCE = "SunJCE";

    /**
     * 加密盐生成器名称
     */
    private static String SALT_GENERATOR = "org.jasypt.salt.RandomSaltGenerator";

    /**
     *  iv生成器名称
     */
    private static String IV_GENERATOR = "org.jasypt.iv.RandomIvGenerator";


    /**
     * bean名称必须是jasyptStringEncryptor,初始化加密器
     * 注入StringEncryptor请使用@Resource(name = "jasyptStringEncryptor")
     * @return
     */
    @Bean("jasyptStringEncryptor")
    public PooledPBEStringEncryptor jasyptEncryptor(){
        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
        config.setPassword(PASSWORD);
        config.setAlgorithm(ALGORITHM);
        config.setKeyObtentionIterations(ITERATIONS);
        config.setPoolSize(POOL_SIZE);
        config.setProviderName(SUN_JCE);
        config.setSaltGeneratorClassName(SALT_GENERATOR);
        config.setIvGeneratorClassName(IV_GENERATOR);
        encryptor.setConfig(config);
        return encryptor;
    }
}

三、加密重要信息,并将重要信息替换为ENC(密文)

    @Resource(name = "jasyptStringEncryptor")
    private StringEncryptor encryptor;

	@ApiOperation("测试Jasypt")
    @GetMapping("testJasypt")
    public ResponseData testJasypt(String text) {
        String encrypt = encryptor.encrypt(text);
        System.out.println("加密:" + encrypt);
        String decrypt = encryptor.decrypt(encrypt);
        System.out.println("解密:" + decrypt);
        return ResponseData.getSuccessInstance();
    }
  spring:
      redis:
        database: 9
        host: 127.0.0.1
        # 使用Jasypt进行加解密
        password: ENC(2b08VM0sTy0FHyMctmzqlrH3xNm+5e6XrJ9mEgnIcWOkD841XJUr+9)
        port: 6379
        lettuce:
          pool:
            min-idle: 8
            max-idle: 500
            max-active: 2000
            max-wait: 10000
        timeout: 300000

四、指定解密作用域

问题:目前指定nacos上配置文件会报错,指定项目中的application.yml文件正常

/**
* 在JasyptConfig类上新增以下注解
**/
@EncryptablePropertySources({
    @EncryptablePropertySource("classpath:application.yml"),                          
    @EncryptablePropertySource("classpath:xxx.yml")
})

你可能感兴趣的:(springboot,spring,java,java,Jasypt)