jasypt结合spring加密
来源:互联网 发布:中国大数据产业关 编辑:程序博客网 时间:2024/06/05 06:48
1.maven2引用
jasypt坐标
<dependency> <groupId>org.jasypt</groupId> <artifactId>jasypt</artifactId> <version>{version}</version> <scope>compile</scope></dependency>
jasypt with spring坐标
<dependency> <groupId>org.jasypt</groupId> <artifactId>jasypt-spring31</artifactId> <version>{version}</version> <scope>compile</scope></dependency>
如要结合spring ,需要将jasypt-spring31加入依赖
简单轻量的引用
<dependency> <groupId>org.jasypt</groupId> <artifactId>jasypt</artifactId> <version>{version}</version> <classifier>lite</classifier> <scope>compile</scope> </dependency>
2.在spring中声明一个Encryptor的引用
例如:
<bean id="strongEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="algorithm"> <value>PBEWithMD5AndTripleDES</value> </property> <property name="password"> <value>jasypt</value> </property> </bean>
algorithm=算法
password=密钥
3.使用spring的app应用配置文件加密
Jasypt 提供的可体会spring configuration管理类的classes:
- org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer, as a totally compatible replacement for Spring'sPropertyPlaceholderConfigurer.
- org.jasypt.spring3.properties.EncryptablePropertyOverrideConfigurer, as a totally compatible replacement for Spring'sPropertyOverrideConfigurer.
- org.jasypt.spring3.properties.EncryptableServletContextPropertyPlaceholderConfigurer: as a totally compatible replacement for Spring'sServletContextPropertyPlaceholderConfigurer.
- org.jasypt.spring3.properties.EncryptablePreferencesPlaceholderConfigurer: as a totally compatible replacement for Spring'sPreferencesPlaceholderConfigurer.
例子:
配置文件如下:
datasource.driver=com.mysql.jdbc.Driver datasource.url=jdbc:mysql://localhost/reportsdb datasource.username=reportsUser datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)
其中datasource.password是加密了的字符串,value的值必须要使用ENC()加密字符串括起来
Spring context configuration:
<!-- --> <!-- Configuration for encryptor, based on environment variables. --> <!-- --> <!-- In this example, the encryption password will be read from an --> <!-- environment variable called "APP_ENCRYPTION_PASSWORD" which, once --> <!-- the application has been started, could be safely unset. --> <!-- --> <bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithMD5AndDES" /> <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" /> </bean>密钥passwordEnvName使用环境变量APP_ENCRYPTION_PASSWORD
<!-- --> <!-- The will be the encryptor used for decrypting configuration values. --> <!-- --> <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config" ref="environmentVariablesConfiguration" /> </bean> <!-- --> <!-- The EncryptablePropertyPlaceholderConfigurer will read the --> <!-- .properties files and make their values accessible as ${var} --> <!-- --> <!-- Our "configurationEncryptor" bean (which implements --> <!-- org.jasypt.encryption.StringEncryptor) is set as a constructor arg. --> <!-- --> <bean id="propertyConfigurer" class="org.jasypt.spring3.properties.EncryptablePropertyPlaceholderConfigurer"> <constructor-arg ref="configurationEncryptor" /> <property name="locations"> <list> <value>/WEB-INF/classes/application.properties</value> </list> </property> </bean>替换spring PropertyPlaceholderConfigurer的EncryptablePropertyPlaceholderConfigurer
<!-- --> <!-- Our datasource is configured here, in the usual way. Jasypt's --> <!-- EncryptedPropertyPlaceholderConfigurer will make sure that the --> <!-- ${datasource.password} file gets decrypted and the DBCP DataSource --> <!-- will be correctly initialised. --> <!-- --> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"> <property name="driverClassName"> <value>${datasource.driver}</value> </property> <property name="url"> <value>${datasource.url}</value> </property> <property name="username"> <value>${datasource.username}</value> </property> <property name="password"> <value>${datasource.password}</value> </property> </bean> 配置文件中加密了的datasource.password会被解密出来。
还有几个说明,懒得翻译了,自己看吧(英文水平不行的请止步,后面的可看可不看)
Encryptable ServletContextPropertyPlaceholderConfigurer implementation for Spring
Jasypt includes org.jasypt.spring3.properties.EncryptableServletContextPropertyPlaceholderConfigurer, a subclass of org.springframework.web.context.support.ServletContextPropertyPlaceholderConfigurer which allows the transparent decryption of servlet context parameters in web applications (for example, parameters in WEB-INF/web.xml).
These encrypted parameters can be specified in a way equivalent to that of encrypted parameters in .properties files:
... <context-param> <param-name>someParameter</param-name> <param-value>ENC(...)</param-value> </context-param> ...Encryptable PreferencesPlaceholderConfigurer implementation for Spring
Jasypt includes org.jasypt.spring3.properties.EncryptablePreferencesPlaceholderConfigurer, a subclass of org.springframework.beans.factory.config.PreferencesPlaceholderConfigurer which allows the transparent decryption preferences set with JDK 1.4's Preferences API.
The jasypt-spring3 library includes a namespace you can use in your Spring XML files in order to make the declaration of your jasypt entities much easier.
This namespace can be included in your XML like this:
<beans xmlns="http://www.springframework.org/schema/beans" ... xmlns:encryption="http://www.jasypt.org/schema/encryption" ... xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd ... http://www.jasypt.org/schema/encryption http://www.jasypt.org/schema/encryption/jasypt-spring3-encryption-1.xsd ...">Once declared, you will be able to use <encryption:*> tags for:
- Creating encryptors and digesters.
- Creating configuration beans, both for encryptors and for digesters.
- Creating instances of EncryptableProperties (extending java.util.Properties) that automatically decrypt entries in .properties files.
- Registering an EncryptablePropertyPlaceHolderConfigurer.
Creating encryptors and digesters
Creating encryptor and digester artifacts with the encryption namespace is easy. There's a tag for each type of encryptor/digester (including some util classes), and each tags is able to specify all of the artifact's properties as tag attributes.
Let's see some encryptor declaration examples:
<!-- Registers an org.jasypt.encryption.ByteEncryptor--> <encryption:byte-encryptor id="myEncryptor" algorithm="PBEWithMD5AndTripleDES" password="jasypt"/> <!-- Registers an org.jasypt.encryption.StringEncryptor--> <encryption:string-encryptor id="myEncryptor" password="jasypt" pool-size="5"/> <!-- Registers an org.jasypt.encryption.BigDecimalEncryptor--> <encryption:big-decimal-encryptor password="jasypt" key-obtention-iterations="15000"/> <!-- Registers an org.jasypt.encryption.BigIntegerEncryptor--> <encryption:big-integer-encryptor id="myEncryptor" password="jasypt" provider-name="BC"/>Note how the pool-size parameter will affect the specific implementation of encryptor being created: a PooledPBE*Encryptor if this parameter is specified, and a StandardPBE*Encryptor if not.
Now for some digesters:
<!-- Registers an org.jasypt.digest.ByteDigester--> <encryption:byte-digester algorithm="SHA-1" salt-size-bytes="16" iterations="50000"/> <!-- Registers an org.jasypt.digest.StringDigester--> <encryption:string-digester pool-size="10"/>Again, the pool-size attribute will determine whether the digesters will be Standard or Pooled.
Some util artifacts can also be instantiated this way:
<!-- Password encryptors --> <encryption:basic-password-encryptor/> <encryption:strong-password-encryptor/> <encryption:configurable-password-encryptor/> <!-- Text encryptors --> <encryption:basic-text-encryptor password="jasypt"/> <encryption:strong-text-encryptor password="jasypt"/>Creating configuration beans for encryptors and digesters
Configuration beans implement the DigesterConfig interface for digesters and PBEConfig for encryptors, and Jasypt offers several implementations of these interfaces out-of-the-box depending on whether the digester to be created is meant for bytes or Strings, and also whether some configuration parameters can come from environment variables and/or system properties.
The encryption namespace will automatically choose the correct config bean implementation to be instantiated depending on the specified configuration attributes, so that you do not have to worry about the specific implementation class you need.
Let's see some examples:
<encryption:digester-config id="dConf1" iterations="1400" salt-size-bytes="32"/> <encryption:digester-config id="dConf2" iterations="10000" string-output-type="hexa"/> <encryption:digester-config id="dConf3" string-output-type="hexa" algorithm-env-name="VAR_ALGORITHM"/> <encryption:encryptor-config id="eConf1" key-obtention-iterations="500" password-env-name="VAR_PASSWD"/> <encryption:encryptor-config id="eConf2" password-env-name="VAR_PASSWD" algorithm="PBEWithMD5AndTripleDES"/> <encryption:encryptor-config id="eConf3" password="jasypt" algorithm-sys-property-name="jasypt.enc.algorithm"/>Using these beans in our encryptors/digesters is easy:
<encryption:digester-config id="dConf" string-output-type="hexa" algorithm-env-name="VAR_ALGORITHM"/> <encryption:string-digester config-bean="dConf"/> <encryption:encryptor-config id="eConf" password-env-name="VAR_PASSWD" algorithm="PBEWithMD5AndTripleDES"/> <encryption:string-encryptor id="stringEnc" config-bean="eConf"/>Creating EncryptableProperties instances
Usually, in Spring you can create a java.util.Properties bean in your XML using the util namespace, like this:
<util:properties location="classpath:application.properties"/>Jasypt allows you to register an org.jasypt.properties.EncryptableProperties object in an equivalent manner, simply by adding an encryptor bean reference:
<encryption:encryptable-properties encryptor="stringEnc" location="classpath:application.properties"/>This <encryption:encryptable-properties> tag works in exactly the same way and with exactly the same features as <util:properties>, and as the object it registers is a subclass of java.util.Properties, you can autowire it inside your application with your code not even noticing these properties are originally encrypted.
Registering an EncryptablePropertyPlaceholder/Override
Spring allows you to easily register a PropertyPlaceholderConfigurer that takes care of the resolution of your ${...} property expressions:
<context:property-placeholder location="classpath:application.properties"/>But if you want to register an EncryptablePropertyPlaceholder instead because your property files might be encrypted, you can do:
<encryption:encryptable-property-placeholder encryptor="stringEnc" location="classpath:application.properties"/>And that's it! A property override implementation is also provided:
<encryption:encryptable-property-override encryptor="stringEnc" location="classpath:application.properties"/>
For details on how to integrate jasypt with Spring Security 3.x, please have a look at this guide.
引用:http://www.jasypt.org/spring3.html。
- jasypt结合spring加密
- spring jasypt加密
- jasypt 集成spring、spring boot 加密
- Spring 中使用jasypt对配置文件(.properties)中密码加密
- Spring 中使用jasypt对配置文件(.properties)中密码加密
- Spring 中使用jasypt对配置文件(.properties)中密码加密
- Java加密包--Jasypt
- Java加密包--Jasypt
- Java加密解密 -Jasypt
- Java加密包--Jasypt
- 使用jasypt对spring boot的datasource中数据库密码加密
- Spring security和jasypt共用
- 开源Java加密工具Jasypt 1.4发布
- Java jasypt对.properties配置文件密码加密
- Jasypt 1.2发布,增强Hibernate加密支持(转载)
- java加密——Jasypt开源工具包
- 使用jasypt对springboot的datasource密码加密
- 使用jasypt对springboot的datasource密码加密
- 第十三周项目3-二进制转换
- 运用quartz实现的java定时器
- WinCE EBOOT的入口Startup.s
- Unity3D开发之NGUI点击事件穿透响应处理
- K-SVD Algorithm
- jasypt结合spring加密
- ubuntu12.04配置安装eclipse
- 黑马程序员--Java各种类
- vs2008自动生成set/get方法
- C++函数默认参数
- android 系统 makefile文件(Android.mk)组织结构
- 【算法】A*算法,数据结构小作业
- FZU 2064 找位置
- Work with Passion: How to Do What You Love for a Living