jasypt dubbo配置密文存放使用詳解

更新時(shí)間：2023年12月10日 09:46:39 作者：點(diǎn)墨

這篇文章主要介紹了jasypt dubbo配置密文存放使用詳解,有需要的朋友可以借鑒參考下,希望能夠有所幫助,祝大家多多進(jìn)步,早日升職加薪

jasypt進(jìn)行密碼密文存放

許多項(xiàng)目里會(huì)對(duì)配置文件中的敏高文件進(jìn)行加密處理，避免了信息泄露問題。在springboot項(xiàng)目里，可以通過引入jasypt進(jìn)行密碼密文存放

jasypt使用

1.引入jasypt-spring-boot-starter包

2.配置信息

jasypt:
  encryptor:
    algorithm: PBEWithHMACSHA512AndAES_256
    password: 123456 //salt

或?qū)assword放在啟動(dòng)行參數(shù)里

3.啟動(dòng)項(xiàng)添加注解

4.生成密文

可以通過網(wǎng)上的密碼工具生成，也可以使用jasypt生成

AES256TextEncryptor stringEncryptor = new AES256TextEncryptor();
stringEncryptor.setPassword("123456");  //salt
String encrypt = stringEncryptor.encrypt("test");  //加密 test為你的密碼
String decrypt = stringEncryptor.decrypt(encrypt); //解密

5.將生成的encrypt放到原來的密碼處并用ENC()包裹即可,ENC()可通過jasypt.encryptor.algorithm.property.prefix/suffix進(jìn)行配置

test: ENC(sdjflskdjfsjdflksdjalfjdslkfjksdjfkldsjkfsf) //此處放上面生成的encrypt

jasypt:
  encryptor:
    algorithm: PBEWithHMACSHA512AndAES_256
    property:
      prefix:   #默認(rèn)為ENC(
      suffix:   #默認(rèn)為)

與Dubbo聯(lián)用

它會(huì)存在一個(gè)問題,就是無法對(duì)dubbo的配置進(jìn)行加密,解決方法如下:

將下面文件添加到項(xiàng)目里,目前僅支持PBEWithHMACSHA512AndAES_256,如需要支持其他,可自行在TODO處添加處理邏輯

//JasyptPreparedEnvListener.java
package com.demo.listener;
import org.jasypt.util.text.AES256TextEncryptor;
import  org.springframework.boot.context.event.ApplicationEnvironmentPreparedEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.PropertySource;
import org.springframework.web.context.support.StandardServletEnvironment;
import java.util.Iterator;
import java.util.Map;
/**
 * use jasypt to decrypt the data
 */
@Configuration
public class JasyptPreparedEnvListener implements ApplicationListener<ApplicationEnvironmentPreparedEvent> {
 private String getSalt(StandardServletEnvironment env ){
     String salt = env.getProperty("jasypt.encryptor.password");
     if(salt == null || salt.isBlank()) {
         return null;
     }
     return salt;
 }
 private String getConfigPrefix(StandardServletEnvironment env ){
     String rst = env.getProperty("jasypt.encryptor.property.config.prefix");
     if(rst == null || rst.isBlank()) {
         return "CONFIG_ENC(";
     }
     return rst;
 }
 private String getConfigSuffix(StandardServletEnvironment env ){
     String rst = env.getProperty("jasypt.encryptor.property.config.suffix");
     if(rst == null || rst.isBlank()) {
         return ")";
     }
     return rst;
 }
 private boolean isEncrypted(String value,String prefix,String suffix){
     if(value == null || value.isBlank()){
         return false;
     }
     String trimValue = value.trim();
     return trimValue.startsWith(prefix) && trimValue.endsWith(suffix);
 }
 private String unwrapEncryptedValue(String value,String prefix,String suffix){
     return value.substring(prefix.length(),value.length() - suffix.length());
 }
 private String getAlgorithm(StandardServletEnvironment env){
     String rst = env.getProperty("jasypt.encryptor.algorithm");
     if(rst == null || rst.isBlank()) {
         return "PBEWithHMACSHA512AndAES_256";
     }
     return rst;
 }
 private Object getDecryptor(StandardServletEnvironment env){
     String algorithm = getAlgorithm(env);
     Object obj = null;
     if(algorithm.equals("PBEWithHMACSHA512AndAES_256")){
         String salt = getSalt(env);
         if(salt != null){
             obj = new AES256TextEncryptor();
             ((AES256TextEncryptor)obj).setPassword(salt);
         }
     }//TODO add other decryptor logic here
     return obj;
 }
 private String decrypt(StandardServletEnvironment env,Object decryptpr,String value){
     String algorithm = getAlgorithm(env);
     if(algorithm.equals("PBEWithHMACSHA512AndAES_256")){
        AES256TextEncryptor aes256TextEncryptor = (AES256TextEncryptor)decryptpr;
         try{
             return aes256TextEncryptor.decrypt(value);
         }catch (Exception e){
             System.out.println("decrypt failed: " + e);
             return value;
         }
     } //TODO add other decryptor logic here
     return value;
 }
 @Override
 public void onApplicationEvent(ApplicationEnvironmentPreparedEvent event) {
     StandardServletEnvironment env =(StandardServletEnvironment) event.getEnvironment();
     // 1. get decryptor
     Object decryptor = getDecryptor(env);
     if(decryptor == null){
         return;
     }
     String configPrefix = getConfigPrefix(env);
     String configSuffix = getConfigSuffix(env);
     // 2. loop property
     Iterator<PropertySource<?>> iterator = env.getPropertySources().iterator();
     while (iterator.hasNext()) {
         PropertySource<?> source = iterator.next();
         String name = source.getName();
         if (name.startsWith("applicationConfig")) {
             Object o = source.getSource();
             if (o instanceof Map) {
                 for (Map.Entry<String, Object> entry : ((Map<String, Object>) o).entrySet()) {
                     String key = entry.getKey();
                     String value = env.getProperty(key);
                     if (isEncrypted(value, configPrefix, configSuffix)) {
                         //3.解密
                         String newValue = decrypt(env, decryptor, unwrapEncryptedValue(value, configPrefix, configSuffix));
                         System.setProperty(key, newValue);
                     }
                 }
             }
         }
     }
 }
}

在resources資源文件夾下新增META-INF/spring.factories,添加以下內(nèi)容或在main函數(shù)啟動(dòng)里通過addListener api進(jìn)行添加

org.springframework.context.ApplicationListener = com.demo.listener.JasyptPreparedEnvListener

將需要密文存儲(chǔ)的地方使用CONFIG_ENC()包裹即可,CONFIG_ENC也可配置

jasypt:
  encryptor:
 algorithm: PBEWithHMACSHA512AndAES_256
 property:
   config:
     prefix:   #默認(rèn)為CONFIG_ENC(
     suffix:   #默認(rèn)為)

它的思路就是在Springboot的ApplicationEnvironmentPreparedEvent事件里對(duì)配置文件信息進(jìn)行處理

ApplicationEnvironmentPreparedEvent: spring boot 對(duì)應(yīng)Enviroment已經(jīng)準(zhǔn)備完畢，但此時(shí)上下文context還沒有創(chuàng)建。在該監(jiān)聽中獲取到ConfigurableEnvironment后可以對(duì)配置信息做操作，例如：修改默認(rèn)的配置信息，增加額外的配置信息等等

以上就是jasypt dubbo配置密文存放使用詳解的詳細(xì)內(nèi)容，更多關(guān)于jasypt dubbo配置密文存放的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章！

您可能感興趣的文章: