最近做一个项目,安全上有点要求,就是要对数据库相关的配置进行加密,配置文件如下:
#加密前
#datasource.type=mysql #datasource.driverClassName=com.mysql.jdbc.Driver #datasource.url=jdbc:mysql://localhost:3306/yjj?useUnicode=true&characterEncoding=utf8 #datasource.username=root #datasource.password=root #加密后 datasource.type=2DF0ADA00FAA99D2 datasource.driverClassName=DFB084E48D901F55B4765B6B6DEEEA685621CEAB85E65590 datasource.url=CD1E7D3A7DEED845CC284EB8AB50F88E171BEAD6E699A4B2E87A3F36434640EA07523DB201ACF884EF00CBBAD67FB52A04960D6C3E91E3EABF370CE3E6FACD06915D92108869CBB9 datasource.username=63AEB7FA5F01BC70 datasource.password=63AEB7FA5F01BC70
<!-- 对JDBC配置进行解密 --> <bean id="propertyConfigurer" class="xxx.security.EncryptablePropertyPlaceholderConfigurer"> <property name="locations"> <list> <value>classpath:conf/jdbc.properties</value> <value>classpath:conf/memcache.properties</value> </list> </property> </bean> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close" > <property name="driverClass"> <value>${datasource.driverClassName}</value> </property> <property name="jdbcUrl"> <value>${datasource.url}</value> </property> <property name="user"> <value>${datasource.username}</value> </property> <property name="password"> <value>${datasource.password}</value> </property> <property name="minPoolSize"> <value>${datasource.c3p0.minPoolSize}</value> </property> <property name="maxPoolSize"> <value>${datasource.c3p0.maxPoolSize}</value> </property> <property name="maxIdleTime"> <value>${datasource.c3p0.maxIdleTime}</value> </property> <property name="acquireIncrement"> <value>${datasource.c3p0.acquireIncrement}</value> </property> <property name="maxStatements"> <value>${datasource.c3p0.maxStatements}</value> </property> <property name="initialPoolSize"> <value>${datasource.c3p0.initialPoolSize}</value> </property> <property name="idleConnectionTestPeriod"> <value>${datasource.c3p0.idleConnectionTestPeriod}</value> </property> <property name="numHelperThreads"> <value>${datasource.c3p0.numHelperThreads}</value> </property> <property name="acquireRetryAttempts"> <value>${datasource.c3p0.acquireRetryAttempts}</value> </property> <property name="breakAfterAcquireFailure"> <value>${datasource.c3p0.breakAfterAcquireFailure}</value> </property> <property name="testConnectionOnCheckout"> <value>${datasource.c3p0.testConnectionOnCheckout}</value> </property> </bean>
JAVA加密,解密类如下:
import java.util.Properties; import org.springframework.beans.BeansException; import org.springframework.beans.factory.BeanInitializationException; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; import cn.com.dbappsecurity.common.utils.DesEncrypt; import cn.com.dbappsecurity.common.utils.MyWebConstant; public class EncryptablePropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer { private static final String key = MyWebConstant.JDBC_DESC_KEY; protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props) throws BeansException { try { // DesEncrypt des = new DesEncrypt(); String username = props.getProperty(MyWebConstant.JDBC_DATASOURCE_USERNAME_KEY); if (username != null) { props.setProperty(MyWebConstant.JDBC_DATASOURCE_USERNAME_KEY, DesEncrypt.Decrypt(username, DesEncrypt.hex2byte(key))); } String password = props.getProperty(MyWebConstant.JDBC_DATASOURCE_PASSWORD_KEY); if (password != null) { props.setProperty(MyWebConstant.JDBC_DATASOURCE_PASSWORD_KEY, DesEncrypt.Decrypt(password, DesEncrypt.hex2byte(key))); } String url = props.getProperty(MyWebConstant.JDBC_DATASOURCE_URL_KEY); if (url != null) { props.setProperty(MyWebConstant.JDBC_DATASOURCE_URL_KEY, DesEncrypt.Decrypt(url, DesEncrypt.hex2byte(key))); } String driverClassName = props.getProperty(MyWebConstant.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY); if(driverClassName != null){ props.setProperty(MyWebConstant.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY, DesEncrypt.Decrypt(driverClassName, DesEncrypt.hex2byte(key))); } String dbtype = props.getProperty(MyWebConstant.JDBC_DATASOURCE_TYPE_KEY); if(dbtype != null){ props.setProperty(MyWebConstant.JDBC_DATASOURCE_TYPE_KEY, DesEncrypt.Decrypt(dbtype, DesEncrypt.hex2byte(key))); } super.processProperties(beanFactory, props); } catch (Exception e) { e.printStackTrace(); throw new BeanInitializationException(e.getMessage()); } } }
/******************************JDBC相关BEGIN***************************************/
public static final String JDBC_DESC_KEY = "0001000200030004";
/**数据库类型**/
public static final String JDBC_DATASOURCE_TYPE_KEY = "datasource.type";
public static final String JDBC_DATASOURCE_DRIVERCLASSNAME_KEY = "datasource.driverClassName";
public static final String JDBC_DATASOURCE_URL_KEY = "datasource.url";
public static final String JDBC_DATASOURCE_USERNAME_KEY = "datasource.username";
public static final String JDBC_DATASOURCE_PASSWORD_KEY = "datasource.password";
/******************************JDBC相关END***************************************/