526互联

SpringBoot集成Jasypt实现数据加密

发布时间 2023-12-06 20:43:15作者: bug毁灭者

1、环境说明

JDK1.8 + SpringBoot2.7

 

2、添加pom依赖

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.3</version>
</dependency>

 

3、application.yml 添加jasypt配置

jasypt:
  encryptor:
    algorithm: PBEWithMD5AndDES
    password: abc34sd12DS0od
    property:
      prefix: ENC(
      suffix: )
    iv-generator-classname: org.jasypt.iv.RandomIvGenerator

 

4、编写测试代码进行数据加密

import com.alibaba.fastjson.JSON;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.util.text.BasicTextEncryptor;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.data.domain.Range;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import javax.annotation.Resource;
import java.util.*;

@SpringBootTest
@ExtendWith(SpringExtension.class)
@ActiveProfiles("local")
@Slf4j
class ApplicationTests {

    @Autowired
    private StringEncryptor stringEncryptor;

    @Test
    public void testEncryptor(){
        //1、此方式可单独设置密码
        BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
        textEncryptor.setPassword("GF312120O@0df!");

        String oldStr = "{\n" +
                "    \"prod-redis-password\": \"82gR8CV2wX26~vFs233Gr\",\n" +
                "    \"prod-datasource-master-username\": \"user_swy\",\n" +
                "    \"prod-datasource-master-password\": \"dDl_F2125kd23\",\n" +
                "    \"prod-datasource-slave-username\": \"user_senwy\",\n" +
                "    \"prod-datasource-slave-password\": \"dDl_F2125kd23\"\n" +
                "}";

        System.out.println("------采用自定义密码加密------");
        Map<String,String> map = JSON.parseObject(oldStr, LinkedHashMap.class);
        for(String key: map.keySet()){
            System.out.println(key+"加密后信息:ENC("+textEncryptor.encrypt(map.get(key))+")");
        }

        System.out.println("\n");
        System.out.println("------采用配置中的密码加密------");

        //2、使用配置文件中的密码
        String encryptStr = stringEncryptor.encrypt("abc123");
        System.out.println("加密后的信息为"+encryptStr);
        // 下面的方法是解密
        String decrypt = stringEncryptor.decrypt(encryptStr);
        System.out.println("解密后的信息为"+decrypt);
    }
    
}

 

5、执行结果

将加密后的密文替换掉原来的明文信息即可

 

6、增加java应用启动配置

为了数据的更为安全,yml文件中的jasypt密码配置应该置空,在java应用启动的时候设置启动参数如:

nohup java -Xms1024m -Xmx1024m -Dfile.encoding=utf-8 -Djasypt.encryptor.password=cbd12sQe@oO0 -jar /data/myapp.jar >/dev/null 2>&1 &