jasypt 与spring结合的两种配置方式

chenhua_1984

浏览: 1233736 次
性别:
来自: 杭州

最近访客更多访客>>

hy811014

jmi_hua

jin_config

大二三炮

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

jsp
java
struts
jsf
spring
c:tag
标签库
jstl

spring 加密配置文件

我们在开发一套系统的时候需要连接数据库，而在连接数据库的后配置文件通常是要加密的，假如使用spring +jasypt来实现数据库连接的加密，那么有两种方式可以配置

第一种，加密时的KEY可以采用动态的，而非写死的，这样会更安全一些，但是同时也会产生一些麻烦。

这种方式需要在系统级别设置环境变量APP_ENCRYPTION_PASSWORD

可以根据需求设定不同的值。

这种配置直接可以把值写死在系统配置上面。两种配置方式各有需求，根据实际情况来选择。

package com.hzmc.capaa.util.config;

import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.util.Enumeration;
import java.util.Properties;

import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;

public class ConfigEncryptor {
	public static String readValue(String filePath, String key) {
		Properties props = new Properties();
		try {
			InputStream in = new BufferedInputStream(new FileInputStream(
					filePath));
			props.load(new FileInputStream(filePath));
			String value = props.getProperty(key);
			in.close();
			return value;
		} catch (Exception e) {
			e.printStackTrace();
		}
		return null;
	}

	// 读取properties的全部信息
	@SuppressWarnings("unchecked")
	public static void readProperties(String filePath) {
		Properties props = new Properties();
		try {
			InputStream in = new BufferedInputStream(new FileInputStream(
					filePath));
			props.load(in);
			Enumeration en = props.propertyNames();
			while (en.hasMoreElements()) {
				String key = (String) en.nextElement();
				String property = props.getProperty(key);
				System.out.println(key + " : " + property);
			}
			in.close();
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

	// 写入properties信息
	public static void writeProperties(String filePath, String parameterName,
			String parameterValue) {
		Properties props = new Properties();
		try {
			File file = new File(filePath);
			if (file.exists()) {
				InputStream fis = new FileInputStream(file);
				props.load(fis);
				fis.close();
			}
			OutputStream fos = new FileOutputStream(file);
			props.setProperty(parameterName, "ENC(" + parameterValue + ")");

			props.store(fos, null);
			fos.close();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}

	// 写入properties信息
	public static void writeProperty(String filePath, String parameterName,
			String parameterValue) {
		Properties props = new Properties();
		try {
			File file = new File(filePath);
			if (file.exists()) {
				InputStream fis = new FileInputStream(file);
				props.load(fis);
				fis.close();
			}
			OutputStream fos = new FileOutputStream(file);
			props.setProperty(parameterName, parameterValue);

			props.store(fos, null);
			fos.close();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
	
	public static void main(String[] args) throws IOException {

		final String outputPropertiesFileName = "system.properties";
		StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
		/* 从输入流中读取数据，并把它存在缓存中 */
		BufferedReader reader = new BufferedReader(new InputStreamReader(
				System.in));
		String key = getParameter(args, "-key");
		String jdbcUrl = getParameter(args, "-jdbcurl");
		String username = getParameter(args, "-username");
		String password = getParameter(args, "-password");
		String driver = getParameter(args, "-driver");

		// 如果参数没有在命令行中输入，则交互式的要求用户输入
		if (key == null) {
			System.out.println("Please Enter CAPAA Startup Key");
			key = reader.readLine();
			encryptor.setPassword(key);
		} else {
			encryptor.setPassword(key);
		}

		if (jdbcUrl == null) {
			System.out.println("Please Enter JDBC URL：");
			jdbcUrl = reader.readLine();
		}

		if (username == null) {
			System.out.println("Please Enter JDBC Username：");
			username = reader.readLine();
		}

		if (password == null) {
			System.out.println("Please Enter JDBC Password：");
			password = reader.readLine();
		}

		if (driver == null) {
			System.out.println("Please Enter JDBC Driver：");
			driver = reader.readLine();
		}

		// System.out.println("key=======" + key);
		// System.out.println("url=======" + jdbcUrl);
		// System.out.println("driver=========" + driver);
		// System.out.println("user========" + username);
		// System.out.println("password=======" + password);

		String drivers = encryptor.encrypt(driver);
		String url = encryptor.encrypt(jdbcUrl);
		String user = encryptor.encrypt(username);
		String passwords = encryptor.encrypt(password);

		ConfigEncryptor.writeProperties(outputPropertiesFileName,
				"jdbc.driverClass", drivers);
		ConfigEncryptor.writeProperties(outputPropertiesFileName,
				"jdbc.jdbcUrl", url);
		ConfigEncryptor.writeProperties(outputPropertiesFileName, "jdbc.user",
				user);
		ConfigEncryptor.writeProperties(outputPropertiesFileName,
				"jdbc.password", passwords);

		System.out.println("url=======" + url);
		System.out.println("driver=========" + drivers);
		System.out.println("user========" + user);
		System.out.println("password=======" + passwords);

	}

	private static String getParameter(String[] args, String string) {
		for (int i = 0; i < args.length; i++) {
			String arg = args[i];
			if (arg.equals(string) && (i < args.length - 1)
					&& (!args[i + 1].startsWith("-"))) {
				System.out.println(args[i + 1]);
				return args[i + 1];
			}
		}
		return null;
	}
}

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xmlns:p="http://www.springframework.org/schema/p" xmlns:aop="http://www.springframework.org/schema/aop"
		xmlns:context="http://www.springframework.org/schema/context" xmlns:jee="http://www.springframework.org/schema/jee"
		xmlns:tx="http://www.springframework.org/schema/tx"
		xmlns:security="http://www.springframework.org/schema/security"
		xsi:schemaLocation="
			http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
			http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
			http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
			http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
			http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
			http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
	
	<import resource="applicationContext-propertyConfigurer.xml"/>
	
	<!-- acegi configuration -->

	<security:http entry-point-ref="authenticationEntryPoint" >
		<security:intercept-url pattern="/**/*.public" access="ROLE_ANONYMOUS,ROLE_SUPER_ADMIN,ROLE_ADMIN,ROLE_AUDIT_ADMIN,ROLE_AUDIT_ANALYST,ROLE_CONFIG_USER" />
	    <security:intercept-url pattern="/servermanager/audit.do" access="ROLE_ANONYMOUS,ROLE_SUPER_ADMIN,ROLE_ADMIN,ROLE_AUDIT_ADMIN,ROLE_AUDIT_ANALYST,ROLE_CONFIG_USER" method="POST"/>
	    <security:intercept-url pattern="/login.jspx*" access="ROLE_ANONYMOUS,ROLE_SUPER_ADMIN,ROLE_ADMIN,ROLE_AUDIT_ADMIN,ROLE_AUDIT_ANALYST,ROLE_CONFIG_USER"/>
	    <security:intercept-url pattern="/index.jspx*" access="ROLE_ANONYMOUS,ROLE_SUPER_ADMIN,ROLE_ADMIN,ROLE_AUDIT_ADMIN,ROLE_AUDIT_ANALYST,ROLE_CONFIG_USER" />
	    <security:intercept-url pattern="/**" access="ROLE_SUPER_ADMIN,ROLE_ADMIN,ROLE_AUDIT_ADMIN,ROLE_AUDIT_ANALYST,ROLE_CONFIG_USER" />
		<security:anonymous/>
<!--		<security:form-login login-page='/login.jspx' authentication-failure-url="/login.jspx?error=1" />-->
	    <security:logout invalidate-session="true" logout-url="/logout.jspx" logout-success-url="/index.jspx"/>
	</security:http>

	<security:authentication-provider user-service-ref="capaaUserDetailsDaoImpl">
		<!-- security:user-service>
			<security:user name="jimi" password="jimispassword"
				authorities="ROLE_USER, ROLE_ADMIN" />
			<security:user name="bob" password="bobspassword"
				authorities="ROLE_USER" />
		</security:user-service -->
		<security:password-encoder ref="passwordEncoder">
			<!--security:salt-source system-wide="${system.wide.salt}"/-->
		</security:password-encoder>
	</security:authentication-provider>
	
	<bean id="passwordEncoder" class="org.springframework.security.providers.encoding.Md5PasswordEncoder">
	</bean>
	
	<!-- bean id="saltSource" class="org.springframework.security.providers.dao.salt.SystemWideSaltSource">
		<property name="systemWideSalt" value="capaa"></property>
	</bean -->
	
	<!-- bean id="jdbcDaoImpl" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
		<property name="dataSource" ref="dataSource"></property>
		<property name="enableGroups" value="false"></property>
		<property name="usersByUsernameQuery">
			<value>select username,password,enabled from mc$lg_adminuser where username = ?</value>
		</property>
		<property name="authoritiesByUsernameQuery">
			<value>select username,granted_role from mc$lg_adminuser where username = ?</value>
		</property>
	</bean -->
	
	<bean id="capaaUserDetailsDaoImpl" class="com.hzmc.capaa.web.security.CapaaUserDetailsDaoImpl">
		<property name="dataSource" ref="dataSource"></property>
		<property name="enableGroups" value="false"></property>
	</bean>
	
	<bean id="capaaAuthenticationProcessingFilter" class="com.hzmc.capaa.web.security.CapaaAuthenticationProcessingFilter" autowire="byType">
		<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
		<property name="defaultTargetUrl" value="/auditsession/mainpage.do" />
		<property name="authenticationFailureUrl" value="/login.jspx?error=1"></property>
		<property name="exceptionMappings">
			<props>
				<prop key="org.springframework.security.LockedException">/login.jspx?error=2</prop>
				<prop key="org.springframework.security.DisabledException">/login.jspx?error=3</prop>
				<prop key="org.springframework.security.AccountExpiredException">/login.jspx?error=4</prop>
				<prop key="org.springframework.security.CredentialsExpiredException">/login.jspx?error=5</prop>
			</props>
		</property>
	</bean>
	
	<bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl" value="/login.jspx"></property>
	</bean>
	
	
	<!-- jasypt configuration -->
	
	<bean id="environmentVariablesConfiguration"
		     class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
		   <property name="algorithm" value="PBEWithMD5AndDES" />
		   <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
	</bean>
		  
    <bean id="configurationEncryptor"
	   	  class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
	  	 <property name="config" ref="environmentVariablesConfiguration" />
	</bean>
	
</beans>

分享到：

CA证书的CAPI（CSP），PKCS11 读取数字证 ... | 记一个java在64位windows上的BUG

2012-02-20 14:58
浏览 4428
评论(6)
分类:开源软件
查看更多

6 楼 chenhua_1984 2013-06-09

wangxue 写道

chenhua_1984 写道

cmd set APP_ENCRYPTION_PASSWORD = "key"

或者直接在环境变量里设置

谢谢

可以配置在windows的环境变量里面

5 楼 chenhua_1984 2013-06-09

wangxue 写道

这种方式需要在系统级别设置环境变量APP_ENCRYPTION_PASSWORD 怎么在系统级别下设置环境变量？？这点不明白

set APP_ENCRYPTION_PASSWORD ="value"

4 楼 liujunhao225 2013-06-08

just so so .

3 楼 wangxue 2013-03-05

chenhua_1984 写道

cmd set APP_ENCRYPTION_PASSWORD = "key"

或者直接在环境变量里设置

谢谢

2 楼 chenhua_1984 2013-02-25

cmd set APP_ENCRYPTION_PASSWORD = "key"

或者直接在环境变量里设置

1 楼 wangxue 2013-02-18

这种方式需要在系统级别设置环境变量APP_ENCRYPTION_PASSWORD 怎么在系统级别下设置环境变量？？这点不明白

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论