1.概述
避免配置文件中出现明文数据库密码,通过加密的方式使配置文件中的信息更安全。
2.步骤
- 引入Druid
- 编写Druid加密类
- 替换配置文件中的明文密码
- 通过配置文件开启Druid配置
3.实现
1. 引入Druid
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.21</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.22</version>
</dependency>
2. 编写Druid加密类
/**
* 数据库配置文件加解密工具
*
* @author Tang
* @date 2024/1/24 18:45
**/
public class DruidEncryptUtil {
//公钥
private static String publicKey;
//私钥
private static String privateKey;
static {
try {
String[] keyPairs = ConfigTools.genKeyPair(512);
privateKey = keyPairs[0];
System.out.println("privateKey:" + privateKey);
publicKey = keyPairs[1];
System.out.println("publicKey:" + publicKey);
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new RuntimeException(e);
}
}
/**
* 利用私钥对字符串加密
*
* @param plainText 待加密的字符串
* @return java.lang.String
* @author Tang
* @date 2024/1/24 18:54
**/
public static String encrypt(String plainText) throws Exception {
String encrypt = ConfigTools.encrypt(privateKey, plainText);
System.out.println("encrypt:" + encrypt);
return encrypt;
}
/**
* 利用公钥对字符串解密
*
* @param encryptText 待加密的字符串
* @return java.lang.String
* @author Tang
* @date 2024/1/24 18:54
**/
public static String decrypt(String encryptText) throws Exception {
String decrypt = ConfigTools.decrypt(publicKey, encryptText);
System.out.println("decrypt:" + decrypt);
return decrypt;
}
public static void main(String[] args) throws Exception {
String encrypt = encrypt("123456");
String decrypt = decrypt(encrypt);
}
}
通过调用上述代码的encrypt函数对明文密码进行加密。
例如上述的明文密码123456,经过随机生成的私钥加密后,如下如所示
通过上述生成的配套公钥解密后,如下图所示
3. 替换配置文件中的明文密码
替换之后的配置文件,密码通过加密的方式
server:
port: 8080
publicKey: "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKzefbYhmdrbuwy1dozfnUBWqzVUEyBalX3dvlHxh2piUW3AbLAr/231W+jxUPUmZGAniWzQ1NXekhMSeHO44LcCAwEAAQ=="
spring:
datasource:
username: root
password: "bbhrLurHcrUZP82pGJzUktgGuLXmt3Xa4IWc6vcg/vY2sRjxIiLRYM78ycNsdLPUVNe9ysEs8WkXE7XLhDwq6Q=="
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/jc-club?serverTimezone=Asia/Shanghai&useUnicode=true&useSSL=false
type: com.alibaba.druid.pool.DruidDataSource
druid:
connectionProperties: config.decrypt=true;config.decrypt.key=${publicKey}
initial-size: 20
min-idle: 20
max-active: 100
max-wait: 60000
stat-view-servlet:
enabled: true
url-pattern: /druid/*
login-username: admin
login-password: 123456
filter:
stat:
enabled: true
log-slow-sql: true
slow-sql-millis: 2000
wall:
enabled: true
config:
enabled: true
4. 通过配置文件开启Druid配置
将spring.druid.filter.config.enabled设置为true,即可打开加解密配置。
spring:
druid:
省略其他配置...
filter:
stat:
enabled: true
log-slow-sql: true
slow-sql-millis: 2000
wall:
enabled: true
config:
enabled: true
