當前位置:首頁 > IT技術(shù) > 編程語言 > 正文

【SpringBoot】數(shù)據(jù)源加密處理
2021-11-30 22:59:35

代碼審計報告提出的一個問題:

明文暴露配置信息風險

?

解決方案可以使用jasypt實現(xiàn)

需要使用依賴:

        <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>2.1.0</version>
        </dependency>

?

加密實現(xiàn)案例:

import com.yonyou.cloud.repair.RepairApplication;
import org.jasypt.encryption.StringEncryptor;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;

@RunWith(SpringRunner.class)
@SpringBootTest(classes = RepairApplication.class )
public class DatabaseTest {

    @Autowired
    private StringEncryptor encryptor;

    @Test
    public void Test() {
        String url = encryptor.encrypt("10.180.6.116");
        String name = encryptor.encrypt("6379");
        String password = encryptor.encrypt("cyx_Pass1234");
        System.out.println("database url: " + url);
        System.out.println("database name: " + name);
        System.out.println("database password: " + password);
        Assert.assertTrue(url.length() > 0);
        Assert.assertTrue(name.length() > 0);
        Assert.assertTrue(password.length() > 0);
    }
}

?

結(jié)合application.yml配置信息的處理:

加密的密文需要加上ENC()修飾,在加載過程處理解密

  # 現(xiàn)UAT環(huán)境庫
    url: ENC(3HhbZfqGCMCr+ux/0hUbmMGtnP1v03lj/nSIYpS1mwDN745DC2V/rM3IXeWKRTq0Z67V3l67tpuzaj+IoCAQkjms2HW2Df7bPAFBFC6Q8ixaucMo2JHoMz16jxvCHrlz7CUAwTH/oZpzoqzEbfJgu3bixM5DoaOmQGSeWk67hZVSYoKjx77Oif08fecAid/nobzBSvuzYhcMIylWkWyONg==)
    username: ENC(Q+bk/oOkE92lcvFJXXzk6RMV1homL+Ij)
    password: ENC(fzPoG+f1QEM1AfRGqAVCTpJ9bzYNbSAj0jpAX6DNqTk=)

?

密文加密的鹽值配置【yml配置層級就是第一級】:

jasypt:
  encryptor:
    password: Y6M8fAJQdU7jNp5MW

?

本文摘自 :https://www.cnblogs.com/

開通會員,享受整站包年服務(wù)立即開通 >