代碼審計報告提出的一個問題:
明文暴露配置信息風險
?
解決方案可以使用jasypt實現(xiàn)
需要使用依賴:
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency>
?
加密實現(xiàn)案例:
import com.yonyou.cloud.repair.RepairApplication; import org.jasypt.encryption.StringEncryptor; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.context.junit4.SpringRunner; @RunWith(SpringRunner.class) @SpringBootTest(classes = RepairApplication.class ) public class DatabaseTest { @Autowired private StringEncryptor encryptor; @Test public void Test() { String url = encryptor.encrypt("10.180.6.116"); String name = encryptor.encrypt("6379"); String password = encryptor.encrypt("cyx_Pass1234"); System.out.println("database url: " + url); System.out.println("database name: " + name); System.out.println("database password: " + password); Assert.assertTrue(url.length() > 0); Assert.assertTrue(name.length() > 0); Assert.assertTrue(password.length() > 0); } }
?
結(jié)合application.yml配置信息的處理:
加密的密文需要加上ENC()修飾,在加載過程處理解密
# 現(xiàn)UAT環(huán)境庫 url: ENC(3HhbZfqGCMCr+ux/0hUbmMGtnP1v03lj/nSIYpS1mwDN745DC2V/rM3IXeWKRTq0Z67V3l67tpuzaj+IoCAQkjms2HW2Df7bPAFBFC6Q8ixaucMo2JHoMz16jxvCHrlz7CUAwTH/oZpzoqzEbfJgu3bixM5DoaOmQGSeWk67hZVSYoKjx77Oif08fecAid/nobzBSvuzYhcMIylWkWyONg==) username: ENC(Q+bk/oOkE92lcvFJXXzk6RMV1homL+Ij) password: ENC(fzPoG+f1QEM1AfRGqAVCTpJ9bzYNbSAj0jpAX6DNqTk=)
?
密文加密的鹽值配置【yml配置層級就是第一級】:
jasypt:
encryptor:
password: Y6M8fAJQdU7jNp5MW
?
本文摘自 :https://www.cnblogs.com/