zoukankan      html  css  js  c++  java
  • 【SpringBoot】数据源加密处理

    代码审计报告提出的一个问题:

    明文暴露配置信息风险

    解决方案可以使用jasypt实现

    需要使用依赖:

            <dependency>
                <groupId>com.github.ulisesbocchio</groupId>
                <artifactId>jasypt-spring-boot-starter</artifactId>
                <version>2.1.0</version>
            </dependency>

    加密实现案例:

    import com.yonyou.cloud.repair.RepairApplication;
    import org.jasypt.encryption.StringEncryptor;
    import org.junit.Assert;
    import org.junit.Test;
    import org.junit.runner.RunWith;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.boot.test.context.SpringBootTest;
    import org.springframework.test.context.junit4.SpringRunner;
    
    @RunWith(SpringRunner.class)
    @SpringBootTest(classes = RepairApplication.class )
    public class DatabaseTest {
    
        @Autowired
        private StringEncryptor encryptor;
    
        @Test
        public void Test() {
            String url = encryptor.encrypt("10.180.6.116");
            String name = encryptor.encrypt("6379");
            String password = encryptor.encrypt("cyx_Pass1234");
            System.out.println("database url: " + url);
            System.out.println("database name: " + name);
            System.out.println("database password: " + password);
            Assert.assertTrue(url.length() > 0);
            Assert.assertTrue(name.length() > 0);
            Assert.assertTrue(password.length() > 0);
        }
    }

    结合application.yml配置信息的处理:

    加密的密文需要加上ENC()修饰,在加载过程处理解密

      # 现UAT环境库
        url: ENC(3HhbZfqGCMCr+ux/0hUbmMGtnP1v03lj/nSIYpS1mwDN745DC2V/rM3IXeWKRTq0Z67V3l67tpuzaj+IoCAQkjms2HW2Df7bPAFBFC6Q8ixaucMo2JHoMz16jxvCHrlz7CUAwTH/oZpzoqzEbfJgu3bixM5DoaOmQGSeWk67hZVSYoKjx77Oif08fecAid/nobzBSvuzYhcMIylWkWyONg==)
        username: ENC(Q+bk/oOkE92lcvFJXXzk6RMV1homL+Ij)
        password: ENC(fzPoG+f1QEM1AfRGqAVCTpJ9bzYNbSAj0jpAX6DNqTk=)

    密文加密的盐值配置【yml配置层级就是第一级】:

    jasypt:
      encryptor:
        password: Y6M8fAJQdU7jNp5MW
  • 相关阅读:
    js中this的用法
    js原型链与继承(初体验)
    关于C语言指针中的p++与p+i
    react todolist
    react表单提交
    react条件渲染
    react初体验
    初次接触express
    阿里内推在线编程题(返回元素的选择器)
    模块初始化
  • 原文地址:https://www.cnblogs.com/mindzone/p/15626561.html
Copyright © 2011-2022 走看看