zoukankan      html  css  js  c++  java
  • SSM实现mysql数据库账号密码加密连接

    引言

          咱们公司从事的是信息安全涉密应用的一些项目研发一共有分为三步,相比较于一般公司和一般的项目,对于信息安全要求更加严格,领导要求数据量和用户的用户名及密码信息都必需是要密文配置和存储的,这就涉及到jdbc.properties文件中的数据库的用户名和密码也是一样的,需要配置问密文,在连接的时候再加载解密为明文进行数据库的连接操作,以下就是实现过程,一共有分为三步。

    一、创建DESUtil类

    提供自定义密钥,加密解密的方法。

     1 package com.hzdy.DCAD.common.util;
     2 
     3 import sun.misc.BASE64Decoder;
     4 import sun.misc.BASE64Encoder;
     5 import javax.crypto.Cipher;
     6 import javax.crypto.KeyGenerator;
     7 import java.security.Key;
     8 import java.security.SecureRandom;
     9 
    10 /**
    11  * Created by Wongy on 2019/8/8.
    12  */
    13 public class DESUtil {
    14     private static Key key;
    15     //自己的密钥
    16     private static String KEY_STR = "mykey";
    17 
    18     static {
    19         try {
    20             KeyGenerator generator = KeyGenerator.getInstance("DES");
    21             SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
    22             secureRandom.setSeed(KEY_STR.getBytes());
    23             generator.init(secureRandom);
    24             key = generator.generateKey();
    25             generator = null;
    26         } catch (Exception e) {
    27             throw new RuntimeException(e);
    28         }
    29     }
    30 
    31     /**
    32      * 对字符串进行加密,返回BASE64的加密字符串
    33      *
    34      * @param str
    35      * @return
    36      * @see [类、类#方法、类#成员]
    37      */
    38     public static String getEncryptString(String str) {
    39         BASE64Encoder base64Encoder = new BASE64Encoder();
    40         try {
    41             byte[] strBytes = str.getBytes("UTF-8");
    42             Cipher cipher = Cipher.getInstance("DES");
    43             cipher.init(Cipher.ENCRYPT_MODE, key);
    44             byte[] encryptStrBytes = cipher.doFinal(strBytes);
    45             return base64Encoder.encode(encryptStrBytes);
    46         } catch (Exception e) {
    47             throw new RuntimeException(e);
    48         }
    49 
    50     }
    51 
    52     /**
    53      * 对BASE64加密字符串进行解密
    54      *
    55      */
    56     public static String getDecryptString(String str) {
    57         BASE64Decoder base64Decoder = new BASE64Decoder();
    58         try {
    59             byte[] strBytes = base64Decoder.decodeBuffer(str);
    60             Cipher cipher = Cipher.getInstance("DES");
    61             cipher.init(Cipher.DECRYPT_MODE, key);
    62             byte[] encryptStrBytes = cipher.doFinal(strBytes);
    63             return new String(encryptStrBytes, "UTF-8");
    64         } catch (Exception e) {
    65             throw new RuntimeException(e);
    66         }
    67 
    68     }
    69 
    70 
    71     public static void main(String[] args) {
    72         String name = "dbuser";
    73         String password = "waction2016";
    74         String encryname = getEncryptString(name);
    75         String encrypassword = getEncryptString(password);
    76         System.out.println("encryname : " + encryname);
    77         System.out.println("encrypassword : " + encrypassword);
    78 
    79         System.out.println("name : " + getDecryptString(encryname));
    80         System.out.println("password : " + getDecryptString(encrypassword));
    81     }
    82 }

    二、 创建EncryptPropertyPlaceholderConfigurer类

    建立与配置文件的关联。

     1 package com.hzdy.DCAD.common.util;
     2 
     3 import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
     4 
     5 public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
     6     //属性需与配置文件的KEY保持一直
     7     private String[] encryptPropNames = {"jdbc.username", "jdbc.password"};
     8 
     9     @Override
    10     protected String convertProperty(String propertyName, String propertyValue) {
    11 
    12         //如果在加密属性名单中发现该属性  
    13         if (isEncryptProp(propertyName)) {
    14             String decryptValue = DESUtil.getDecryptString(propertyValue);
    15             System.out.println(decryptValue);
    16             return decryptValue;
    17         } else {
    18             return propertyValue;
    19         }
    20 
    21     }
    22 
    23     private boolean isEncryptProp(String propertyName) {
    24         for (String encryptName : encryptPropNames) {
    25             if (encryptName.equals(propertyName)) {
    26                 return true;
    27             }
    28         }
    29         return false;
    30     }
    31 } 

    三、 修改配置文件 jdbc.properties 

     1 #加密配置之前
     2 #jdbc.driver=com.mysql.jdbc.Driver
     3 #jdbc.user=root
     4 #jdbc.password=root
     5 #jdbc.url=jdbc:mysql://localhost:3306/bookstore
     6 
     7 #加密配置之后
     8 jdbc.driver=com.mysql.jdbc.Driver
     9 jdbc.user=Ov4j7fKiCzY=
    10 jdbc.password=Ov4j7fKiCzY=
    11 jdbc.url=jdbc:mysql://localhost:3306/bookstore

    四、 修改spring-content.xml配置文件

    1 将spring-context中的
    2 <context:property-placeholder location="classpath:.properties" />
    3 修改为
    4 <bean class="com.hzdy.DCAD.common.util.EncryptPropertyPlaceholderConfigurer"p:locations="classpath:*.properties"/>
    5 //注意只能存在一个读取配置文件的bean,否则系统只会读取最前面的

       注意:如果发现配置密文的username和password可以加载并解密成功,但是最后连接的时候还是以密文连接并报错,这可能涉及到内存预加载的问题,项目一启动,程序会加密密文的用户名和密码,就算最后解密成功了,最后连接数据库读取的却还是密文,这时候我们可以自己重写连接池的方法,让spring-content.xml加载重写的连接池方法,并在连接的时候再提前进行解密。 

     1 package com.thinkgem.jeesite.common.encrypt;
     2 
     3 import java.sql.Connection;
     4 import java.sql.SQLException;
     5 import java.util.Properties;
     6 
     7 import javax.security.auth.callback.PasswordCallback;
     8 import com.alibaba.druid.util.DruidPasswordCallback;
     9 
    10 /**
    11  */
    12 @SuppressWarnings("serial")
    13 public class DruidDataSource extends com.alibaba.druid.pool.DruidDataSource {
    14     
    15     public PhysicalConnectionInfo createPhysicalConnection() throws SQLException {
    16         String url = this.getUrl();
    17         Properties connectProperties = getConnectProperties();
    18 
    19         String user;
    20         if (getUserCallback() != null) {
    21             user = getUserCallback().getName();
    22         } else {
    23             user = getUsername();
    24         }
    25         //DES解密
    26         user = DESUtils.getDecryptString(user);
    27         String password = DESUtils.getDecryptString(getPassword());
    28         
    29         PasswordCallback passwordCallback = getPasswordCallback();
    30 
    31         if (passwordCallback != null) {
    32             if (passwordCallback instanceof DruidPasswordCallback) {
    33                 DruidPasswordCallback druidPasswordCallback = (DruidPasswordCallback) passwordCallback;
    34 
    35                 druidPasswordCallback.setUrl(url);
    36                 druidPasswordCallback.setProperties(connectProperties);
    37             }
    38 
    39             char[] chars = passwordCallback.getPassword();
    40             if (chars != null) {
    41                 password = new String(chars);
    42             }
    43         }
    44 
    45         Properties physicalConnectProperties = new Properties();
    46         if (connectProperties != null) {
    47             physicalConnectProperties.putAll(connectProperties);
    48         }
    49 
    50         if (user != null && user.length() != 0) {
    51             physicalConnectProperties.put("user", user);
    52         }
    53 
    54         if (password != null && password.length() != 0) {
    55             physicalConnectProperties.put("password", password);
    56         }
    57 
    58         Connection conn;
    59 
    60         long connectStartNanos = System.nanoTime();
    61         long connectedNanos, initedNanos, validatedNanos;
    62         try {
    63             conn = createPhysicalConnection(url, physicalConnectProperties);
    64             connectedNanos = System.nanoTime();
    65 
    66             if (conn == null) {
    67                 throw new SQLException("connect error, url " + url + ", driverClass " + this.driverClass);
    68             }
    69 
    70             initPhysicalConnection(conn);
    71             initedNanos = System.nanoTime();
    72 
    73             validateConnection(conn);
    74             validatedNanos = System.nanoTime();
    75             
    76             setCreateError(null);
    77         } catch (SQLException ex) {
    78             setCreateError(ex);
    79             throw ex;
    80         } catch (RuntimeException ex) {
    81             setCreateError(ex);
    82             throw ex;
    83         } catch (Error ex) {
    84             createErrorCount.incrementAndGet();
    85             throw ex;
    86         } finally {
    87             long nano = System.nanoTime() - connectStartNanos;
    88             createTimespan += nano;
    89         }
    90 
    91         return new PhysicalConnectionInfo(conn, connectStartNanos, connectedNanos, initedNanos, validatedNanos);
    92     }
    93 }

    修改spring-content.xml文件的数据库连接数配置

     1 #修改之前
     2 <!-- <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"  init-method="init" destroy-method="close"> -->
     3 
     4 #修改之后
     5 <bean id="dataSource"class="com.thinkgem.jeesite.common.encrypt.DruidDataSource" 
     6         init-method="init" destroy-method="close">
     7         <!-- 数据源驱动类可不写,Druid默认会自动根据URL识别DriverClass -->
     8         <property name="driverClassName" value="${jdbc.driver}" />
    10         <!-- 基本属性 url、user、password -->
    11         <property name="url" value="${jdbc.url}" />
    12         <property name="username" value="${jdbc.username}" />
    13         <property name="password" value="${jdbc.password}" />
    14 
    15     </bean>

    至此,数据库密文配置连接就完成了!

  • 相关阅读:
    gets_s()函数的参数太少,strcpy_s():形参和实参 2 的类型不同,等c函数在Visual Studio上出现的问题, get()函数和scanf()读取字符串的区别,栈的随机性
    线性表的顺序存储实现
    汉诺塔问题, 用递归方法求集合中的中位数
    共用体union
    洛谷3384:【模板】树链剖分——题解
    BZOJ4196:[NOI2015]软件包管理器——题解
    BZOJ3140:[HNOI2013]消毒——题解
    BZOJ1059:[ZJOI2007]矩阵游戏——题解
    洛谷4277:萃香的请柬——题解
    BZOJ1854:[SCOI2010]连续攻击游戏——题解
  • 原文地址:https://www.cnblogs.com/zhaosq/p/11321157.html
Copyright © 2011-2022 走看看