springboot项目创建笔记32 之《配置文件密码加密》

springboot项目创建笔记32 之《配置文件密码加密》

1、pom文件添加依赖

		com.github.ulisesbocchio
		jasypt-spring-boot-starter
		3.0.4

2、application.yml文件添加

#加密所需的salt(盐)
jasypt:
    encryptor:
        password: AD42F6697B035B7580E4FEF93BE20BAD
        #加密算法设置3.0.0以后
        algorithm: PBEWithMD5AndDES
        iv-generator-classname: org.jasypt.iv.NoIvGenerator

3、添加测试类JasyptTest.java

package myboot;

import org.jasypt.util.text.BasicTextEncryptor;

public class JasyptTest {
	public static void main(String[] args) {
		BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
		// 加密所需的salt(盐)
		textEncryptor.setPassword("AD42F6697B035B7580E4FEF93BE20BAD");

		String str1 = "654321"; // 数据库
		String str2 = "123456"; // 邮箱

		System.out.println(textEncryptor.encrypt(str1));
		System.out.println(textEncryptor.encrypt(str2));
	}
}

执行结果：

TSNRe9Ou+hxupLlQ3me15Q==
EBfyncD8izHWW8+8dFKPmw==

每次执行加密结果不同，但是都可以解密出明文

4、将配置文件中password后的值改成ENC(xxxxxxxxxx)
例如：

#定义数据源
#参考 https://github.com/alibaba/druid/wiki/DruidDataSource%E9%85%8D%E7%BD%AE
spring:
    datasource:
            druid:
                driver-class-name: com.mysql.cj.jdbc.Driver
                type: com.alibaba.druid.pool.DruidDataSource
                url: jdbc:mysql://localhost:3306/webapp2?serverTimezone=UTC
                username: user2
                #654321
                password: ENC(TSNRe9Ou+hxupLlQ3me15Q==)
                #配置监控统计拦截的filters
                filters: stat,wall,slf4j
                max-active: 20
                initial-size: 1
                max-wait: 60000
                min-idle: 1
                time-between-eviction-runs-millis: 60000
                min-evictable-idle-time-millis: 300000
                test-while-idle: true
                test-on-borrow: false
                test-on-return: false
                pool-prepared-statements: true
                max-open-prepared-statements: 20
                async-init: true
                filter: 
                    slf4j: 
                        enabled: true
                        statement-create-after-log-enabled: false
                        statement-close-after-log-enabled: false
                        result-set-open-after-log-enabled: false
                        result-set-close-after-log-enabled: false
#邮件发送
    mail:
      username: [email protected]
      #123456
      password: ENC(EBfyncD8izHWW8+8dFKPmw==)
      host: smtp.exmail.qq.com
      port: 465
      properties:
        mail:
          transport:
            protocol: smtp
          smtp:
            socketFactory:
              class: javax.net.ssl.SSLSocketFactory
            port: ${spring.mail.port}
            auth: true
            starttls:
              enable: true
              required: true

参考资料：
https://blog.csdn.net/qq_37143673/article/details/107563064/

注：最新代码上传至https://github.com/csj50/myboot