-
SpringBoot实现自定义environment中的value加密
environment中的value为什么要加密?
未经过加密的配置文件,密码均是采用明文密码,很容易导致信息泄露。
SpringBoot environment中的value加密代码如下
package com.xxx.core.encryption; import com.google.common.collect.Maps; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeansException; import org.springframework.beans.factory.config.BeanFactoryPostProcessor; import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.boot.env.OriginTrackedMapPropertySource; import org.springframework.boot.origin.OriginTrackedValue; import org.springframework.core.Ordered; import org.springframework.core.env.ConfigurableEnvironment; import org.springframework.core.env.MutablePropertySources; import org.springframework.core.env.PropertySource; import java.util.Map; /** * @author HanKeQi * @date 2023/9/4 */ @Slf4j public class EnableEncryptionData implements BeanFactoryPostProcessor, Ordered { private final ConfigurableEnvironment environment; //根据自己需求自定义 private static final String PREFIX = "ENC("; private static final String SUFFIX = ")"; /** * 扫描自定义配置的文件 */ private static final String BOOTSTRAP_CONFIGURE = "bootstrap"; public EnableEncryptionData(ConfigurableEnvironment environment) { this.environment = environment; } @Override public void postProcessBeanFactory(ConfigurableListableBeanFactory configurableListableBeanFactory) throws BeansException { MutablePropertySources propertySources = environment.getPropertySources(); for (PropertySource<?> propertySource: propertySources){ if (propertySource instanceof OriginTrackedMapPropertySource){ OriginTrackedMapPropertySource originTrackedMapPropertySource = (OriginTrackedMapPropertySource) propertySource; String activeName = originTrackedMapPropertySource.getName(); Map<String, Object> activeSource = (Map<String, Object>)propertySources.get(activeName).getSource(); Map<String, Object> newConfigMap = Maps.newHashMap(); activeSource.forEach((k,v)->{ if (v instanceof OriginTrackedValue){ Object valueObj = ((OriginTrackedValue) v).getValue(); if (valueObj instanceof String){ String valueEncryptionStr = (String) valueObj; if (!StringUtils.isEmpty(valueEncryptionStr) && valueEncryptionStr.startsWith(PREFIX) && valueEncryptionStr.endsWith(SUFFIX)){ try { valueEncryptionStr = getEncryptionStr(valueEncryptionStr); valueEncryptionStr = AesUtils.decodeStr(valueEncryptionStr, AesUtils.P_KEY); newConfigMap.put(k, valueEncryptionStr); return; }catch (Exception e){ e.printStackTrace(); } } } } newConfigMap.put(k, v); }); propertySources.replace(activeName, new OriginTrackedMapPropertySource(activeName , newConfigMap, true)); } } } @Override public int getOrder() { return Ordered.LOWEST_PRECEDENCE - 100; } /** * 获取加密后的信息 * @param encryptionStr * @return */ private static String getEncryptionStr(String encryptionStr){ encryptionStr = encryptionStr.substring(PREFIX.length()); encryptionStr = encryptionStr.substring(0, encryptionStr.length()-SUFFIX.length()); return encryptionStr; } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
springboot 配置Configuration
package com.xxx.core.encryption; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.ConfigurableEnvironment; /** * @author HanKeQi * @date 2022/10/30 */ @Configuration public class EnvironmentConfig { @Bean public static EnableEncryptionData enableEncryptionData(final ConfigurableEnvironment environment) { return new EnableEncryptionData(environment); } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Aes加密代码
package com.xxx.util.encrypt; import lombok.extern.slf4j.Slf4j; import org.apache.commons.codec.binary.Base64; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.util.Arrays; /** * @author HanKeQi * @date 2022/10/30 */ @Slf4j public class AesUtils { public static final String IV = "vKapxbKpyptKkwuP"; private static final String P_KCS5_PADDING="AES/CBC/PKCS5Padding"; private static final String KEY = "AES"; public static final String P_KEY = "6U7Si019ireqa7vAscWBkbPClOYtn6gb"; /** * @param content base64处理过的字符串 * @param pkey 密匙 * @return String 返回类型 * @throws Exception * @throws * @Title: aesDecodeStr * @Description: 解密 失败将返回NULL */ public static String decodeStr(String content, String pkey) throws Exception { try { log.info("待解密内容: {}", content); byte[] base64DecodeStr = Base64.decodeBase64(content); byte[] aesDecode = decode(base64DecodeStr, pkey); if (aesDecode == null) { return null; } String result; result = new String(aesDecode, "UTF-8"); return result; } catch (Exception e) { throw new Exception("解密异常"); } } /** * 解密 128位 * * @param content 解密前的byte数组 * @param pkey 密匙 * @return result 解密后的byte数组 * @throws Exception */ public static byte[] decode(byte[] content, String pkey,String IV) throws Exception { SecretKeySpec skey = new SecretKeySpec(pkey.getBytes(), KEY); IvParameterSpec iv = new IvParameterSpec(IV.getBytes("UTF-8")); //创建密码器 Cipher cipher = Cipher.getInstance(P_KCS5_PADDING); //初始化解密器 cipher.init(Cipher.DECRYPT_MODE, skey, iv); byte[] result = cipher.doFinal(content); // 解密 return result; } public static byte[] decode(byte[] content, String pkey) throws Exception { return decode(content,pkey,IV); } /** * @param content 加密前原内容 * @param pkey 长度为16个字符,128位 * @return base64EncodeStr aes加密完成后内容 * @throws * @Title: aesEncryptStr * @Description: aes对称加密 */ public static String encryptStr(String content, String pkey) { byte[] aesEncrypt = encrypt(content, pkey); String base64EncodeStr = Base64.encodeBase64String(aesEncrypt); return base64EncodeStr; } /** * 加密 128位 * * @param content 需要加密的原内容 * @param pkey 密匙 * @return */ public static byte[] encrypt(String content, String pkey, String iv) { try { //SecretKey secretKey = generateKey(pkey); //byte[] enCodeFormat = secretKey.getEncoded(); SecretKeySpec skey = new SecretKeySpec(pkey.getBytes(), KEY); Cipher cipher = Cipher.getInstance(P_KCS5_PADDING);// "算法/加密/填充" IvParameterSpec ivParameterSpec = new IvParameterSpec(iv.getBytes()); cipher.init(Cipher.ENCRYPT_MODE, skey, ivParameterSpec);//初始化加密器 byte[] encrypted = cipher.doFinal(content.getBytes("UTF-8")); return encrypted; // 加密 } catch (Exception e) { log.info("encrypt() method error:", e); } return null; } public static byte[] encrypt(String content, String pkey) { return encrypt(content,pkey, IV); } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
配置文件
spring: redis: database: 1 host: redis.commons.svc.cluster.local port: 6379 # 使用了 AesUtils.encryptStr("ADoZH2Gw6KEw51c3Mk", P_KEY); password: ENC(hji+7pHQpX0f0/dVncyT/leJ6sWHiCUlFq7LdDJjo1s=)- 1
- 2
- 3
- 4
- 5
- 6
- 7
-
相关阅读:
Dobbo微服务项目实战(详细介绍+案例源码) - 3.用户信息
java计算机毕业设计航空订票系统源码+mysql数据库+系统+lw文档+部署(2)
卡方检验-python代码
应用在脉冲变压器中的光电耦合器
数据结构详细笔记——图
如何为 Python 应用选择最好的 Docker 镜像?
深度访谈丨工作13年的程序员老兵,当初为何选择Java?现在后悔吗?
CPU密集型和IO密集型任务的权衡:如何找到最佳平衡点
大事务导致数据库恢复时间长
java计算机毕业设计社区健康信息管理系统源码+系统+mysql数据库+lw文档
- 原文地址:https://blog.csdn.net/helenyqa/article/details/132804652
