SSM实现mysql数据库账号密码加密连接

2019-08-16 12:13:30来源:博客园 阅读 ()

新老客户大回馈,云服务器低至5折

SSM实现mysql数据库账号密码加密连接

引言

      咱们公司从事的是信息安全涉密应用的一些项目研发一共有分为三步,相比较于一般公司和一般的项目,对于信息安全要求更加严格,领导要求数据量和用户的用户名及密码信息都必需是要密文配置和存储的,这就涉及到jdbc.properties文件中的数据库的用户名和密码也是一样的,需要配置问密文,在连接的时候再加载解密为明文进行数据库的连接操作,以下就是实现过程,一共有分为三步。

一、创建DESUtil类

提供自定义密钥,加密解密的方法。

 1 package com.hzdy.DCAD.common.util;
 2 
 3 import sun.misc.BASE64Decoder;
 4 import sun.misc.BASE64Encoder;
 5 import javax.crypto.Cipher;
 6 import javax.crypto.KeyGenerator;
 7 import java.security.Key;
 8 import java.security.SecureRandom;
 9 
10 /**
11  * Created by Wongy on 2019/8/8.
12  */
13 public class DESUtil {
14     private static Key key;
15     //自己的密钥
16     private static String KEY_STR = "mykey";
17 
18     static {
19         try {
20             KeyGenerator generator = KeyGenerator.getInstance("DES");
21             SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
22             secureRandom.setSeed(KEY_STR.getBytes());
23             generator.init(secureRandom);
24             key = generator.generateKey();
25             generator = null;
26         } catch (Exception e) {
27             throw new RuntimeException(e);
28         }
29     }
30 
31     /**
32      * 对字符串进行加密,返回BASE64的加密字符串
33      *
34      * @param str
35      * @return
36      * @see [类、类#方法、类#成员]
37      */
38     public static String getEncryptString(String str) {
39         BASE64Encoder base64Encoder = new BASE64Encoder();
40         try {
41             byte[] strBytes = str.getBytes("UTF-8");
42             Cipher cipher = Cipher.getInstance("DES");
43             cipher.init(Cipher.ENCRYPT_MODE, key);
44             byte[] encryptStrBytes = cipher.doFinal(strBytes);
45             return base64Encoder.encode(encryptStrBytes);
46         } catch (Exception e) {
47             throw new RuntimeException(e);
48         }
49 
50     }
51 
52     /**
53      * 对BASE64加密字符串进行解密
54      *
55      */
56     public static String getDecryptString(String str) {
57         BASE64Decoder base64Decoder = new BASE64Decoder();
58         try {
59             byte[] strBytes = base64Decoder.decodeBuffer(str);
60             Cipher cipher = Cipher.getInstance("DES");
61             cipher.init(Cipher.DECRYPT_MODE, key);
62             byte[] encryptStrBytes = cipher.doFinal(strBytes);
63             return new String(encryptStrBytes, "UTF-8");
64         } catch (Exception e) {
65             throw new RuntimeException(e);
66         }
67 
68     }
69 
70 
71     public static void main(String[] args) {
72         String name = "dbuser";
73         String password = "waction2016";
74         String encryname = getEncryptString(name);
75         String encrypassword = getEncryptString(password);
76         System.out.println("encryname : " + encryname);
77         System.out.println("encrypassword : " + encrypassword);
78 
79         System.out.println("name : " + getDecryptString(encryname));
80         System.out.println("password : " + getDecryptString(encrypassword));
81     }
82 }

二、 创建EncryptPropertyPlaceholderConfigurer类

建立与配置文件的关联。

 1 package com.hzdy.DCAD.common.util;
 2 
 3 import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
 4 
 5 public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
 6     //属性需与配置文件的KEY保持一直
 7     private String[] encryptPropNames = {"jdbc.username", "jdbc.password"};
 8 
 9     @Override
10     protected String convertProperty(String propertyName, String propertyValue) {
11 
12         //如果在加密属性名单中发现该属性  
13         if (isEncryptProp(propertyName)) {
14             String decryptValue = DESUtil.getDecryptString(propertyValue);
15             System.out.println(decryptValue);
16             return decryptValue;
17         } else {
18             return propertyValue;
19         }
20 
21     }
22 
23     private boolean isEncryptProp(String propertyName) {
24         for (String encryptName : encryptPropNames) {
25             if (encryptName.equals(propertyName)) {
26                 return true;
27             }
28         }
29         return false;
30     }
31 } 

三、 修改配置文件 jdbc.properties 

 1 #加密配置之前
 2 #jdbc.driver=com.mysql.jdbc.Driver
 3 #jdbc.user=root
 4 #jdbc.password=root
 5 #jdbc.url=jdbc:mysql://localhost:3306/bookstore
 6 
 7 #加密配置之后
 8 jdbc.driver=com.mysql.jdbc.Driver
 9 jdbc.user=Ov4j7fKiCzY=
10 jdbc.password=Ov4j7fKiCzY=
11 jdbc.url=jdbc:mysql://localhost:3306/bookstore

四、 修改spring-content.xml配置文件

1 将spring-context中的
2 <context:property-placeholder location="classpath:.properties" />
3 修改为
4 <bean class="com.hzdy.DCAD.common.util.EncryptPropertyPlaceholderConfigurer"p:locations="classpath:*.properties"/>
5 //注意只能存在一个读取配置文件的bean,否则系统只会读取最前面的

   注意:如果发现配置密文的username和password可以加载并解密成功,但是最后连接的时候还是以密文连接并报错,这可能涉及到内存预加载的问题,项目一启动,程序会加密密文的用户名和密码,就算最后解密成功了,最后连接数据库读取的却还是密文,这时候我们可以自己重写连接池的方法,让spring-content.xml加载重写的连接池方法,并在连接的时候再提前进行解密。 

 1 package com.thinkgem.jeesite.common.encrypt;
 2 
 3 import java.sql.Connection;
 4 import java.sql.SQLException;
 5 import java.util.Properties;
 6 
 7 import javax.security.auth.callback.PasswordCallback;
 8 import com.alibaba.druid.util.DruidPasswordCallback;
 9 
10 /**
11  */
12 @SuppressWarnings("serial")
13 public class DruidDataSource extends com.alibaba.druid.pool.DruidDataSource {
14     
15     public PhysicalConnectionInfo createPhysicalConnection() throws SQLException {
16         String url = this.getUrl();
17         Properties connectProperties = getConnectProperties();
18 
19         String user;
20         if (getUserCallback() != null) {
21             user = getUserCallback().getName();
22         } else {
23             user = getUsername();
24         }
25         //DES解密
26         user = DESUtils.getDecryptString(user);
27         String password = DESUtils.getDecryptString(getPassword());
28         
29         PasswordCallback passwordCallback = getPasswordCallback();
30 
31         if (passwordCallback != null) {
32             if (passwordCallback instanceof DruidPasswordCallback) {
33                 DruidPasswordCallback druidPasswordCallback = (DruidPasswordCallback) passwordCallback;
34 
35                 druidPasswordCallback.setUrl(url);
36                 druidPasswordCallback.setProperties(connectProperties);
37             }
38 
39             char[] chars = passwordCallback.getPassword();
40             if (chars != null) {
41                 password = new String(chars);
42             }
43         }
44 
45         Properties physicalConnectProperties = new Properties();
46         if (connectProperties != null) {
47             physicalConnectProperties.putAll(connectProperties);
48         }
49 
50         if (user != null && user.length() != 0) {
51             physicalConnectProperties.put("user", user);
52         }
53 
54         if (password != null && password.length() != 0) {
55             physicalConnectProperties.put("password", password);
56         }
57 
58         Connection conn;
59 
60         long connectStartNanos = System.nanoTime();
61         long connectedNanos, initedNanos, validatedNanos;
62         try {
63             conn = createPhysicalConnection(url, physicalConnectProperties);
64             connectedNanos = System.nanoTime();
65 
66             if (conn == null) {
67                 throw new SQLException("connect error, url " + url + ", driverClass " + this.driverClass);
68             }
69 
70             initPhysicalConnection(conn);
71             initedNanos = System.nanoTime();
72 
73             validateConnection(conn);
74             validatedNanos = System.nanoTime();
75             
76             setCreateError(null);
77         } catch (SQLException ex) {
78             setCreateError(ex);
79             throw ex;
80         } catch (RuntimeException ex) {
81             setCreateError(ex);
82             throw ex;
83         } catch (Error ex) {
84             createErrorCount.incrementAndGet();
85             throw ex;
86         } finally {
87             long nano = System.nanoTime() - connectStartNanos;
88             createTimespan += nano;
89         }
90 
91         return new PhysicalConnectionInfo(conn, connectStartNanos, connectedNanos, initedNanos, validatedNanos);
92     }
93 }

修改spring-content.xml文件的数据库连接数配置

 1 #修改之前
 2 <!-- <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"  init-method="init" destroy-method="close"> -->
 3 
 4 #修改之后
 5 <bean id="dataSource"class="com.thinkgem.jeesite.common.encrypt.DruidDataSource" 
 6         init-method="init" destroy-method="close">
 7         <!-- 数据源驱动类可不写,Druid默认会自动根据URL识别DriverClass -->
 8         <property name="driverClassName" value="${jdbc.driver}" />
10         <!-- 基本属性 url、user、password -->
11         <property name="url" value="${jdbc.url}" />
12         <property name="username" value="${jdbc.username}" />
13         <property name="password" value="${jdbc.password}" />
14 
15     </bean>

至此,数据库密文配置连接就完成了!


原文链接:https://www.cnblogs.com/zhaosq/p/11321157.html
如有疑问请与原作者联系

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:ZIP文件压缩

下一篇:[Spring cloud 一步步实现广告系统] 14. 全量索引代码实现