当前位置：首页 > news >正文

SpringBoot集成jasypt对yml文件指定参数加密并自定义@bean隐藏密钥

news 2025/8/16 0:57:03

1、查看SpringBoot和jasypt对应版本。
Jasypt 1.9.x 通常与 Spring Boot 1.5.x 相对应。
Jasypt 2.1.x 通常与 Spring Boot 2.0.x 相对应。
Jasypt 3.x 通常与 Spring Boot 2.1.x相对应。
2、引入maven

<dependency><groupId>com.github.ulisesbocchio</groupId><artifactId>jasypt-spring-boot-starter</artifactId><version>3.0.3</version>
</dependency>
<dependency><groupId>com.github.ulisesbocchio</groupId><artifactId>jasypt-spring-boot</artifactId><version>3.0.3</version>
</dependency>
<dependency><groupId>org.jasypt</groupId><artifactId>jasypt</artifactId><version>1.9.3</version>
</dependency>

3、新建JasyptController方法来获取加密解密、也可以用main方法获取。

@RequestMapping("/m")
public class JasyptController {@GetMapping("/o")public String output(String key) {String message = "www.baidu,com";String strJasyp = stringEncryptor(message, key, true);return "ENC("+strJasyp+")";}@PostMapping("/s")//这里使用JSONObject 接收、防止有特殊符号被转义掉。public String select(@RequestBody JSONObject jsonObject) {String message = "www.baidu,com";String jasyptEncrypt1 = stringEncryptor(message, jsonObject.getString("key"), false);return jasyptEncrypt1;}public static String stringEncryptor(String secretKey, String message, boolean isEncrypt) {PooledPBEStringEncryptor pooledPBEStringEncryptor = new PooledPBEStringEncryptor();pooledPBEStringEncryptor.setConfig(getSimpleStringPBEConfig(secretKey));String result = isEncrypt ? pooledPBEStringEncryptor.encrypt(message) : pooledPBEStringEncryptor.decrypt(message);return result;}private static PBEConfig getSimpleStringPBEConfig(String secretKey) {SimpleStringPBEConfig config = new SimpleStringPBEConfig();config.setPassword(secretKey);config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");config.setStringOutputType("base64");config.setPoolSize("1");config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");//加密方法config.setKeyObtentionIterations("1000");config.setProviderName("SunJCE");return config;}public static void main(String[] args) throws Exception {String message = "www.baidu,com";//密钥String password = "www";String passwordJasyp = stringEncryptor(message, password, true);System.out.println("password:ENC("+passwordJasyp+")");String jasyptEncrypt = stringEncryptor(message, "加密后的字符串", false);System.out.println(jasyptEncrypt);}}

4、加密后的密码放入对应的配置文件里面。加密后的密码要放入ENC()进行后续解析。并加入jasypt配置。

driver-class-name: dm.jdbc.driver.DmDriver
url: ENC(19ZBcsVnQdVRRQwsQyqyiCwI1Rf7jmB/2H6VXeSSaKGpzy2UU1+L1pM6/lrfNQnbCo=)
username: ENC(9Df7wDeAaOpDmWp/l6cuJRwyCZNd/KCN)
password: ENC(U+A2cGFir41Uaf1/BzNT3G9ecYw6)

jasypt:encryptor:bean: encryptorBean //此处为自定义,用来隐藏密钥，不在环境配置及配置文件直接出现。

5、增加@Bean(“encryptorBean”)进行秘钥等配置解析。

@Configuration
public class JasyptConfig {@Bean("encryptorBean")public StringEncryptor stringEncryptor() {PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();SimpleStringPBEConfig config = new SimpleStringPBEConfig();config.setPassword("www.baidu.com");config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");config.setKeyObtentionIterations("1000");config.setPoolSize("1");config.setProviderName("SunJCE");config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");config.setStringOutputType("base64");encryptor.setConfig(config);return encryptor;}}