文章目录
1. 导入依赖2. yml中添加配置文件3. 加解密工具类4. 敏感信息替换5. 编译打包6. 启动项目1. 导入依赖
<!--敏感信息加密--><dependency><groupId>com.github.ulisesbocchio</groupId><artifactId>jasypt-spring-boot-starter</artifactId><version>3.0.4</version></dependency>
2. yml中添加配置文件
第一种(盐值配置yml中,不推荐):
jasypt:encryptor:# 盐加密password: aabbcc# 指定加密方式algorithm: PBEWithMD5AndDESiv-generator-classname: org.jasypt.iv.NoIvGenerator
第二种(盐值不配置yml中,推荐使用):
jasypt:encryptor:# 指定加密方式algorithm: PBEWithMD5AndDESiv-generator-classname: org.jasypt.iv.NoIvGenerator
3. 加解密工具类
package com.gblfy.ws.utils;import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;/*** 加解密工具类** @author gblfy* @date -09-19**/public class JasyptUtil {/*** Jasypt生成加密结果** @param password 配置文件中设定的加密盐值* @param value 加密值* @return*/public static String encyptPwd(String password, String value) {PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();encryptor.setConfig(cryptor(password));String result = encryptor.encrypt(value);return result;}/*** 解密** @param password 配置文件中设定的加密盐值* @param value 解密密文* @return*/public static String decyptPwd(String password, String value) {PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();encryptor.setConfig(cryptor(password));String result = encryptor.decrypt(value);return result;}public static SimpleStringPBEConfig cryptor(String password) {SimpleStringPBEConfig config = new SimpleStringPBEConfig();config.setPassword(password);config.setAlgorithm("PBEWithMD5AndDES");config.setKeyObtentionIterations("1000");config.setPoolSize("1");config.setProviderName("SunJCE");config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");config.setStringOutputType("base64");return config;}public static void main(String[] args) {String slat = "";// 加密String encPwd = encyptPwd(slat, "123456");// 解密String decPwd = decyptPwd(slat, encPwd);System.out.println(encPwd);System.out.println(decPwd);}}
4. 敏感信息替换
5. 编译打包
mvn clean install -DskipTests
6. 启动项目
第一种(盐值明文启动):java -Djasypt.encryptor.password= -jar unified-access-center-0.0.1-SNAPSHOT.jar
第二种(盐值表达式启动):
在服务器的环境变量里配置,进一步提高安全性
# 打开/etc/profile文件vim /etc/profile# 文件末尾插入export JASYPT_PASSWORD =# 编译 source /etc/profile运行 java -jar -Djasypt.encryptor.password=${JASYPT_PASSWORD} xxx.jar
java -Djasypt.encryptor.password=${JASYPT_PASSWORD} -jar unified-access-center-0.0.1-SNAPSHOT.jar
