springboot自定义加密数据库密码

具体思路

springboot 启动时候动态解密数据库密码
数据库密码在 springboot 配置文件中
springboot 启动完成前得到 spring.datasource.password
解密数据库密码

新建springboot项目

application.properties

# 应用名称
spring.application.name=demo
#下面这些内容是为了让MyBatis映射
#指定Mybatis的Mapper文件
mybatis.mapper-locations=classpath:mappers/*xml
#指定Mybatis的实体目录
mybatis.type-aliases-package=com.example.demo.mybatis.entity

# 应用服务 WEB 访问端口
server.port=8080
# 数据库驱动：
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
# 数据源名称
spring.datasource.name=defaultDataSource
# 数据库连接地址
spring.datasource.url=jdbc:mysql://192.168.56.10:3306/zhenhe?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai
# 数据库用户名&密码：
spring.datasource.username=root
spring.datasource.password=032cd8ba6bc515c2e7986e6dfa0918a6

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

实现 EnvironmentPostProccessor

MySqlPasswordSecurityProcessor.java

package com.example.config;

import cn.hutool.core.map.MapUtil;
import cn.hutool.crypto.Mode;
import cn.hutool.crypto.Padding;
import cn.hutool.crypto.symmetric.AES;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.boot.env.OriginTrackedMapPropertySource;
import org.springframework.core.Ordered;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.PropertySource;

import java.util.HashMap;

/**
 * 1.定义 EnvironmentPostProcessor 
 * 2.项目中定义 META-INF/spring.factories , 声明 自定义 的 EnvironmentPostProcessor
 */
public class MySqlPasswordSecurityProcessor implements EnvironmentPostProcessor
//        , Ordered
{

    public static final String SPRING_DATASOURCE_PASSWORD = "spring.datasource.password";

     public static final     AES AES = new AES(Mode.CBC, Padding.PKCS5Padding,
                    "1234567890123456".getBytes(), "1234567890123456".getBytes());


    @Override
    public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) {
        System.out.println("environment = " + environment + ", application = " + application);
        System.out.println(environment.getPropertySources());
        for (PropertySource<?> propertySource : environment.getPropertySources()) {

            /**
             * ConfigurationPropertySourcesPropertySource {name='configurationProperties'}
             * StubPropertySource {name='servletConfigInitParams'}
             * StubPropertySource {name='servletContextInitParams'}
             * PropertiesPropertySource {name='systemProperties'}
             * OriginAwareSystemEnvironmentPropertySource {name='systemEnvironment'}
             * RandomValuePropertySource {name='random'}
             * OriginTrackedMapPropertySource {name='applicationConfig: [classpath:/application.properties]'}
             */

//            AES aes = new AES(Mode.CBC, Padding.PKCS5Padding,
//                    "1234567890123456".getBytes(), "1234567890123456".getBytes());
//            String encryptHex = aes.encryptHex("root");
//            System.out.println(encryptHex);
//            System.out.println(aes.decryptStr(encryptHex));

            if(propertySource instanceof OriginTrackedMapPropertySource){
//                System.out.println(Arrays.toString(((OriginTrackedMapPropertySource) propertySource).getPropertyNames()));
                /**
                [spring.application.name, mybatis.mapper-locations, mybatis.type-aliases-package, server.port, spring.datasource.driver-class-name, spring.datasource.name, spring.datasource.url, spring.datasource.username, spring.datasource.password]
                 */
                String password = (String) propertySource.getProperty(SPRING_DATASOURCE_PASSWORD);
                System.out.println("加密的密码 ： "+password);
                HashMap<Object, Object> map = MapUtil.newHashMap(1);
                map.put(SPRING_DATASOURCE_PASSWORD,AES.decryptStr(password));
                System.out.println("解密后的密码： "+AES.decryptStr(password));
                OriginTrackedMapPropertySource originTrackedMapPropertySource = new OriginTrackedMapPropertySource(SPRING_DATASOURCE_PASSWORD,
                        map);
                environment.getPropertySources().addFirst(originTrackedMapPropertySource);
            }
        }
    }

//    @Override
//    public int getOrder() {
//        return Ordered.HIGHEST_PRECEDENCE + 1;
        return Ordered.HIGHEST_PRECEDENCE + 10+1;
//    }
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

添加自定义 EnvironmentPostProcessor 到 spring.factories

src/main/resources/META-INF/spring.factories

org.springframework.boot.env.EnvironmentPostProcessor=com.example.config.MySqlPasswordSecurityProcessor
1

控制台打印

environment = StandardServletEnvironment {activeProfiles=[], defaultProfiles=[default], propertySources=[ConfigurationPropertySourcesPropertySource {name=‘configurationProperties’}, StubPropertySource {name=‘servletConfigInitParams’}, StubPropertySource {name=‘servletContextInitParams’}, PropertiesPropertySource {name=‘systemProperties’}, OriginAwareSystemEnvironmentPropertySource {name=‘systemEnvironment’}, RandomValuePropertySource {name=‘random’}, OriginTrackedMapPropertySource {name=‘applicationConfig: [classpath:/application.properties]’}]}, application = org.springframework.boot.SpringApplication@4a00d9cf
[ConfigurationPropertySourcesPropertySource {name=‘configurationProperties’}, StubPropertySource {name=‘servletConfigInitParams’}, StubPropertySource {name=‘servletContextInitParams’}, PropertiesPropertySource {name=‘systemProperties’}, OriginAwareSystemEnvironmentPropertySource {name=‘systemEnvironment’}, RandomValuePropertySource {name=‘random’}, OriginTrackedMapPropertySource {name=‘applicationConfig: [classpath:/application.properties]’}]
加密的密码： 032cd8ba6bc515c2e7986e6dfa0918a6
解密后的密码： root

其它插件推荐

参考网址:

https://javazhiyin.blog.csdn.net/article/details/124521578