Spring 加密和解密属性文件中的 API 密钥
Spring encrypt and decrypt API key in properties file
原问题
我在 Tomcat 中有一个属性文件,在 src/test/resources 中有一个用于测试的属性文件。
目前我有以下设置。我的属性文件加载到我的 XML 文件中
config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:cache="http://www.springframework.org/schema/cache"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
<!-- ========================= RESOURCE DEFINITIONS ========================= -->
<context:component-scan base-package="be.omniatravel.service" />
<context:property-placeholder
location="file:${catalina.base}/conf/omniatravel.properties"
ignore-unresolvable="true" />
<tx:annotation-driven />
</beans>
测试-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:cache="http://www.springframework.org/schema/cache"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
<!-- ========================= RESOURCE DEFINITIONS ========================= -->
<context:component-scan base-package="be.omniatravel.service" />
<context:property-placeholder
location="classpath:omniatravel_test.properties"
ignore-unresolvable="true" />
<tx:annotation-driven />
</beans>
我可以通过将其放入我的 Java 文件中来访问这些值
public class SunnycarsClient extends WebServiceGatewaySupport {
@Value("${sunnycars.serviceUri}")
private String uri; // provided by the webservice
@Value("${sunnycars.operatingKey}")
private String key; // provide by the webservice
@Value("${sunnycars.passphrase}")
private String passphrase; // provided by the webservice
}
目前,操作密钥和密码短语作为平面文本存储在这些属性中。我想将它们存储为加密值以将风险降至最低,并且仍然能够以我现在的方式访问。
更新 1
所以我现在所做的就是将 config.xml 的内容替换为
<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:cache="http://www.springframework.org/schema/cache"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
<!-- ========================= RESOURCE DEFINITIONS ========================= -->
<context:component-scan base-package="be.omniatravel.service" />
<!-- bean definitions -->
<bean
class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg>
<bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config">
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="locations">
<list>
<value>file:${catalina.base}/conf/omniatravel.properties</value>
</list>
</property>
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="sunnycarsMarshallerUri">
<value>${sunnycars.marshallerUri}</value>
</property>
<property name="sunnycarsServiceUri">
<value>${sunnycars.serviceUri}</value>
</property>
<property name="sunnycarsContextPath">
<value>${sunnycars.contextPath}</value>
</property>
<property name="sunnycarsOperatingKey">
<value>${sunnycars.operatingKey}</value>
</property>
<property name="sunnycarsPassphrase">
<value>${sunnycars.passphrase}</value>
</property>
</bean>
<tx:annotation-driven />
</beans>
但我仍然不清楚我应该如何从我的 Java 代码访问这些。
同样在属性文件中,我应该将 sunnycars.operatingKey = THE_KEY 替换为 sunnycars.operatingKey = enc(ENCRYPTED_KEY),但是如何得到ENCRYPTED_KEY值呢?
看看 Jasypt。它支持加密属性(http://www.jasypt.org/spring31.html)。
首先你必须从 http://www.jasypt.org/
下载 jasypt1.9* 工具包
和
尝试使用 cmd 中的以下命令 运行 encrypt.dat 文件 like
encrypt.date 输入=[你的 属性 文件值] 密码=[加密密钥值]
它会产生
您需要在属性文件中替换的加密值的输出
=ENC(output encrypted value)
..
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="password" value="APP_ENCRYPTION_PASSWORD" />
</bean> ..
你也可以在 class 文件中硬编码密码并分配给 bean
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="password" value="#Key.keyValue}" />
</bean>
其中 Key.keyValue 是键 class 的静态方法。
原问题
我在 Tomcat 中有一个属性文件,在 src/test/resources 中有一个用于测试的属性文件。
目前我有以下设置。我的属性文件加载到我的 XML 文件中 config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:cache="http://www.springframework.org/schema/cache"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
<!-- ========================= RESOURCE DEFINITIONS ========================= -->
<context:component-scan base-package="be.omniatravel.service" />
<context:property-placeholder
location="file:${catalina.base}/conf/omniatravel.properties"
ignore-unresolvable="true" />
<tx:annotation-driven />
</beans>
测试-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:cache="http://www.springframework.org/schema/cache"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
<!-- ========================= RESOURCE DEFINITIONS ========================= -->
<context:component-scan base-package="be.omniatravel.service" />
<context:property-placeholder
location="classpath:omniatravel_test.properties"
ignore-unresolvable="true" />
<tx:annotation-driven />
</beans>
我可以通过将其放入我的 Java 文件中来访问这些值
public class SunnycarsClient extends WebServiceGatewaySupport {
@Value("${sunnycars.serviceUri}")
private String uri; // provided by the webservice
@Value("${sunnycars.operatingKey}")
private String key; // provide by the webservice
@Value("${sunnycars.passphrase}")
private String passphrase; // provided by the webservice
}
目前,操作密钥和密码短语作为平面文本存储在这些属性中。我想将它们存储为加密值以将风险降至最低,并且仍然能够以我现在的方式访问。
更新 1
所以我现在所做的就是将 config.xml 的内容替换为
<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:cache="http://www.springframework.org/schema/cache"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
<!-- ========================= RESOURCE DEFINITIONS ========================= -->
<context:component-scan base-package="be.omniatravel.service" />
<!-- bean definitions -->
<bean
class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg>
<bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config">
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="locations">
<list>
<value>file:${catalina.base}/conf/omniatravel.properties</value>
</list>
</property>
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="sunnycarsMarshallerUri">
<value>${sunnycars.marshallerUri}</value>
</property>
<property name="sunnycarsServiceUri">
<value>${sunnycars.serviceUri}</value>
</property>
<property name="sunnycarsContextPath">
<value>${sunnycars.contextPath}</value>
</property>
<property name="sunnycarsOperatingKey">
<value>${sunnycars.operatingKey}</value>
</property>
<property name="sunnycarsPassphrase">
<value>${sunnycars.passphrase}</value>
</property>
</bean>
<tx:annotation-driven />
</beans>
但我仍然不清楚我应该如何从我的 Java 代码访问这些。
同样在属性文件中,我应该将 sunnycars.operatingKey = THE_KEY 替换为 sunnycars.operatingKey = enc(ENCRYPTED_KEY),但是如何得到ENCRYPTED_KEY值呢?
看看 Jasypt。它支持加密属性(http://www.jasypt.org/spring31.html)。
首先你必须从 http://www.jasypt.org/
下载 jasypt1.9* 工具包和
尝试使用 cmd 中的以下命令 运行 encrypt.dat 文件 like
encrypt.date 输入=[你的 属性 文件值] 密码=[加密密钥值] 它会产生 您需要在属性文件中替换的加密值的输出
=ENC(output encrypted value)
..
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="password" value="APP_ENCRYPTION_PASSWORD" />
</bean> ..
你也可以在 class 文件中硬编码密码并分配给 bean
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="password" value="#Key.keyValue}" />
</bean>
其中 Key.keyValue 是键 class 的静态方法。