Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to encrypt the configuration item by Spring Boot". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to encrypt the configuration item by Spring Boot".

Spring Boot's built-in properties support makes it easy for us to read properties. There are two main types of properties in Properties files: system built-in properties (including individual starter) and user-defined properties. The built-in properties of the system are loaded automatically when the project starts, so there is no need for us to write the relevant loading method, while the custom properties need to write the loading operation.

In our work, we will encounter the need that some properties (such as passwords) in the configuration file must be configured with encrypted strings in order to avoid the exposure of sensitive information. After the system is started, the plaintext can be solved automatically according to our custom decryption method. What do we need to do with such a requirement?

Automatic decryption of user-defined attributes

If we have custom properties:

Application.properties

Username=paulpassword=$%&* (* * (# encrypted string)

We can use PostConstruct annotations to automatically execute the decryption method when an instance of the bean is created. As follows:

@ Value ("${password}") private String password;// means that @ PostConstructpublic void init () {/ / calls our own decryption method password = PasswordUtil.decode (password) automatically when the bean is created;} decryption processing of the system's built-in attributes

For example, there are attributes like the following:

Application.properties

Spring.datasource.username=rmprojectspring.datasource.password=MTJiN3JtcHJvamVjdA==

The password of the Spring data source is encrypted. But this property is loaded by Spring Boot itself, and we want to interfere with its loading process, which is much more troublesome than dealing with the properties we wrote.

The following is to introduce a tool jasypt-spring-boot-starter. It allows you to process attributes before Spring Boot loads them.

The address of the project GitHub is: https://github.com/ulisesbocchio/jasypt-spring-boot

How to use Jasypt-spring-boot-starter

We introduced the dependency of the project:

Pom.xml

Com.github.ulisesbocchio jasypt-spring-boot-starter 2.0.0

First, we need to define a tag that tells the tool which attributes need to be decrypted. For example, we add the words * * {cipher} * * before the encrypted attribute:

Application.properties

Spring.datasource.username=rmprojectspring.datasource.password= {cipher} MTJiN3JtcHJvamVjdA==

To support custom cryptographic attribute prefixes, you need to provide your own implemented EncryptablePropertyDetector class

Public class MyEncryptablePropertyDetector implements EncryptablePropertyDetector {public static final String ENCODED_PASSWORD_HINT = "{cipher}"; / / if the attribute begins with "{cipher}", true is returned, indicating that the attribute is encrypted @ Override public boolean isEncrypted (String s) {if (null! = s) {return s.startsWith (ENCODED_PASSWORD_HINT);} return false } / / this method tells the tool how to remove the custom prefix @ Override public String unwrapEncryptedValue (String s) {return s.substring (ENCODED_PASSWORD_HINT.length ());}}

With the detection method for custom encryption attributes, we also need to tell the tool how to decrypt:

Public class MyEncryptablePropertyResolver implements EncryptablePropertyResolver {/ / Custom decryption method @ Override public String resolvePropertyValue (String s) {if (null! = s & & s.startsWith (MyEncryptablePropertyDetector.ENCODED_PASSWORD_HINT)) {return PasswordUtil.decode (s.substring (MyEncryptablePropertyDetector.ENCODED_PASSWORD_HINT.length ();} return s;}}

Finally, we need to register them as bean

Add this annotation to the @ SpringBootApplication// entry class and turn on @ EnableEncryptablePropertiespublic class DemoSpringBootApplication {/ / register the two bean @ Bean (name = "encryptablePropertyDetector") public EncryptablePropertyDetector encryptablePropertyDetector () {return new MyEncryptablePropertyDetector ();} @ Bean (name = "encryptablePropertyResolver") public EncryptablePropertyResolver encryptablePropertyResolver () {return new MyEncryptablePropertyResolver ();}}

At this point, you are done, and you can start the project to try the effect.

At this point, I believe you have a deeper understanding of "how Spring Boot encrypts configuration items". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.