Shulou(Shulou.com)06/01 Report--

Introduction

Our company is engaged in the research and development of some projects involving secret applications of information security, which is divided into three steps. Compared with ordinary companies and general projects, the requirements for information security are more stringent. Leaders require that the amount of data and the user name and password information of users must be configured and stored in ciphertext, which involves the same user name and password of the database in the jdbc.properties file. Need to configure the ciphertext, and then load and decrypt the plaintext to connect to the database when connecting. The following is the implementation process, which is divided into three steps.

First, create the DESUtil class

Provide a custom key, encryption and decryption methods.

Package com.hzdy.DCAD.common.util;import sun.misc.BASE64Decoder;import sun.misc.BASE64Encoder;import javax.crypto.Cipher;import javax.crypto.KeyGenerator;import java.security.Key;import java.security.SecureRandom;/** * Created by Wongy on 2019-8-8. * / public class DESUtil {private static Key key; / / own key private static String KEY_STR = "mykey"; static {try {KeyGenerator generator = KeyGenerator.getInstance ("DES") SecureRandom secureRandom = SecureRandom.getInstance ("SHA1PRNG"); secureRandom.setSeed (KEY_STR.getBytes ()); generator.init (secureRandom); key = generator.generateKey (); generator = null;} catch (Exception e) {throw new RuntimeException (e) Encrypt the string and return the encrypted string of BASE64 * * @ param str * @ return * @ see [class # method, class # member] * / public static String getEncryptString (String str) {BASE64Encoder base64Encoder = new BASE64Encoder (); try {byte [] strBytes = str.getBytes ("UTF-8"); Cipher cipher = Cipher.getInstance ("DES") Cipher.init (Cipher.ENCRYPT_MODE, key); byte [] encryptStrBytes = cipher.doFinal (strBytes); return base64Encoder.encode (encryptStrBytes);} catch (Exception e) {throw new RuntimeException (e);}} / * * decrypt BASE64 encrypted string * / public static String getDecryptString (String str) {BASE64Decoder base64Decoder = new BASE64Decoder () Try {byte [] strBytes = base64Decoder.decodeBuffer (str); Cipher cipher = Cipher.getInstance ("DES"); cipher.init (Cipher.DECRYPT_MODE, key); byte [] encryptStrBytes = cipher.doFinal (strBytes); return new String (encryptStrBytes, "UTF-8");} catch (Exception e) {throw new RuntimeException (e);}} public static void main (String [] args) {String name = "dbuser" String password = "waction2016"; String encryname = getEncryptString (name); String encrypassword = getEncryptString (password); System.out.println ("encryname:" + encryname); System.out.println ("encrypassword:" + encrypassword); System.out.println ("name:" + getDecryptString (encryname)); System.out.println ("password:" + getDecryptString (encrypassword));}}

Second, create the EncryptPropertyPlaceholderConfigurer class

Establish an association with the configuration file.

The package com.hzdy.DCAD.common.util;import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {/ / attribute needs to be maintained with the KEY of the configuration file private String [] encryptPropNames = {"jdbc.username", "jdbc.password"}; @ Override protected String convertProperty (String propertyName, String propertyValue) {/ / if the attribute if (isEncryptProp (propertyName)) {String decryptValue = DESUtil.getDecryptString (propertyValue) is found in the list of encrypted attributes System.out.println (decryptValue); return decryptValue;} else {return propertyValue;}} private boolean isEncryptProp (String propertyName) {for (String encryptName: encryptPropNames) {if (encryptName.equals (propertyName)) {return true;}} return false;}}

3. Modify the configuration file jdbc.properties

# before encryption configuration # after jdbc.driver=com.mysql.jdbc.Driver#jdbc.user=root#jdbc.password=root#jdbc.url=jdbc:mysql://localhost:3306/bookstore# encryption configuration jdbc.driver=com.mysql.jdbc.Driverjdbc.user=Ov4j7fKiCzY=jdbc.password=Ov4j7fKiCzY=jdbc.url=jdbc:mysql://localhost:3306/bookstore

IV. Modify the spring-content.xml configuration file

Modify spring-context to / / Note that there can only be one bean that reads the configuration file, otherwise the system will only read the first

Note: if it is found that the username and password configured with ciphertext can be loaded and decrypted successfully, but finally connect with ciphertext and report an error, this may involve the problem of memory preloading. As soon as the project starts, the program will encrypt the username and password of the ciphertext. Even if the final decryption is successful, the ciphertext is still read by the connection database. At this time, we can rewrite the connection pool method ourselves. Have spring-content.xml load the overridden connection pooling method and decrypt it in advance when connecting.

Package com.thinkgem.jeesite.common.encrypt;import java.sql.Connection;import java.sql.SQLException;import java.util.Properties;import javax.security.auth.callback.PasswordCallback;import com.alibaba.druid.util.DruidPasswordCallback;/** * / @ SuppressWarnings ("serial") public class DruidDataSource extends com.alibaba.druid.pool.DruidDataSource {public PhysicalConnectionInfo createPhysicalConnection () throws SQLException {String url = this.getUrl (); Properties connectProperties = getConnectProperties (); String user If (getUserCallback ()! = null) {user = getUserCallback (). GetName ();} else {user = getUsername ();} / / DES decryption user = DESUtils.getDecryptString (user); String password = DESUtils.getDecryptString (getPassword ()); PasswordCallback passwordCallback = getPasswordCallback (); if (passwordCallback! = null) {if (passwordCallback instanceof DruidPasswordCallback) {DruidPasswordCallback druidPasswordCallback = (DruidPasswordCallback) passwordCallback; druidPasswordCallback.setUrl (url) DruidPasswordCallback.setProperties (connectProperties);} char [] chars = passwordCallback.getPassword (); if (chars! = null) {password = new String (chars);}} Properties physicalConnectProperties = new Properties (); if (connectProperties! = null) {physicalConnectProperties.putAll (connectProperties);} if (user! = null & user.length ()! = 0) {physicalConnectProperties.put ("user", user) } if (password! = null & & password.length ()! = 0) {physicalConnectProperties.put ("password", password);} Connection conn; long connectStartNanos = System.nanoTime (); long connectedNanos, initedNanos, validatedNanos; try {conn = createPhysicalConnection (url, physicalConnectProperties); connectedNanos = System.nanoTime (); if (conn = null) {throw new SQLException ("connect error, url" + url + ", driverClass" + this.driverClass) } initPhysicalConnection (conn); initedNanos = System.nanoTime (); validateConnection (conn); validatedNanos = System.nanoTime (); setCreateError (null);} catch (SQLException ex) {setCreateError (ex); throw ex;} catch (RuntimeException ex) {setCreateError (ex); throw ex;} catch (Error ex) {createErrorCount.incrementAndGet (); throw ex } finally {long nano = System.nanoTime ()-connectStartNanos; createTimespan + = nano;} return new PhysicalConnectionInfo (conn, connectStartNanos, connectedNanos, initedNanos, validatedNanos);}}

Modify the configuration of database connections for spring-content.xml files

# before modification # after modification

At this point, the database ciphertext configuration connection is complete!

Summary

The above is the SSM introduced by the editor to you to achieve the mysql database account password ciphertext login function, I hope to help you, if you have any questions, please leave me a message, the editor will reply to you in time. Thank you very much for your support to the website!

If you think this article is helpful to you, you are welcome to reprint it, please indicate the source, thank you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.