Spring加密和解密属性文件中的API密钥

2024-01-12

原始问题

我有一个位于 Tomcat 中的属性文件和一个位于 src/test/resources 中的用于测试的属性文件。

目前我有以下设置。我的属性文件加载到我的 XML 文件中配置文件

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="file:${catalina.base}/conf/omniatravel.properties"
        ignore-unresolvable="true" />
        

    <tx:annotation-driven />

</beans>

测试配置.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="classpath:omniatravel_test.properties"
        ignore-unresolvable="true" />
        

    <tx:annotation-driven />

</beans>

我可以通过将其放入我的 Java 文件中来访问这些值

public class SunnycarsClient extends WebServiceGatewaySupport {

    @Value("${sunnycars.serviceUri}")
    private String uri; // provided by the webservice
    
    @Value("${sunnycars.operatingKey}")
    private String key; // provide by the webservice
    
    @Value("${sunnycars.passphrase}")
    private String passphrase; // provided by the webservice

}

目前，操作密钥和密码作为平面文本存储在这些属性中。我想将它们存储为加密值，以最大限度地降低风险，并且仍然能够以我现在的方式进行访问。

Update 1

所以我现在所做的是将 config.xml 的内容替换为

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />

    <!-- bean definitions -->

    <bean
        class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
        <constructor-arg>
            <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
                <property name="config">
                    <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                        <property name="algorithm" value="PBEWithMD5AndDES" />
                        <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
                    </bean>
                </property>
            </bean>
        </constructor-arg>
        <property name="locations">
            <list>
                <value>file:${catalina.base}/conf/omniatravel.properties</value>
            </list>
        </property>
    </bean>

    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
        destroy-method="close">
        <property name="sunnycarsMarshallerUri">
            <value>${sunnycars.marshallerUri}</value>
        </property>
        <property name="sunnycarsServiceUri">
            <value>${sunnycars.serviceUri}</value>
        </property>
        <property name="sunnycarsContextPath">
            <value>${sunnycars.contextPath}</value>
        </property>
        <property name="sunnycarsOperatingKey">
            <value>${sunnycars.operatingKey}</value>
        </property>
        <property name="sunnycarsPassphrase">
            <value>${sunnycars.passphrase}</value>
        </property>
    </bean>

    <tx:annotation-driven />

</beans>

但我仍然不清楚如何从 Java 代码中访问这些内容。

另外在属性文件中我应该替换sunnycars.operatingKey = THE_KEY with sunnycars.operatingKey = enc(ENCRYPTED_KEY)，但是如何获得 ENCRYPTED_KEY 值呢？

首先，您必须从以下位置下载 jasypt1.9* 工具包http://www.jasypt.org/ http://www.jasypt.org/

和尝试运行encrypt.dat文件中包含以下命令cmd like

encrypt.date input=[您的属性文件值] 密码=[加密密钥值] 它会生成您需要在属性文件中替换的加密值的输出和

=ENC(输出加密值)

 .. 

        <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="APP_ENCRYPTION_PASSWORD" />
       </bean> ..

您还可以在类文件中硬编码密码并分配给 bean

<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="#Key.keyValue}" />
       </bean>

其中 Key.keyValue 是 Key 类的静态方法。

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系:hwhale#tublm.com(使用前将#替换为@)

Java

xml

Spring

Encryption

propertiesfile