依赖:
<!-- 配置文件加密 -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>最新的3.0.5,我的springboot是2.6.12,对应的3.0.4版本
配置properties
jasypt.encryptor.password=jasyptpassword
jasypt.encryptor.algorithm=PBEWithMD5AndDES
jasypt.encryptor.iv-generator-classname=org.jasypt.iv.NoIvGenerator对应加密的秘钥(salt盐值),和加密算法;如果是3.0.0以前的版本,可以只指定加密秘钥,有默认算法,如果是3.0.0后的版本必须提供加密算法,因为好像默认导入的有随机IvGeneratorClassname;如果只是同一个应用里面的启动实例直接加解密应该没有问题,如果使用一次实例生产的密文,通过第二次来解密就需要配置同样的秘钥,和对应的加密算法了
private StringEncryptor createPBEDefault() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
JasyptEncryptorConfigurationProperties var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setPassword((String)this.getRequired(var10002::getPassword, this.propertyPrefix + ".password"));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setAlgorithm((String)this.get(var10002::getAlgorithm, this.propertyPrefix + ".algorithm", "PBEWITHHMACSHA512ANDAES_256"));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setKeyObtentionIterations((String)this.get(var10002::getKeyObtentionIterations, this.propertyPrefix + ".key-obtention-iterations", "1000"));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setPoolSize((String)this.get(var10002::getPoolSize, this.propertyPrefix + ".pool-size", "1"));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setProviderName((String)this.get(var10002::getProviderName, this.propertyPrefix + ".provider-name", (Object)null));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setProviderClassName((String)this.get(var10002::getProviderClassName, this.propertyPrefix + ".provider-class-name", (Object)null));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setSaltGeneratorClassName((String)this.get(var10002::getSaltGeneratorClassname, this.propertyPrefix + ".salt-generator-classname", "org.jasypt.salt.RandomSaltGenerator"));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setIvGeneratorClassName((String)this.get(var10002::getIvGeneratorClassname, this.propertyPrefix + ".iv-generator-classname", "org.jasypt.iv.RandomIvGenerator"));
var10002 = this.configProps;
Objects.requireNonNull(var10002);
config.setStringOutputType((String)this.get(var10002::getStringOutputType, this.propertyPrefix + ".string-output-type", "base64"));
encryptor.setConfig(config);
return encryptor;
对应的测试文件
package com.imddysc.jtestpro;
import org.jasypt.encryption.StringEncryptor;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import javax.annotation.Resource;
@SpringBootTest
@RunWith(SpringRunner.class)
public class EncryptorTest {
@Resource
private StringEncryptor jasyptStringEncryptor;
@Test
public void encode() {
System.out.println( "加密密文:" + jasyptStringEncryptor.encrypt("admin") );
System.out.println("解密密文:" + jasyptStringEncryptor.decrypt(jasyptStringEncryptor.encrypt("admin")));
}
@Test
public void encode1() {
System.out.println("解密密文:" + jasyptStringEncryptor.decrypt("B6lb0KWHaelXGKul+8pyjA=="));
System.out.println("解密密文:" + jasyptStringEncryptor.decrypt("lglDrLUV8KHF1Yvg6s8b7w=="));
}
}自定义加密前缀、后缀: 如果不想使用 ENC来作为加密前缀,那么可以通过配置文件修改:
# 前缀
jasypt.encryptor.property.prefix=SUPERENC(
# 后缀
jasypt.encryptor.property.suffix=)SUPERENCEND那么,密码的格式如下:
jdbc.password=SUPERENC(B6lb0KWHaelXGKul+8pyjA==)SUPERENCEND
redis.password=SUPERENC(lglDrLUV8KHF1Yvg6s8b7w==)SUPERENCEND
自定义加密方案
配置类
@Configuration
public class MyEncryptorCfg {
/**
* @Description 自定义的加密器配置
* @author chenJY
* @date 2022/11/18 9:52
* @return StringEncryptor
*/
@Bean(name = "myStringEncryptor")
public StringEncryptor myStringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword("Chen");
config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}
}- 注意1: bean必须重命名,bean默认名是 jasyptStringEncryptor,当我们要自定义加密方案的时候,就必须重命名。
- 注意2: 需要在配置文件中加入如下配置:
jasypt:
encryptor:
bean: myStringEncryptor并修改测试类:
@Autowired
private StringEncryptor myStringEncryptor;
另外还有个
jasypt:
encryptor:
algorithm: PBEWithMD5AndDES
password: jasyptpassword
salt-generator-classname: org.jasypt.salt.ZeroSaltGenerator
iv-generator-classname: org.jasypt.iv.NoIvGeneratorsalt-generator-classname,它也是一个比较重要的salt参数,有0盐还有随机盐等。
