有没有一种方法可以使Jasypt在Springboot中具有自定义加密

时间:2019-04-17 18:12:54

标签: spring-boot encryption jasypt symmetric

我需要加密bootstrap.yml文件中的数据库密码,为此,我们决定使用-

jasypt

我正在使用Jasypt 1.18版本和Spring Boot 1.5.13版本。

最新版本的jasypt-spring-boot:2.1.1不支持spring boot 1.5.13版本,因此我要使用旧版本。

我的要求是将密钥保存在文件中,该文件在创建映像期间复制到映像中,并且其路径在bootstrap.yml中设置

不对称加密是不可能的,因为它再次出现在最新的jar中。

请提出实现此目标的方法?

================================================ ================

jaspyt提供了3种不同的方法来加密密码。 我尝试了First two方法,并且能够成功进行加密/解密,但是问题是必须将密钥作为环境或系统属性来传递。

第三种方法是使用自定义JASYPT加密器。我以为这种解决方案是我在寻找可以将密码保存在外部文件中并从bootstrap.yml传递路径的解决方案。

pom.xml 

<dependency>
     <groupId>com.github.ulisesbocchio</groupId>
     <artifactId>jasypt-spring-boot-starter</artifactId>
     <version>1.18</version>
</dependency>

配置类

@Bean(name = "encryptorBean")
public StringEncryptor stringEncryptor() {
    PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
    SimpleStringPBEConfig config = new SimpleStringPBEConfig();
    \\ will add code here to get the password from the file                                 
    config.setPassword("Read from a file"); 
    config.setAlgorithm("PBEWithMD5AndDES");
    config.setKeyObtentionIterations("1000");
    config.setPoolSize("1");
    config.setProviderName("SunJCE");
    config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
    config.setStringOutputType("base64");
    encryptor.setConfig(config);
    return encryptor;
}

bootstrap.yml 

jasypt:
  encryptor:
    bean: encryptorBean

使用此代码,我得到以下异常-

Caused by: java.lang.IllegalStateException: Required Encryption configuration property missing: jasypt.encryptor.password
    at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.getRequiredProperty(DefaultLazyEncryptor.java:70) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.createDefault(DefaultLazyEncryptor.java:45) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.lambda$new$2(DefaultLazyEncryptor.java:34) ~[jasypt-spring-boot-1.18.jar:na]
    at java.util.Optional.orElseGet(Unknown Source) ~[na:1.8.0_191]
    at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.lambda$new$3(DefaultLazyEncryptor.java:32) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.util.Singleton.lambda$new$1(Singleton.java:20) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.util.Singleton.get(Singleton.java:31) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.decrypt(DefaultLazyEncryptor.java:82) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.resolvePropertyValue(DefaultPropertyResolver.java:35) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.resolver.DefaultLazyPropertyResolver.resolvePropertyValue(DefaultLazyPropertyResolver.java:41) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.EncryptablePropertySource.getProperty(EncryptablePropertySource.java:16) ~[jasypt-spring-boot-1.18.jar:na]
    at com.ulisesbocchio.jasyptspringboot.wrapper.EncryptableMapPropertySourceWrapper.getProperty(EncryptableMapPropertySourceWrapper.java:29) ~[jasypt-spring-boot-1.18.jar:na]
    at org.springframework.boot.bind.PropertySourcesPropertyValues.getEnumerableProperty(PropertySourcesPropertyValues.java:166) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.boot.bind.PropertySourcesPropertyValues.processEnumerablePropertySource(PropertySourcesPropertyValues.java:149) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.boot.bind.PropertySourcesPropertyValues.processPropertySource(PropertySourcesPropertyValues.java:128) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.boot.bind.PropertySourcesPropertyValues.<init>(PropertySourcesPropertyValues.java:118) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.boot.bind.PropertiesConfigurationFactory.getPropertySourcesPropertyValues(PropertiesConfigurationFactory.java:331) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.boot.bind.PropertiesConfigurationFactory.doBindPropertiesToTarget(PropertiesConfigurationFactory.java:285) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.boot.bind.PropertiesConfigurationFactory.bindPropertiesToTarget(PropertiesConfigurationFactory.java:250) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    at org.springframework.boot.context.properties.ConfigurationPropertiesBindingPostProcessor.postProcessBeforeInitialization(ConfigurationPropertiesBindingPostProcessor.java:331) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
    ... 58 common frames omitted

为什么当我实际上使用自定义加密方法时却要求jasypt.encryptor.password,而我在bootstrap.yml中反抗了bean“ encryptorBean”

================================================ ==========

我还浏览了Github,在那里提出了类似的问题,他们告诉他们使用下面的依赖,但是使用这种方法,我什至无法加载jasypt。 

<dependency>
     <groupId>com.github.ulisesbocchio</groupId>
     <artifactId>jasypt-spring-boot</artifactId>
     <version>1.18</version>
</dependency>

https://github.com/ulisesbocchio/jasypt-spring-boot/issues/79

如果有人可以帮助我解决问题,那就太好了。

1 个答案:

答案 0 :(得分:0)

将bean名称更改为jasyptStringEncryptor:

> @Bean(name = "jasyptStringEncryptor") public StringEncryptor
> stringEncryptor() {

OR

设置jasypt.encryptor.bean属性

jasypt.encryptor.bean=encryptorBean

参考:https://github.com/ulisesbocchio/jasypt-spring-boot#use-you-own-custom-encryptor

相关问题
最新问题