SSM数据库账号密码加密

使用SSM框架开发WEB项目时，数据库的账号密码一般会写在dbconfig.properties里，为了做到保护版权等效果，要对数据库账号密码进行加密，一共有分为三步。

一、创建DESUtil类

提供自定义密钥，加密解密的方法。

package com.mon.util;import sun.misc.BASE64Decoder;import sun.misc.BASE64Encoder;import javax.crypto.Cipher;import javax.crypto.KeyGenerator;import java.security.Key;import java.security.SecureRandom;/*** Created by Wongy on /10/30.*/public class DESUtil {private static Key key;//自己的密钥private static String KEY_STR = "mykey";static {try {KeyGenerator generator = KeyGenerator.getInstance("DES");SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");secureRandom.setSeed(KEY_STR.getBytes());generator.init(secureRandom);key = generator.generateKey();generator = null;} catch (Exception e) {throw new RuntimeException(e);}}/*** 对字符串进行加密，返回BASE64的加密字符串** @param str* @return* @see [类、类#方法、类#成员]*/public static String getEncryptString(String str) {BASE64Encoder base64Encoder = new BASE64Encoder();try {byte[] strBytes = str.getBytes("UTF-8");Cipher cipher = Cipher.getInstance("DES");cipher.init(Cipher.ENCRYPT_MODE, key);byte[] encryptStrBytes = cipher.doFinal(strBytes);return base64Encoder.encode(encryptStrBytes);} catch (Exception e) {throw new RuntimeException(e);}}/*** 对BASE64加密字符串进行解密**/public static String getDecryptString(String str) {BASE64Decoder base64Decoder = new BASE64Decoder();try {byte[] strBytes = base64Decoder.decodeBuffer(str);Cipher cipher = Cipher.getInstance("DES");cipher.init(Cipher.DECRYPT_MODE, key);byte[] encryptStrBytes = cipher.doFinal(strBytes);return new String(encryptStrBytes, "UTF-8");} catch (Exception e) {throw new RuntimeException(e);}}public static void main(String[] args) {String name = "root";String password = "hzdy";String encryname = getEncryptString(name);String encrypassword = getEncryptString(password);System.out.println("encryname : " + encryname);System.out.println("encrypassword : " + encrypassword);System.out.println("name : " + getDecryptString(encryname));System.out.println("password : " + getDecryptString(encrypassword));}}

二、 创建EncryptPropertyPlaceholderConfigurer类

建立与配置文件的关联。

package com.mon.util;import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;public class EncryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {//属性需与配置文件的KEY保持一直private String[] encryptPropNames = {"jdbc.username", "jdbc.password"};@Overrideprotected String convertProperty(String propertyName, String propertyValue) {//如果在加密属性名单中发现该属性 if (isEncryptProp(propertyName)) {String decryptValue = DESUtil.getDecryptString(propertyValue);System.out.println(decryptValue);return decryptValue;} else {return propertyValue;}}private boolean isEncryptProp(String propertyName) {for (String encryptName : encryptPropNames) {if (encryptName.equals(propertyName)) {return true;}}return false;}}

修改配置文件

将spring-context中的<context:property-placeholder location="classpath:.properties" />修改为<bean class="com.mon.util.EncryptPropertyPlaceholderConfigurer"p:locations="classpath:*.properties"/>//注意只能存在一个读取配置文件的bean，否则系统只会读取最前面的

这个时候就能实现，在配置文件中写密文，系统读取时自动变成明文的效果。