Druid是阿里开发的数据库连接池,通过简单的配置,可以实现数据库的连接,性能特别强大,可以在页面访问,包括监控数据库性能参数,慢SQL统计,当然还包括数据库连接等。
今天主要记录一下SpringBoot集成Druid和数据库密码加密。
一、SpringBoot集成Druid
1、增加Druid依赖
<!-- 阿里数据库连接池 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.2.11</version>
</dependency>2、配置yml
# Spring配置
spring:
# 数据源配置
datasource:
#连接池的配置信息
type: com.alibaba.druid.pool.DruidDataSource
druid:
driver-class-name: oracle.jdbc.OracleDriver
url: jdbc:oracle:thin:@xxx.xxx.xxx.xxx:1521/ORCLPDB1
username: xxxx
password: xxxx3、Druid配置
@Configuration
@MapperScan(basePackages = DataSourceConfig.PACKAGE, sqlSessionFactoryRef = "masterSqlSessionFactory")
public class DataSourceConfig {
static final String PACKAGE = "com.xxx.xxx.mapper";
static final String MAPPER_LOCATION = "classpath:mapper/**.xml";
@Value("${spring.datasource.druid.url}")
private String url;
@Value("${spring.datasource.druid.username}")
private String user;
@Value("${spring.datasource.druid.password}")
private String password;
@Value("${spring.datasource.druid.driver-class-name}")
private String driverClass;
@Bean(name = "masterDataSource")
@Primary
public DataSource masterDataSource() throws SQLException {
DruidDataSource dataSource = new DruidDataSource();
dataSource.setDriverClassName(driverClass);
dataSource.setUrl(url);
dataSource.setUsername(user);
dataSource.setPassword(password);
return dataSource;
}
@Bean
@Primary
public DataSourceTransactionManager masterTransactionManager(@Qualifier("masterDataSource") DataSource dataSource) {
return new DataSourceTransactionManager(dataSource);
}
@Bean
@Primary
public SqlSessionFactory masterSqlSessionFactory(@Qualifier("masterDataSource") DataSource masterDataSource)
throws Exception {
final SqlSessionFactoryBean sessionFactory = new SqlSessionFactoryBean();
sessionFactory.setDataSource(masterDataSource);
sessionFactory.setMapperLocations(new PathMatchingResourcePatternResolver()
.getResources(DataSourceConfig.MAPPER_LOCATION));
return sessionFactory.getObject();
}
}4、代码结构
二、配置数据库密码加密
1、加密,首先需要生成自己的私钥和公钥,然后对密码进行加密,得到的公钥和密码就是我们需要配置的
public static void main(String[] args) throws Exception{
//密码明文
String password = "123";
System.out.println("明文密码: " + password);
// // 获取密钥
String[] keyPair = ConfigTools.genKeyPair(512);
//私钥
String privateKey = keyPair[0];
// String privateKey = "MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAoJVSCPpJiAwR9JPpBqK4YQLeLZfS2UUvFwp7XwYVhNhqzguFH6EL7oUjIahrSYlwDRTAZozHF6EcNyj5YcM90QIDAQABAkBcCNiojpJAJ/LOg0tF41LbPuKJrP9KSS2Q/g/xSTJiHSAUxH/iSUMtd6xxTZ9sm3Wgul12fIqmFWOv+fPx7gdFAiEA7BzX3qir3hVfASTExJ1s4hsw3LjY71s6evESR/i/IfcCIQCuG+HPpxaet1FDKo9dWUaZIoF6WEFr/bGjEhMYTIwsdwIhALL2YcDIxAw+0pXBUstcL01qIq0KBpPV6AuLcbnPlr+dAiEAl4m7C7JhVLk3aF9VsqjucoB+8053epevkcA8kGynoFcCIQDhiTKseiMkkjIvxtFCYWbS9ZQNBKjuGBspS4sRJ4IOhg==";
//公钥
String publicKey = keyPair[1];
// String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKCVUgj6SYgMEfST6QaiuGEC3i2X0tlFLxcKe18GFYTYas4LhR+hC+6FIyGoa0mJcA0UwGaMxxehHDco+WHDPdECAwEAAQ==";
System.out.println("privateKey(私钥):" + privateKey);
System.out.println("publicKey(公钥):" + publicKey);
//用私钥加密后的密文
String encryptPassword = ConfigTools.encrypt(privateKey, password);
System.out.println("用私钥加密后的密文:" + encryptPassword);
String decryptPassword = ConfigTools.decrypt(publicKey, encryptPassword);
System.out.println("解密后:" + decryptPassword);
}如果是多数据源需要保存私钥和公钥,对其他密码进行加密。上面代码就是我执行完一次之后,第二次执行加密,用的就是我第一次执行的私钥和公钥,并且分别保存好加密后的密码和公钥。
2、配置yml
# Spring配置
spring:
# 数据源配置
datasource:
#连接池的配置信息
type: com.alibaba.druid.pool.DruidDataSource
druid:
driver-class-name: oracle.jdbc.OracleDriver
url: jdbc:oracle:thin:@xxx.xxx.xxx.xxx:1521/ORCLPDB1
username: xxxx
password: IUQ7wHt4XMhYxojPhXM5epf9ZJ4dBjQguY/fJKhcvC39yAZIwGfeFhnZ+kXM1NrE+Fe8cXvCrQFuaT6LYyqNkQ==上面password就是我们加密之后的密码。
3、Druid配置修改
@Bean(name = "masterDataSource")
@Primary
public DataSource masterDataSource() throws SQLException {
DruidDataSource dataSource = new DruidDataSource();
dataSource.setDriverClassName(driverClass);
dataSource.setUrl(url);
dataSource.setUsername(user);
dataSource.setPassword(password);
// 增加配置,配合进行密码解密
Properties properties = new Properties();
properties.setProperty("config.decrypt","true");
// 此处配置的是公钥
properties.setProperty("config.decrypt.key","MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKCVUgj6SYgMEfST6QaiuGEC3i2X0tlFLxcKe18GFYTYas4LhR+hC+6FIyGoa0mJcA0UwGaMxxehHDco+WHDPdECAwEAAQ==");
dataSource.setConnectProperties(properties);
dataSource.setFilters("config");
return dataSource;
}三、多数据源加密
1、代码结构
2、yml配置
3、Druid配置
主数据源
@Configuration
@MapperScan(basePackages = MasterDataSourceConfig.PACKAGE, sqlSessionFactoryRef = "masterSqlSessionFactory")
public class MasterDataSourceConfig {
static final String PACKAGE = "com.xxxx.xxxx.mapper.master";
static final String MAPPER_LOCATION = "classpath:mapper/master/**.xml";
@Value("${spring.datasource.druid.master.url}")
private String url;
@Value("${spring.datasource.druid.master.username}")
private String user;
@Value("${spring.datasource.druid.master.password}")
private String password;
@Value("${spring.datasource.druid.master.driver-class-name}")
private String driverClass;
@Bean(name = "masterDataSource")
@Primary
public DataSource masterDataSource() throws SQLException {
DruidDataSource dataSource = new DruidDataSource();
dataSource.setDriverClassName(driverClass);
dataSource.setUrl(url);
dataSource.setUsername(user);
dataSource.setPassword(password);
/**
* privateKey(私钥):MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAoJVSCPpJiAwR9JPpBqK4YQLeLZfS2UUvFwp7XwYVhNhqzguFH6EL7oUjIahrSYlwDRTAZozHF6EcNyj5YcM90QIDAQABAkBcCNiojpJAJ/LOg0tF41LbPuKJrP9KSS2Q/g/xSTJiHSAUxH/iSUMtd6xxTZ9sm3Wgul12fIqmFWOv+fPx7gdFAiEA7BzX3qir3hVfASTExJ1s4hsw3LjY71s6evESR/i/IfcCIQCuG+HPpxaet1FDKo9dWUaZIoF6WEFr/bGjEhMYTIwsdwIhALL2YcDIxAw+0pXBUstcL01qIq0KBpPV6AuLcbnPlr+dAiEAl4m7C7JhVLk3aF9VsqjucoB+8053epevkcA8kGynoFcCIQDhiTKseiMkkjIvxtFCYWbS9ZQNBKjuGBspS4sRJ4IOhg==
*/
Properties properties = new Properties();
properties.setProperty("config.decrypt","true");
properties.setProperty("config.decrypt.key","MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKCVUgj6SYgMEfST6QaiuGEC3i2X0tlFLxcKe18GFYTYas4LhR+hC+6FIyGoa0mJcA0UwGaMxxehHDco+WHDPdECAwEAAQ==");
dataSource.setConnectProperties(properties);
dataSource.setFilters("config");
return dataSource;
}
@Bean
@Primary
public DataSourceTransactionManager masterTransactionManager(@Qualifier("masterDataSource") DataSource dataSource) {
return new DataSourceTransactionManager(dataSource);
}
@Bean
@Primary
public SqlSessionFactory masterSqlSessionFactory(@Qualifier("masterDataSource") DataSource masterDataSource)
throws Exception {
final SqlSessionFactoryBean sessionFactory = new SqlSessionFactoryBean();
sessionFactory.setDataSource(masterDataSource);
sessionFactory.setMapperLocations(new PathMatchingResourcePatternResolver()
.getResources(MasterDataSourceConfig.MAPPER_LOCATION));
return sessionFactory.getObject();
}
}次级数据源
@Configuration
@MapperScan(basePackages = SecondaryDataSourceConfig.PACKAGE, sqlSessionFactoryRef = "secondarySqlSessionFactory")
public class SecondaryDataSourceConfig {
static final String PACKAGE = "com.xxxx.xxxx.mapper.secondary";
static final String MAPPER_LOCATION = "classpath:mapper/secondary/**.xml";
@Value("${spring.datasource.druid.secondary.url}")
private String url;
@Value("${spring.datasource.druid.secondary.username}")
private String user;
@Value("${spring.datasource.druid.secondary.password}")
private String password;
@Value("${spring.datasource.druid.secondary.driver-class-name}")
private String driverClass;
@Bean(name = "secondaryDataSource")
public DataSource secondaryDataSource() throws SQLException {
DruidDataSource dataSource = new DruidDataSource();
dataSource.setDriverClassName(driverClass);
dataSource.setUrl(url);
dataSource.setUsername(user);
dataSource.setPassword(password);
/**
* privateKey(私钥):MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAoJVSCPpJiAwR9JPpBqK4YQLeLZfS2UUvFwp7XwYVhNhqzguFH6EL7oUjIahrSYlwDRTAZozHF6EcNyj5YcM90QIDAQABAkBcCNiojpJAJ/LOg0tF41LbPuKJrP9KSS2Q/g/xSTJiHSAUxH/iSUMtd6xxTZ9sm3Wgul12fIqmFWOv+fPx7gdFAiEA7BzX3qir3hVfASTExJ1s4hsw3LjY71s6evESR/i/IfcCIQCuG+HPpxaet1FDKo9dWUaZIoF6WEFr/bGjEhMYTIwsdwIhALL2YcDIxAw+0pXBUstcL01qIq0KBpPV6AuLcbnPlr+dAiEAl4m7C7JhVLk3aF9VsqjucoB+8053epevkcA8kGynoFcCIQDhiTKseiMkkjIvxtFCYWbS9ZQNBKjuGBspS4sRJ4IOhg==
*/
Properties properties = new Properties();
properties.setProperty("config.decrypt","true");
properties.setProperty("config.decrypt.key","MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKCVUgj6SYgMEfST6QaiuGEC3i2X0tlFLxcKe18GFYTYas4LhR+hC+6FIyGoa0mJcA0UwGaMxxehHDco+WHDPdECAwEAAQ==");
dataSource.setConnectProperties(properties);
dataSource.setFilters("config");
return dataSource;
}
@Bean
public DataSourceTransactionManager secondaryTransactionManager(@Qualifier("secondaryDataSource") DataSource dataSource) {
return new DataSourceTransactionManager(dataSource);
}
@Bean
public SqlSessionFactory secondarySqlSessionFactory(@Qualifier("secondaryDataSource") DataSource secondaryDataSource)
throws Exception {
final SqlSessionFactoryBean sessionFactory = new SqlSessionFactoryBean();
sessionFactory.setDataSource(secondaryDataSource);
sessionFactory.setMapperLocations(new PathMatchingResourcePatternResolver()
.getResources(SecondaryDataSourceConfig.MAPPER_LOCATION));
return sessionFactory.getObject();
}
}两个数据源大体配置相同。
四、这样毕竟公钥在代码中存在,还是不安全的,我们可以把在启动程序参数中。
程序参数: –publicKey=你的公钥。
在Linux的启动程序参数配置,java -jar xxxx.jar –publicKey=你的公钥
这样我们多数据源数据库密码加密就完成了。
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/101721.html
