在动态Web项目中处理配置（数据库登录和密码等）的正确方法是什么？ [英] What is the proper way of handling configurations (database login and passwords, etc.) in a dynamic web project?

问题描述

我只是在使用JSP进行动态网络编程。处理配置的正确方法是什么？

I just got my hands on doing dynamic web programming using JSP. What is the proper way to handle the configurations?

例如，数据库名称，主机，登录名和密码以及服务器中的索引目录等。我关心的是主要是关于密码的安全性。目前我将数据硬编码到.java文件中，我不认为这是正确的方法，我想从你的经验中学习。

For example, database name, host, login, and password, and indexing directory in the server, etc. My concern is mostly about the security of the passwords. Currently I hard code the data into the .java files, I don't think this is the right way to do so I would like to learn from your experiences.

推荐答案

配置通常存储在属性或XML文件中，该文件已放置在应用程序的运行时类路径中或指定为VM参数的固定位置。属性文件可以使用 java.util.Properties API。可以使用JAXP或JAXB解析XML文件。

Configuration is usually stored in a properties or XML file which is been placed in the application's runtime classpath or at a fixed location which is specified as a VM argument. A properties file can be accessed using java.util.Properties API. A XML file can be parsed using JAXP or JAXB.

下面是一个这样的属性文件的示例：

Here's an example of such a properties file:

jdbc.url = jdbc:mysql://localhost:3306/javabase
jdbc.driver = com.mysql.jdbc.Driver
jdbc.username = java
jdbc.password = d$7hF_r!9Y

假设它的名称为 config.properties 并且它已经放在类路径的根中（或者其根路径已经添加到类路径），以下是如何从类路径加载它：

Assuming that it's named config.properties and it's been placed in the root of the classpath (or its root path is been added to the classpath), here's how you could load it from the classpath:

Properties properties = new Properties();
properties.load(Thread.currentThread().getContextClassLoader().getResourceAsStream("config.properties"));
String url = properties.getProperty("jdbc.url");
String driver = properties.getProperty("jdbc.driver");
String username = properties.getProperty("jdbc.username");
String password = properties.getProperty("jdbc.password");
// ...

下面是一个XML文件的示例：

Here's an example of a XML file:

<?xml version="1.0" encoding="UTF-8"?>
<config>
    <jdbc>
        <url>jdbc:mysql://localhost:3306/javabase</url>
        <driver>com.mysql.jdbc.Driver</driver>
        <username>java</username>
        <password>d$7hF_r!9Y</password>
    </jdbc>
</config>

假设它被称为 config.xml 它被放置在类路径的根，这里是一个例子你如何加载它通过JAXP：

Assuming that it's called config.xml and it's been placed in the root of the classpath, here's an example how you could load it by JAXP:

InputStream input = Thread.currentThread().getContextClassLoader().getResourceAsStream("config.xml");
Document document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(input));
XPath xpath = XPathFactory.newInstance().newXPath();
String url = (String) xpath.compile("//config//jdbc//url").evaluate(document, XPathConstants.STRING);
String driver = (String) xpath.compile("//config//jdbc//driver").evaluate(document, XPathConstants.STRING);
String username = (String) xpath.compile("//config//jdbc//username").evaluate(document, XPathConstants.STRING);
String password = (String) xpath.compile("//config//jdbc//password").evaluate(document, XPathConstants.STRING);
// ...

这只是稍微冗长一点，虽然 JAXB 可以使生活更轻松。

It's only a bit more verbose although JAXB can make life easier if it's a rather complex file.

要以更高的（操作系统/平台）级别控制保护对属性或XML文件的访问。

Securing the access to properties or XML files in turn is to be controlled at higher (OS/platform) level.

• 属性教程

• Properties tutorial

这篇关于在动态Web项目中处理配置（数据库登录和密码等）的正确方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！