Spring加密和解密属性文件中的API密钥 [英] Spring encrypt and decrypt API key in properties file

问题描述

我有一个位于Tomcat中的属性文件，以及位于src / test / resources中的测试的属性文件。

I have a properties file located in Tomcat and a properties file for testing located in src/test/resources.

目前我有以下设置。我的属性文件加载到我的XML文件
config.xml

At the moment I have the following setup. My properties files are loaded in my XML files config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="file:${catalina.base}/conf/omniatravel.properties"
        ignore-unresolvable="true" />


    <tx:annotation-driven />

</beans>

test-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="classpath:omniatravel_test.properties"
        ignore-unresolvable="true" />


    <tx:annotation-driven />

</beans>

我可以通过将它放在我的Java文件中来访问这些值

And I am able to access these values by doing placing this in my Java files

public class SunnycarsClient extends WebServiceGatewaySupport {

    @Value("${sunnycars.serviceUri}")
    private String uri; // provided by the webservice

    @Value("${sunnycars.operatingKey}")
    private String key; // provide by the webservice

    @Value("${sunnycars.passphrase}")
    private String passphrase; // provided by the webservice

}

目前，密码短语存储在这些属性中作为平面文本。我想将它们存储为加密值，以尽量减少风险，并且仍然可以按照现在的方式进行访问。

At the moment the operatingKey and passphrase are stored in these properties as plane text. I want to store them as an encrypted value to minimize the risk and still be able to access in the way I do now.

所以我现在做的是将config.xml的内容替换为

So what i did now is replace the content of config.xml to

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />

    <!-- bean definitions -->

    <bean
        class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
        <constructor-arg>
            <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
                <property name="config">
                    <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                        <property name="algorithm" value="PBEWithMD5AndDES" />
                        <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
                    </bean>
                </property>
            </bean>
        </constructor-arg>
        <property name="locations">
            <list>
                <value>file:${catalina.base}/conf/omniatravel.properties</value>
            </list>
        </property>
    </bean>

    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
        destroy-method="close">
        <property name="sunnycarsMarshallerUri">
            <value>${sunnycars.marshallerUri}</value>
        </property>
        <property name="sunnycarsServiceUri">
            <value>${sunnycars.serviceUri}</value>
        </property>
        <property name="sunnycarsContextPath">
            <value>${sunnycars.contextPath}</value>
        </property>
        <property name="sunnycarsOperatingKey">
            <value>${sunnycars.operatingKey}</value>
        </property>
        <property name="sunnycarsPassphrase">
            <value>${sunnycars.passphrase}</value>
        </property>
    </bean>

    <tx:annotation-driven />

</beans>

但我仍然不清楚我应该如何从我的Java代码访问这些。

But it's still not clear to me how I should access these from my Java code.

同样在propeties文件中，我应该用 sunnycars.operatingKey = enc（ENCRYPTED_KEY）替换 sunnycars.operatingKey = THE_KEY ，但是如何你得到ENCRYPTED_KEY值吗？

Also in the propeties files I should replace sunnycars.operatingKey = THE_KEY with sunnycars.operatingKey = enc(ENCRYPTED_KEY), but how do you get the ENCRYPTED_KEY value?

推荐答案

首先你必须从 http://www.jasypt.org/

和
尝试在 cmd 中运行 encrypt.dat 文件，具有以下命令，如

and Try to run encrypt.dat file with following command in cmd like

encrypt.date input = [您的属性文件值] password = [加密密钥值]
它将生成
输出的加密值，您需要在属性文件
替换为

encrypt.date input=[YOUR PROPERTY FILE VALUE] password=[encryption key value] it will generate output of encrypted value which you need to replace at properties file with

= ENC（输出加密值）

=ENC(output encrypted value)

 .. 

        <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="APP_ENCRYPTION_PASSWORD" />
       </bean> ..

您还可以在类文件中硬编码密码，并分配给bean以及

you can also hardcode password at class file and assign to bean as well

<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="#Key.keyValue}" />
       </bean> 

其中Key.keyValue是Key类的静态方法。

where Key.keyValue is Static method of Key class.

这篇关于Spring加密和解密属性文件中的API密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！