背景

在使用jasypt对spring boot的配置文件中的敏感信息进行加密处理时,使用stater直接启动时,遇到了一个异常

<dependency>

    <groupId>com.github.ulisesbocchio</groupId>

    <artifactId>jasypt-spring-boot-starter</artifactId>

    <version>3.0.3</version>

</dependency>

遇到如下异常:

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'enableEncryptablePropertySourcesPostProcessor' defined in class path resource [com/ulisesbocchio/jasyptspringboot/configuration/EnableEncryptablePropertiesConfiguration.class]: Unsatisfied dependency expressed through method 'enableEncryptablePropertySourcesPostProcessor' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'xxxDao' defined in xxxDao defined in @EnableJpaRepositories declared on Application: Unsatisfied dependency expressed through constructor parameter 1: Ambiguous argument values for parameter of type [javax.persistence.EntityManager] - did you specify the correct bean references as arguments?

	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:797)

	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:538)

	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1336)

	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1176)

	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:556)

	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516)

	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:324)

	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)

	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:322)

	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:207)

	at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:172)

	at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:707)

	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:533)

	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:143)

	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:758)

	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:750)

	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)

	at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)

	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237)

	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)

...

以上的信息是指enableEncryptablePropertySourcesPostProcessor创建时,由于创建其他类Bean失败而导致失败的。

先说一下这个问题是因为spring boot的BeanFactoryPostProcessor和自定义的@EnableJpaRepositories中的自定义repositoryFactoryBeanClass在启动创建时不兼容导致的,@Repository注解的bean提前被初始化了(创建enableEncryptablePropertySourcesPostProcessor时,因为spring boot的机制导致了一些类提前被实例化了,但是处理@Repository的BeanFactoryPostProcessor还没有加载进来)

如果不自定义@EnableJpaRepositories中的自定义repositoryFactoryBeanClass,就不会出现以上异常

解决方法

之后就想自己实现一下jasypt的方式,不过出现了还是需要jasypt的BeanFactoryPostProcessor实现方式,遂放弃,最后使用了重写PropertySource方式,加上反射完成自己来对已经读取的加密信息进行解密(在把bean放到容器之前,也就是@Value等注解生效之前)

1. 引入如下包,去掉jasypt的spring boot stater包

<dependency>

    <groupId>com.github.ulisesbocchio</groupId>

    <artifactId>jasypt-spring-boot</artifactId>

    <version>3.0.3</version>

</dependency>

2. 定义@Configuration来注入PropertySource的bean

//JasyptPropertyValueConfig.java

import org.springframework.beans.factory.config.PropertyOverrideConfigurer;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

@Configuration

public class JasyptPropertyValueConfig {

    @Bean

    public PropertyOverrideConfigurer jasyptPropertyOverrideConfigurer() {

        return new JasyptPropertyValueHandler();

    }

}


//JasyptPropertyValueHandler.java

import org.jasypt.util.text.BasicTextEncryptor;

import org.springframework.beans.BeansException;

import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;

import org.springframework.beans.factory.config.PropertyOverrideConfigurer;

import org.springframework.boot.env.OriginTrackedMapPropertySource;

import org.springframework.boot.origin.OriginTrackedValue;

import org.springframework.context.EnvironmentAware;

import org.springframework.core.env.Environment;

import org.springframework.core.env.MutablePropertySources;

import org.springframework.core.env.PropertySource;

import org.springframework.core.env.SimpleCommandLinePropertySource;

import org.springframework.web.context.support.StandardServletEnvironment;

import java.lang.reflect.Field;

import java.util.List;

import java.util.Map;

import java.util.Properties;

import java.util.stream.StreamSupport;

public class JasyptPropertyValueHandler extends PropertyOverrideConfigurer implements EnvironmentAware {

    private static BasicTextEncryptor textEncryptor = null;

    private final String KEY_SEED = "jasypt.encryptor.password";

    private final String PREFIX = "ENC(";

    private final String SUFFIX = ")";

    private final byte[] tmp_lock = new byte[1];

    private boolean isInit;

    private String seed;

    private Environment environment;

    public JasyptPropertyValueHandler() {

    }

    @Override

    public void setEnvironment(Environment environment) {

        this.environment = environment;

    }

    @Override

    public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {

        MutablePropertySources propertySources = ((StandardServletEnvironment) environment).getPropertySources();

        convertPropertySources(propertySources);

        super.postProcessBeanFactory(beanFactory);

    }

    public void convertPropertySources(MutablePropertySources propSources) {

        initSeed();

        // 命令行参数SimpleCommandLinePropertySource

        // yml配置文件参数OriginTrackedMapPropertySource

        StreamSupport.stream(propSources.spliterator(), false)

                .filter(ps -> (ps instanceof OriginTrackedMapPropertySource) || (ps instanceof SimpleCommandLinePropertySource))

                .forEach(ps -> {

                    if (ps instanceof OriginTrackedMapPropertySource) {

                        handleConfigFile(ps);

                    } else if (ps instanceof SimpleCommandLinePropertySource) {

                        handleCommandLine(ps);

                    }

                    propSources.replace(ps.getName(), ps);

                });

    }

    //处理spring boot的默认配置文件,例如application.yml或者application.properties中加载所有内容

    private void handleConfigFile(PropertySource ps) {

        Map<String, OriginTrackedValue> result = (Map<String, OriginTrackedValue>) ps.getSource();

        for (String key : result.keySet()) {

            OriginTrackedValue value = result.get(key);

            if (checkNeedProcessOverride(key, String.valueOf(value.getValue()))) {

                System.out.println(value);

                String decryptedValue = decryptValue(seed, String.valueOf(value.getValue()));

                try {

                    Field valueField = OriginTrackedValue.class.getDeclaredField("value");

                    valueField.setAccessible(true);

                    valueField.set(value, decryptedValue);

                } catch (NoSuchFieldException e) {

                    e.printStackTrace();

                } catch (IllegalAccessException e) {

                    e.printStackTrace();

                }

            }

        }

    }

    //处理命令行中的替换spring boot的参数,例如--spring.datasource.password的参数形式

    private void handleCommandLine(PropertySource ps) {

        try {

            Object commandLineArgs = ps.getSource();

            Field valueField = commandLineArgs.getClass().getDeclaredField("optionArgs");

            valueField.setAccessible(true);

            boolean hasEncrypt = false;

            Map<String, List<String>> result = (Map<String, List<String>>) valueField.get(commandLineArgs);

            for (String key : result.keySet()) {

                List<String> values = result.get(key);

                if (values.size() == 1) {

                    if (checkNeedProcessOverride(key, String.valueOf(values.get(0)))) {

                        hasEncrypt = true;

                        String decryptedValue = decryptValue(seed, String.valueOf(values.get(0)));

                        values.clear();

                        values.add(decryptedValue);

                    }

                }

            }

            if (hasEncrypt) {

                valueField.set(commandLineArgs, result);

            }

        } catch (NoSuchFieldException e) {

            e.printStackTrace();

        } catch (IllegalAccessException e) {

            e.printStackTrace();

        }

    }

    private boolean checkNeedProcessOverride(String key, String value) {

        if (KEY_SEED.equals(key)) {

            return false;

        }

        return StringUtils.isNotBlank(value) && value.startsWith(PREFIX) && value.endsWith(SUFFIX);

    }

    private void initSeed() {

        if (!this.isInit) {

            this.isInit = true;

            this.seed = this.environment.getProperty(KEY_SEED);

            if (StringUtils.isNotBlank(this.seed)) {

                return;

            }

            try {

                Properties properties = mergeProperties();

                //从启动命令行中,获取-Djasypt.encryptor.password的值

                this.seed = properties.getProperty(KEY_SEED);

            } catch (Exception e) {

                System.out.println("未配置加密密钥");

            }

        }

    }

    private String decryptValue(String seed, String value) {

        value = value.replace(PREFIX, "").replace(SUFFIX, "");

        value = getEncryptor(seed).decrypt(value);

        return value;

    }

    private BasicTextEncryptor getEncryptor(String seed) {

        if (textEncryptor == null) {

            synchronized (tmp_lock) {

                if (textEncryptor == null) {

                    textEncryptor = new BasicTextEncryptor();

                    textEncryptor.setPassword(seed);

                }

            }

        }

        return textEncryptor;

    }

}

3. 因为jasypt每次生成的加密后的内容不一样,还跟项目有关,所以写了一个controller类做内容加密

//JasyptController.java

import org.jasypt.util.text.BasicTextEncryptor;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RestController;

@RestController

@RequestMapping("jasypt")

public class JasyptController {

    @Value(${jasypt.encryptor.password})

    private String seed;

    private static BasicTextEncryptor textEncryptor = null;

    private final byte[] tmp_lock = new byte[1];

    @RequestMapping("encrypt")

    public String encrypt(String value){

        textEncryptor=getEncryptor(seed);

        return textEncryptor.encrypt(value);

    }

    @RequestMapping("decrypt")

    public String decrypt(String value){

        textEncryptor=getEncryptor(seed);

        return textEncryptor.decrypt(value);

    }

    private BasicTextEncryptor getEncryptor(String seed) {

        if (textEncryptor == null) {

            synchronized (tmp_lock) {

                if (textEncryptor == null) {

                    textEncryptor = new BasicTextEncryptor();

                    textEncryptor.setPassword(seed);

                }

            }

        }

        return textEncryptor;

    }

}
  • 项目启动起来之后,请求接口/jasypt/encrypt?value=需要加密内容,就可以得到密文了

如何使用

以上配置完成之后,就可以用jasypt那种配置文件和命令行的方式了

1. 配置文件中

这里写一个application.properties

spring.datasource.password=ENC(加密后的密文)

然后命令行使用密码启动jar包

java -Djasypt.encrypt.password=加密密码 -jar  xxx.jar

2. 命令行

java -Djasypt.encrypt.password=加密密码 -jar --spring.datasource.password=ENC(加密后的密文) xxx.jar

以上遵循spring boot的覆盖优先级。

总结

因为这个不是jasypt的实现,只是模拟了默认情况下常用的配置文件和命令解密方式,所以jasypt的自定义内容并不能使用,有兴趣的可以自己实现一遍

tips:

    1. jasypt同样的内容每次加密后的密文都不一样

    2. 不同的项目加密同样的内容后的密文,不能被同样的密码解密出来

jasypt在springboot项目中遇到异常:Error creating bean with name 'enableEncryptablePropertySourcesPostProcessor' defined in class path resource的更多相关文章

  1. SpringBoot启动zipkin-server报错Error creating bean with name ‘armeriaServer’ defined in class path resource

    目前,GitHub 上最新 release 版本是 Zipkin 2.12.9,从 2.12.6 版本开始有个较大的更新,迁移使用 Armeria HTTP 引擎. 从此版本开始,若直接添加依赖的 S ...

  2. Error creating bean with name 'enableRedisKeyspaceNotificationsInitializer' defined in class path resource

    我们在SpringBoot中用Jedis来访问Redis,其中Redis是采用集群(单机没有本篇文章的问题)的方式,在启用Redis的时候碰到如上问题. 错误的核心信息如下: Error creati ...

  3. 【报错】org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'webSocketHandlerMapping' defined in class path resource

    环境:maven+eclipse+jdk1.8 [tomcat使用的是maven自带的插件,实质原因就是出在tomcat版本问题] 背景:在进行SSM集成WebSocket的时候,项目启动报org.s ...

  4. Error creating bean with name 'us' defined in class path resource [com/liuyang/test/DI/beans2.xml]: Cannot resolve reference to bean 'daoa' while setting bean property 'daoa'; nested exception is org.

    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'us' defined ...

  5. 使用SpringMVC报错 Error creating bean with name 'conversionService' defined in class path resource [springmvc.xml]

    使用SpringMVC报错 Error creating bean with name 'conversionService' defined in class path resource [spri ...

  6. 报错org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sessionFactory' defined in class path resource [bean.xml]

    报这种错的原因基本上是applicationContext.xml文件中bean配置错误,错误如下: org.springframework.beans.factory.BeanCreationExc ...

  7. org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sqlSessionFactory' defined in class path resource

    二月 20, 2017 3:09:47 下午 org.apache.catalina.startup.SetAllPropertiesRule begin警告: [SetAllPropertiesRu ...

  8. org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMappingHandlerMapping' defined in class path resource

    spring boot web项目运行时提示如下错误 org.springframework.beans.factory.BeanCreationException: Error creating b ...

  9. Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaAutoConfiguration.class]: Invocation of init method fail

    SpringBoot 单元测试报错 @RunWith(SpringRunner.class) @SpringBootTest public class ProductCategoryRepositor ...

随机推荐

  1. Spring Boot和Thymeleaf整合,结合JPA实现分页效果

    在项目里,我需要做一个Spring Boot结合Thymeleaf前端模版,结合JPA实现分页的演示效果.做的时候发现有些问题,也查了现有网上的不少文档,发现能全栈实现的不多,所以这里我就把我的做法, ...

  2. Python 学习笔记(2)

    python 引号 Python 可以使用引号( ' ).双引号( " ).三引号( ''' 或 """ ) 来表示字符串,引号的开始与结束必须是相同类型的. ...

  3. C++构造函数的选择

    构造函数用来初始化类对象.构造函数有好几种,在编程时如何选择不同的构造函数呢?做个总结 一.默认构造函数 默认构造函数是在程序员没有声明任何构造函数的时,编译器为了初始化类对象自己进行的默认构造函数. ...

  4. 后端程序员之路 22、RESTful API

    理解RESTful架构 - 阮一峰的网络日志http://www.ruanyifeng.com/blog/2011/09/restful.html RESTful API 设计指南 - 阮一峰的网络日 ...

  5. gRPC-go源码(2):ClientConn

    摘要 在上一篇文章中,我们聊了聊gRPC是怎么管理一条从Client到Server的连接的. 我们聊到了gRPC拥有Resolver,用来解析地址:拥有Balancer,用来做负载均衡. 在这一篇文章 ...

  6. POJ-3080(KMP+多个字符串的最长公共子串)

    Blue Jeans HDOJ-3080 本题使用的是KMP算法加暴力解决 首先枚举第一个字符串的所有子串,复杂度为O(60*60),随后再将每个子串和所有剩下的m-1个字符串比较,看是否存在这个子串 ...

  7. Nmap命令使用方法

          Nmap使用合集 感谢博主:VVVinson    文章链接:https://www.cnblogs.com/Vinson404/p/7784829.html 参    数 说    明 ...

  8. scrapy框架爬取图片并将图片保存到本地

    如果基于scrapy进行图片数据的爬取 在爬虫文件中只需要解析提取出图片地址,然后将地址提交给管道 配置文件中:IMAGES_STORE = './imgsLib' 在管道文件中进行管道类的制定: f ...

  9. 微服务网关Zuul过滤器Filter

    Zuul本质 Zuul是一个网关,关于网关的介绍参考:亿级流量架构之网关设计思路.常见网关对比, 可知Zuul是一个业务网关, 而深入了解Zuul, 基本就是一系列过滤器的集合: Zuul的过滤器 下 ...

  10. 解决图片把父元素向下撑大大约3px问题

    现象  bug: 图片在div\li\dt 等  图片把父元素向下撑大大约3px  <style>         img {             width: 30%; //这里由于 ...