网上的坑

springboot 使用 Druid 数据库加密链接方案,不建议采用网上的一篇文章《springboot 结合 Druid 加密数据库密码遇到的坑!》介绍的方式来进行加密链接实现。本文章下文分享 Druid 源码后就知道为什么不建议采用该方式的原因了。

加密准备

首先使用 CMD 生成数据库加密字符串,该命令会产生三个值 privateKey=公钥、publicKey=密码加密后的结果、password=密码加密串

java -cp druid-1.0.28.jar com.alibaba.druid.filter.config.ConfigTools pcds123123456

使用 Durid 的工具类 ConfigTools 验证加密字符串

@Test

public void db_decrypt_test() throws Exception {

   String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJggkaRJ+bqLMF6pefubEDLViboxYKGTdGe+78DziIta8Nv8crOA83M0tFG8y8CqHcFYIbG89q9zcnNvL+E2/CECAwEAAQ==";

   String password = "AgDRyKJ81Ku3o0HSyalDgCTtGsWcKz3fC0iM5pLur2QJnIF+fKWKFZ6c6e36M06tF2uCadvS/EodWxmRDWwvIA==";

   System.out.println(ConfigTools.decrypt(publicKey, password));

}

实现方案

SpringBoot 集成 Druid 数据库链接加密的方式,推荐使用配置注入方式初始化 DataSource。方法如下:

一、增加配置注入 Bean

import java.sql.SQLException;

import javax.sql.DataSource;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.boot.context.properties.ConfigurationProperties;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.context.annotation.Primary;

import com.alibaba.druid.pool.DruidDataSource;

 

@Configuration

@ConfigurationProperties(prefix = "spring.datasource")

public class DbConfig {

    private static final Logger LOGGER = LoggerFactory.getLogger(DbConfig.class);

 

    private String url;

    private String driverClassName;

    private String username;

    private String password;

    private Integer initialSize;

    private Integer minIdle;

    private Integer maxActive;

    private Integer maxWait;

    private Integer timeBetweenEvictionRunsMillis;

    private Integer minEvictableIdleTimeMillis;

    private String validationQuery;

    private Boolean testWhileIdle;

    private Boolean testOnBorrow;

    private Boolean testOnReturn;

    private Boolean poolPreparedStatements;

    private Integer maxOpenPreparedStatements;

    private Integer maxPoolPreparedStatementPerConnectionSize;

    private String filters;

    private String publicKey;

    private String connectionProperties;

 

    @Primary

    @Bean(name = "dataSource")

    public DataSource dataSource() {

        DruidDataSource datasource = new DruidDataSource();

        datasource.setUrl(url);

        datasource.setUsername(username);

        datasource.setPassword(password);

        datasource.setDriverClassName(driverClassName);

        datasource.setInitialSize(initialSize);

        datasource.setMinIdle(minIdle);

        datasource.setMaxActive(maxActive);

        datasource.setMaxWait(maxWait);

        datasource.setTimeBetweenEvictionRunsMillis(timeBetweenEvictionRunsMillis);

        datasource.setMinEvictableIdleTimeMillis(minEvictableIdleTimeMillis);

        datasource.setValidationQuery(validationQuery);

        datasource.setTestWhileIdle(testWhileIdle);

        datasource.setTestOnBorrow(testOnBorrow);

        datasource.setTestOnReturn(testOnReturn);

        datasource.setPoolPreparedStatements(poolPreparedStatements);

        datasource.setMaxOpenPreparedStatements(maxOpenPreparedStatements);

        datasource.setMaxPoolPreparedStatementPerConnectionSize(maxPoolPreparedStatementPerConnectionSize);

        datasource.setConnectionProperties(connectionProperties.replace("${publicKey}", publicKey));

        try {

            datasource.setFilters(filters);

        } catch (SQLException e) {

            LOGGER.error("druid configuration initialization filter", e);

        }

        return datasource;

    }

 

    public String getUrl() {

        return url;

    }

 

    public void setUrl(String url) {

        this.url = url;

    }

 

    public String getDriverClassName() {

        return driverClassName;

    }

 

    public void setDriverClassName(String driverClassName) {

        this.driverClassName = driverClassName;

    }

 

    public String getUsername() {

        return username;

    }

 

    publicvoid setUsername(String username){

        this.username = username;

    }

 

    publicString getPassword(){

        return password;

    }

 

    publicvoid setPassword(String password){

        this.password = password;

    }

 

    publicInteger getInitialSize(){

        return initialSize;

    }

 

    publicvoid setInitialSize(Integer initialSize){

        this.initialSize = initialSize;

    }

 

    publicInteger getMinIdle(){

        return minIdle;

    }

 

    publicvoid setMinIdle(Integer minIdle){

        this.minIdle = minIdle;

    }

 

    publicInteger getMaxActive(){

        return maxActive;

    }

 

    publicvoid setMaxActive(Integer maxActive){

        this.maxActive = maxActive;

    }

 

    publicInteger getMaxWait(){

        return maxWait;

    }

 

    publicvoid setMaxWait(Integer maxWait){

        this.maxWait = maxWait;

    }

 

    publicInteger getTimeBetweenEvictionRunsMillis(){

        return timeBetweenEvictionRunsMillis;

    }

 

    publicvoid setTimeBetweenEvictionRunsMillis(Integer timeBetweenEvictionRunsMillis){

        this.timeBetweenEvictionRunsMillis = timeBetweenEvictionRunsMillis;

    }

 

    publicInteger getMinEvictableIdleTimeMillis(){

        return minEvictableIdleTimeMillis;

    }

 

    publicvoid setMinEvictableIdleTimeMillis(Integer minEvictableIdleTimeMillis){

        this.minEvictableIdleTimeMillis = minEvictableIdleTimeMillis;

    }

 

    publicString getValidationQuery(){

        return validationQuery;

    }

 

    publicvoid setValidationQuery(String validationQuery){

        this.validationQuery = validationQuery;

    }

 

    publicBoolean getTestWhileIdle(){

        return testWhileIdle;

    }

 

    publicvoid setTestWhileIdle(Boolean testWhileIdle){

        this.testWhileIdle = testWhileIdle;

    }

 

    publicBoolean getTestOnBorrow(){

        return testOnBorrow;

    }

 

    publicvoid setTestOnBorrow(Boolean testOnBorrow){

        this.testOnBorrow = testOnBorrow;

    }

 

    publicBoolean getTestOnReturn(){

        return testOnReturn;

    }

 

    publicvoid setTestOnReturn(Boolean testOnReturn){

        this.testOnReturn = testOnReturn;

    }

 

    publicBoolean getPoolPreparedStatements(){

        return poolPreparedStatements;

    }

 

    publicvoid setPoolPreparedStatements(Boolean poolPreparedStatements){

        this.poolPreparedStatements = poolPreparedStatements;

    }

 

    publicInteger getMaxOpenPreparedStatements(){

        return maxOpenPreparedStatements;

    }

 

    publicvoid setMaxOpenPreparedStatements(Integer maxOpenPreparedStatements){

        this.maxOpenPreparedStatements = maxOpenPreparedStatements;

    }

 

    publicInteger getMaxPoolPreparedStatementPerConnectionSize(){

        return maxPoolPreparedStatementPerConnectionSize;

    }

 

    publicvoid setMaxPoolPreparedStatementPerConnectionSize(Integer maxPoolPreparedStatementPerConnectionSize){

        this.maxPoolPreparedStatementPerConnectionSize = maxPoolPreparedStatementPerConnectionSize;

    }

 

    publicString getFilters(){

        return filters;

    }

 

    publicvoid setFilters(String filters){

        this.filters = filters;

    }

 

    publicString getPublicKey(){

        return publicKey;

    }

 

    publicvoid setPublicKey(String publicKey){

        this.publicKey = publicKey;

    }

 

    publicString getConnectionProperties(){

        return connectionProperties;

    }

 

    publicvoid setConnectionProperties(String connectionProperties){

        this.connectionProperties = connectionProperties;

    }}

二、增加配置文件

# mysql config

spring.datasource.name=pcdsdata

spring.datasource.url=jdbc:mysql://192.168.1.1/mydb

spring.datasource.username=root

spring.datasource.password=AgDRyKJ81Ku3o0HSyalDgCTtGsWcKz3fC0iM5pLur2QJnIF+fKWKFZ6c6e36M06tF2uCadvS/EodWxmRDWwvIA==

 

# druid datasource config

spring.datasource.driverClassName=com.mysql.jdbc.Driver

spring.datasource.maxActive=20

spring.datasource.initialSize=1

spring.datasource.minIdle=1

spring.datasource.maxWait=60000

spring.datasource.timeBetweenEvictionRunsMillis=60000

spring.datasource.minEvictableIdleTimeMillis=300000

spring.datasource.validationQuery=select 1 from dual

spring.datasource.testWhileIdle=true

spring.datasource.testOnBorrow=false

spring.datasource.testOnReturn=false

spring.datasource.poolPreparedStatements=true

spring.datasource.maxOpenPreparedStatements=20

spring.datasource.maxPoolPreparedStatementPerConnectionSize=20

spring.datasource.filters=config,stat,wall,log4j

spring.datasource.publicKey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJggkaRJ+bqLMF6pefubEDLViboxYKGTdGe+78DziIta8Nv8crOA83M0tFG8y8CqHcFYIbG89q9zcnNvL+E2/CECAwEAAQ==

spring.datasource.connectionProperties=config.decrypt=true;config.decrypt.key=${spring.datasource.publicKey}

注意事项

1)config.decrypt=true;config.decrypt.key=  该两项配置为 Druid 内部固定 Key。网上很多案例配置为 publicKey,这是有问题的。
2)其他教程会配置 DbType 为 spring.datasource.type=com.alibaba.druid.pool.DruidDataSource 实际在 Druid 源码中会判断 DbType 为 MySql 或者 Db2 等类型。可删除此项 原逻辑将从  this.dbType = JdbcUtils.getDbType(jdbcUrl, null);//数据库链接字符串 获取 DbType 值

经过以上配置,SpringBoot 使用 Druid 加密链接完成。如果过程中遇到其他问题可在下方留言,方便更多人解决类似问题。

源码分析

1) 根据源码逻辑,如果不自定义注入 Bean, 在 SpringBoot 初始化时只会读取系统配置参数,如下

public DruidDataSource(){

        this(false);

    }

 

    public DruidDataSource(boolean fairLock){

        super(fairLock);

 

        configFromPropety(System.getProperties());

    }

 

    public void configFromPropety(Properties properties) {

        {

            Boolean value = getBoolean(properties, "druid.testWhileIdle");

            if (value != null) {

                this.setTestWhileIdle(value);

            }

        }

        {

            Boolean value = getBoolean(properties, "druid.testOnBorrow");

            if (value != null) {

                this.setTestOnBorrow(value);

            }

        }

 

 

...

2) 所有的配置在类 DruidAbstractDataSource 中,自定义注入 Bean,将在这个类中设置相关属性

3) 在首次初始化数据库链接时将调用 DruidDataSource.init(),并进入到 ConfigFilter.init ,初始化建立链接。根据配置config.decrypt 决定是否要进行解密动作,如需解密则加载config.decrypt.key 和 password(首先加载 connectionProperties 链接字符串中的 password,没有再加载默认的 spring.datasource.password)  ConfigFilter.decrypt 执行解密动作。

4) 文章《springboot 结合 Druid 加密数据库密码遇到的坑!》中其实是绕过了是否要进行加密等配置,自己实现了解密动作再把数据库链接密码替换掉,这违背了 Druid 设计的初衷了。​

参考资料

参考资料 https://github.com/alibaba/druid/wiki

SpringBoot使用Druid数据库加密链接完整方案的更多相关文章

  1. Android数据库加密之sqlciher方案

    版权声明:本文为博主原创文章,未经博主允许不得转载. 转载请表明出处:http://www.cnblogs.com/cavalier-/p/6241964.html 前言 大家好,我是Cavalier ...

  2. springboot+mybatisplus+druid数据库

    1.添加maven依赖 <dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis ...

  3. 解决springboot druid 数据库批量更新错误问题

    原文:https://www.2cto.com/kf/201712/706399.html springboot druid 数据库多SQL错误multi-statement not allow Ca ...

  4. Spring Boot 配置文件密码加密两种方案

    Spring Boot 配置文件密码加密两种方案 jasypt 加解密 jasypt 是一个简单易用的加解密Java库,可以快速集成到 Spring 项目中.可以快速集成到 Spring Boot 项 ...

  5. 3分钟搞定SpringBoot+Mybatis+druid多数据源和分布式事务

    文章来自: https://blog.csdn.net/qq_29242877/article/details/79033287 在一些复杂的应用开发中,一个应用可能会涉及到连接多个数据源,所谓多数据 ...

  6. springboot+mybatis+druid+atomikos框架搭建及测试

    前言 因为最近公司项目升级,需要将外网数据库的信息导入到内网数据库内.于是找了一些springboot多数据源的文章来看,同时也亲自动手实践.可是过程中也踩了不少的坑,主要原因是我看的文章大部分都是s ...

  7. 基于Maven的Springboot+Mybatis+Druid+Swagger2+mybatis-generator框架环境搭建

    基于Maven的Springboot+Mybatis+Druid+Swagger2+mybatis-generator框架环境搭建 前言 最近做回后台开发,重新抓起以前学过的SSM(Spring+Sp ...

  8. springboot配置Druid数据源

    springboot配置druid数据源 Author:SimpleWu springboot整合篇 前言 对于数据访问层,无论是Sql还是NoSql,SpringBoot默认采用整合SpringDa ...

  9. 基于spring-boot的应用程序的单元+集成测试方案

    目录 概述 概念解析 单元测试和集成测试 Mock和Stub 技术实现 单元测试 测试常规的bean 测试Controller 测试持久层 集成测试 从Controller开始测试 从中间层开始测试 ...

随机推荐

  1. [Codeforces178F2]Representative Sampling

    Problem 给定n个字符串Si,任意选出k个字符串Ai,使得其中任意两个字符串lcp之和最大. Solution 建一棵trie树,枚举每一个节点对答案的贡献,树形dp,时间复杂度像是O(N^3) ...

  2. Unity实现用户条款弹窗及登录

    首先来看效果图... 1.先编辑页面 1)新建登录按钮,更名为Login 2)新建toggle,新建方式如下图 调整toggle的大小和位置到适当的范围. 3)新建同意用户条款按钮,步骤为新建UI-& ...

  3. Java之冒泡排序(升序)

    Java之冒泡排序 * 编辑者:鸿灬嗳 * 实现功能: 使用冒泡排序对数组:{25,24,12,76,101,96,28} 排序. */ package test05; public class Bu ...

  4. vs2017 重新生成报错 MSB4057 BuildDependsOn DependsOnTargets ContainerPrepareForLaunch 解决办法

    环境: win10 vs2017 .net core 删除引用的包: Microsoft.VisualStudio.Azure.Containers.Tools.Targets

  5. 【webpack学习笔记】a04-建立开发环境

    开发环境就是在开发过程中为了方便配置的环境,生产环境就是开发完成即将上线的情况. 好了,说了句废话,切入正题. 在开发时,打包后的文件压缩成一团,报错调试的时候傻眼了有木有?每次做出修改需要到浏览器查 ...

  6. 简单的Java ee思维导图

  7. 记一次 SSM 分页

    1.实体层(entity,pojo,domain) package com.entity; import java.io.Serializable; private int totalCount; / ...

  8. SVN分支与合并【超详细的图文教程】(转载)

    SVN分支与合并 一. 分支与合并的概念 二. SVN分支的意义 三. 如何创建分支与合并分支 一.分支与合并的概念: 分支:版本控制系统的一个特性是能够把各种修改分离出来放在开发品的一个分割线上.这 ...

  9. 配置jQuery环境

    获取最新版jQuery 一.jq库类型说明 jQuery.js(开发版):完整无压缩,主要用于学习.开发和测试 jQuery.min.js(生产版):主要用于产品开发和项目 二.在页面引入 <s ...

  10. 部署安装kubernetes client-python,执行pip install setup.py时报错

    之前在本地安装过kubernetes的python库,安装下来一切正常,但今天换到测试机器上去部署,确保错了,具体步骤如下. 第一步,克隆代码,执行以下命令:    # git clone --rec ...