How to use Jasypt in your app to protect your database user name and password

"The password should not be shown and stored at any time", I think this principle is a little bit of security common sense of the people understand, then in Java applications, how to the simplest and most convenient to protect the data of your application?

In this paper, we take the database username and password as an example to explain how we use open Source project Jasypt to implement encryption and decryption in Apdplat .

First, we introduce a dependent library, using the MAVEN approach as follows:

<dependency> <groupId>org.jasypt</groupId> <artifactId>jasypt</artifactId> <vers Ion>1.5</version></dependency>

Next, let's look at how to encrypt:

import org.jasypt.encryption.pbe.standardpbestringencryptor;import  org.jasypt.encryption.pbe.config.environmentstringpbeconfig;/** * when you put the ciphertext in the configuration file, Note:  * enc (ciphertext)  *  @author   Yang Shangchang  */public class ConfigEncryptUtils {     Public static void main (String[] args) {        // Cryptographic Tools         standardpbestringencryptor encryptor = new  standardpbestringencryptor ();         //Encryption Configuration          EnvironmentStringPBEConfig config = new  Environmentstringpbeconfig ();         config.setalgorithm (" Pbewithmd5anddes ")         //change this password when you use it          config.setpassword ("Apdplat");          //application configuration         encryptor.setconfig (config);         string plaintext= "Root";         //encryption         string ciphertext=encryptor.encrypt (plaintext);         system.out.println (plaintext +  " : "   + ciphertext);     }}

The results of the run output are as follows:

root:azl9cyp9h62r3eugz+tesw==

Again, next we look at how to decrypt:

import org.jasypt.encryption.pbe.standardpbestringencryptor;import  org.jasypt.encryption.pbe.config.environmentstringpbeconfig;/** * when you put the ciphertext in the configuration file, Note:  * enc (ciphertext)  *  @author   Yang Shangchang  */public class ConfigEncryptUtils {     Public static void main (String[] args) {        // Cryptographic Tools         standardpbestringencryptor encryptor = new  standardpbestringencryptor ();         //Encryption Configuration          EnvironmentStringPBEConfig config = new  Environmentstringpbeconfig ();         config.setalgorithm (" Pbewithmd5anddes ")         //change this password when you use it          config.setpassword ("Apdplat");          //application configuration         encryptor.setconfig (config);         string ciphertext= "azl9cyp9h62r3eugz+tesw==";         //decryption         string plaintext= Encryptor.decrypt (ciphertext);         system.out.println (ciphertext  +  " : "  + plaintext);     }}

The results of the run output are as follows:

azl9cyp9h62r3eugz+tesw==: Root

From the above we can see that the only difference between the encrypted and decrypted code is encrypt and decrypt.

Finally, let's look at how to integrate with spring, and add the following configuration to the spring configuration file so that when the values that spring reads are encrypted and decrypted automatically, how does spring determine if a value has been unencrypted? is judged by the specific prefix enc (and suffix).

<!-- spring Properties file Decryption component   --><bean id= "Propertyconfigurer"  class= " Org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer ">    < constructor-arg ref= "Configurationencryptor"  />    <property name= " Systempropertiesmodename " value=" System_properties_mode_override " />    < Property name= "Ignoreresourcenotfound"  value= "true"  />    <property  name= "Locations" >        <list>             <value>classpath:/org/apdplat/config.properties</ Value>            <value>classpath: config.local.properties</value>             <value>classpath:/org/apdplat/db.properties</value>            <value>classpath: db.local.properties</value>        </list>     </property></bean><bean id= "Configurationencryptor"  class= " Org.jasypt.encryption.pbe.StandardPBEStringEncryptor ">    <property name=" Config " ref=" environmentvariablesconfiguration " /></bean><bean id=" Environmentvariablesconfiguration " class=" Org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig " >    <property name= "algorithm"  value= "Pbewithmd5anddes"  />     <property name= "Password"  value= "Apdplat"  /></bean>

After we have configured spring, we can use the user name and password of the encrypted database connection in the specified profile classpath:config.local.properties, and don't forget the specific prefix enc (and suffix) Oh :

#数据库配置文件 #mysqldb.driver=com.mysql.jdbc.driverdb.url=jdbc:mysql://localhost:3306/${module.short.name}? useunicode=true&characterencoding=utf-8&createdatabaseifnotexist=true&autoreconnect= Truedb.username=enc (qpwwr8yemqe63eyywebkaq==) Db.password=enc (qpwwr8yemqe63eyywebkaq==) jpa.database= Mysqldb.backup.command=mysqldump-u${db.username}-p${db.password} ${module.short.name}db.restore.command=mysql-u ${db.username}-p${db.password} ${module.short.name}

How to use Jasypt in your app to protect your database user name and password