The original address http://blog.csdn.net/ziwen00/article/details/10729683 the items we use are often this way:
[HTML]View Plain copy print? <bean id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource" destroy-method= "Close" P:driverclass Name= "Oracle.jdbc.driver.OracleDriver" p:url= "JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL" p:username= "CZW" p :p assword= "CZW"/>
<bean id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource"
destroy-method= "Close"
p: Driverclassname= "Oracle.jdbc.driver.OracleDriver"
p:url= "JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL"
p: Username= "CZW"
p:password= "CZW"/>
There will be a fatal problem, if you have a middleware server machine access to the person, see this example Applicationcontext.xml file, and open the file, the IQ of the person will also know what the database user name and password is. This is necessary for the safety of the industry must be eliminated, this is a general technical interview will ask a question. So let's go ahead and answer the question.
First, we need to extract the configuration file into the property:
[HTML] View Plain copy print? <bean class= "Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" p:location= "Classpath:jdbc.properties" p:fileencoding= " Utf-8 " /> <bean Id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource" Destroy-method= "Close" p:driverclassname= "${driverclassname}" p:url= "${url}" p:username= "${username}" p:password= "${password}" />
<bean class= "Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
p:location= " Classpath:jdbc.properties "
p:fileencoding=" Utf-8 "
/>
<bean id=" DataSource "class=" Org.apache.commons.dbcp.BasicDataSource "
destroy-method=" close "
p:driverclassname=" ${driverclassname} "
p:url= "${url}"
p:username= "${username}" p:password=
"${password}"/>
By modifying the first code above to the second code, the first class is responsible for fetching the properties in Jdbc.properties and populating it with datasource so that we can focus all our attention on jdbc.properties.
The question below is how to turn jdbc.properties into an invisible character. We only need to extend the decryption method of the Propertyplaceholderconfigurer parent class Propertyresourceconfigurer Convertproperty:
[HTML] View Plain copy print? package com.carddemo.commonutil; import org.springframework.beans.factory.config.propertyplaceholderconfigurer; public class convertpwdpropertyconfigurer extends propertyplaceholderconfigurer{ @Override protected string convertproperty ( String propertyname, string propertyvalue) { system.out.println ("==================" +propertyname+ ":" +propertyvalue); if ("UserName". Equals (PropertyName)) { return "CZW"; } if ("Password". Equals ( PropertyName)) { &NBSP;&Nbsp; return "CZW"; } return propertyvalue; } }
Package com.cardDemo.commonUtil;
Import Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
public class Convertpwdpropertyconfigurer extends propertyplaceholderconfigurer{
@Override
protected String Convertproperty (String propertyname, String propertyvalue) {
System.out.println ("==================" + Propertyname+ ":" +propertyvalue);
if ("UserName". Equals (PropertyName)) {
return "CZW";
}
if ("Password". Equals (PropertyName)) {
return "CZW";
}
return propertyvalue;
}
}
Then replace the above completed class with the Propertyplaceholderconfigurer in the configuration file:
[HTML]View Plain copy print? <bean class= "Com.cardDemo.commonUtil.ConvertPwdPropertyConfigurer" p:location= "Classpath:jdbc.properties" p : fileencoding= "Utf-8"/>
<bean class= "Com.cardDemo.commonUtil.ConvertPwdPropertyConfigurer"
p:location= "classpath:jdbc.properties "
p:fileencoding=" Utf-8 "
/>
In fact, in my just demo project, the files inside the jdbc.properties are as follows:
[Java]View Plain copy print? Driverclassname=oracle.jdbc.driver.oracledriver URL=JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL userName= Someoneelseunknowusername PASSWORD=SOMEPWDELSEUNKNOWPASSOWRD
Driverclassname=oracle.jdbc.driver.oracledriver
URL=JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL
userName= Someoneelseunknowusername
PASSWORD=SOMEPWDELSEUNKNOWPASSOWRD
In fact, the real password is the Czw/czw,web program run time, display the following content:
2013-8-31 13:26:12 org.apache.catalina.core.StandardEngine Start info: Starting Servlet engine:apache tomcat/6.0.18 2013-8-31 13:26:14 org.apache.catalina.core.ApplicationContext Log info: Initializing Spring Root webapplicationcontext = =================URL:JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL ==================PASSWORD:SOMEPWDELSEUNKNOWPASSOWRD ==================driverclassname:oracle.jdbc.driver.oracledriver ==================username: Someoneelseunknowusername 2013-8-31 13:26:17 org.apache.catalina.core.ApplicationContext log info: Initializing Spring Frameworkservlet ' Carddemo ' 2013-8-31 13:26:18 org.apache.coyote.http11.Http11Protocol start info: Starting Coyote http/ 1.1 on http-8080 2013-8-31 13:26:18 org.apache.jk.common.ChannelSocket init info: jk:ajp13 listening on/0.0.0.0:8009
However, the content obtained in DataSource is the correct user name and password after the replacement. This is just a very simple example, just tell us a way to solve the database user name and password encryption, for example, we can write some more complex logic in the Propertyplaceholderconfigurer subclass, For example, according to Jdbc.properties in the configuration of the files in various means of encryption. In which the user name and password in Jdbc.propertes are replaced by other means, and so on.
Author Chen (keen to Pm\oracle\java, etc., welcome peer Exchange) Email:ziwen@163.com qq:409020100
If a technical interviewer asks you again, how to hide the user name and password in the configuration file, I want to be able to say this idea, if you can mention the Convertproperty method in Propertyplaceholderconfigurer subclasses, It was even more brilliant.