Encrypt the user name password in the JDBC configuration file

Source: Internet
Author: User
Tags apache tomcat
The original address http://blog.csdn.net/ziwen00/article/details/10729683 the items we use are often this way: [HTML]View Plain copy print? <bean id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource" destroy-method= "Close" P:driverclass Name= "Oracle.jdbc.driver.OracleDriver" p:url= "JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL" p:username= "CZW" p :p assword= "CZW"/>
<bean id= "DataSource" class= "Org.apache.commons.dbcp.BasicDataSource"
	destroy-method= "Close" 
	p: Driverclassname= "Oracle.jdbc.driver.OracleDriver"
	p:url= "JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL" 
	p: Username= "CZW"
	p:password= "CZW"/>


There will be a fatal problem, if you have a middleware server machine access to the person, see this example Applicationcontext.xml file, and open the file, the IQ of the person will also know what the database user name and password is. This is necessary for the safety of the industry must be eliminated, this is a general technical interview will ask a question. So let's go ahead and answer the question.
First, we need to extract the configuration file into the property: [HTML] View Plain copy print? <bean class= "Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"         p:location= "Classpath:jdbc.properties"        p:fileencoding= " Utf-8 "       />          <bean  Id= "DataSource"  class= "Org.apache.commons.dbcp.BasicDataSource"         Destroy-method= "Close"         p:driverclassname= "${driverclassname}"         p:url= "${url}"         p:username= "${username}"        p:password= "${password}"  />  
<bean class= "Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
  	p:location= " Classpath:jdbc.properties "
  	p:fileencoding=" Utf-8 "
  	/>
  	
<bean id=" DataSource "class=" Org.apache.commons.dbcp.BasicDataSource "
	destroy-method=" close " 
	p:driverclassname=" ${driverclassname} "
	p:url= "${url}" 
	p:username= "${username}" p:password=
	"${password}"/>


By modifying the first code above to the second code, the first class is responsible for fetching the properties in Jdbc.properties and populating it with datasource so that we can focus all our attention on jdbc.properties.
The question below is how to turn jdbc.properties into an invisible character. We only need to extend the decryption method of the Propertyplaceholderconfigurer parent class Propertyresourceconfigurer Convertproperty:
[HTML] View Plain copy print? package com.carddemo.commonutil;      import  org.springframework.beans.factory.config.propertyplaceholderconfigurer;      public  class convertpwdpropertyconfigurer extends propertyplaceholderconfigurer{         @Override        protected string convertproperty ( String propertyname, string propertyvalue)  {            system.out.println ("==================" +propertyname+ ":" +propertyvalue);            if ("UserName". Equals (PropertyName)) {                return  "CZW";            }           if ("Password". Equals ( PropertyName)) {   &NBSP;&Nbsp;          return  "CZW";            }           return  propertyvalue;       }  }  
Package com.cardDemo.commonUtil;

Import Org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;

public class Convertpwdpropertyconfigurer extends propertyplaceholderconfigurer{
	@Override
	protected String Convertproperty (String propertyname, String propertyvalue) {
		System.out.println ("==================" + Propertyname+ ":" +propertyvalue);
		if ("UserName". Equals (PropertyName)) {
			return "CZW";
		}
		if ("Password". Equals (PropertyName)) {
			return "CZW";
		}
		return propertyvalue;
	}
}


Then replace the above completed class with the Propertyplaceholderconfigurer in the configuration file:
[HTML]View Plain copy print? <bean class= "Com.cardDemo.commonUtil.ConvertPwdPropertyConfigurer" p:location= "Classpath:jdbc.properties" p : fileencoding= "Utf-8"/>
<bean class= "Com.cardDemo.commonUtil.ConvertPwdPropertyConfigurer"
	p:location= "classpath:jdbc.properties "
	p:fileencoding=" Utf-8 "
	/>



In fact, in my just demo project, the files inside the jdbc.properties are as follows:
[Java]View Plain copy print? Driverclassname=oracle.jdbc.driver.oracledriver URL=JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL userName= Someoneelseunknowusername PASSWORD=SOMEPWDELSEUNKNOWPASSOWRD
Driverclassname=oracle.jdbc.driver.oracledriver
URL=JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL
userName= Someoneelseunknowusername
PASSWORD=SOMEPWDELSEUNKNOWPASSOWRD



In fact, the real password is the Czw/czw,web program run time, display the following content:
2013-8-31 13:26:12 org.apache.catalina.core.StandardEngine Start info: Starting Servlet engine:apache tomcat/6.0.18 2013-8-31 13:26:14 org.apache.catalina.core.ApplicationContext Log info: Initializing Spring Root webapplicationcontext = =================URL:JDBC:ORACLE:THIN:@127.0.0.1:1523:ORCL ==================PASSWORD:SOMEPWDELSEUNKNOWPASSOWRD ==================driverclassname:oracle.jdbc.driver.oracledriver ==================username: Someoneelseunknowusername 2013-8-31 13:26:17 org.apache.catalina.core.ApplicationContext log info: Initializing Spring Frameworkservlet ' Carddemo ' 2013-8-31 13:26:18 org.apache.coyote.http11.Http11Protocol start info: Starting Coyote http/ 1.1 on http-8080 2013-8-31 13:26:18 org.apache.jk.common.ChannelSocket init info: jk:ajp13 listening on/0.0.0.0:8009
However, the content obtained in DataSource is the correct user name and password after the replacement. This is just a very simple example, just tell us a way to solve the database user name and password encryption, for example, we can write some more complex logic in the Propertyplaceholderconfigurer subclass, For example, according to Jdbc.properties in the configuration of the files in various means of encryption. In which the user name and password in Jdbc.propertes are replaced by other means, and so on.
Author Chen (keen to Pm\oracle\java, etc., welcome peer Exchange) Email:ziwen@163.com qq:409020100
If a technical interviewer asks you again, how to hide the user name and password in the configuration file, I want to be able to say this idea, if you can mention the Convertproperty method in Propertyplaceholderconfigurer subclasses, It was even more brilliant.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.