【java安全】springBoot配置文件属性名自定义及属性值加密

0.背景

背景：
有些公司项目上线前需要检查配置文件中是否有username和passport的字样，有的话不允许上线，怎么整改成不容易阅读的字符而且还不影响程序运行呢，请往下看

1.修改配置文件，以数据源为例

spring.datasource.dbb.url=jdbc:mysql://localhost:3306/study2?useUnicode=true&allowPublicKeyRetrieval=true&useSSL=false&characterEncoding=utf8&serverTimezone=Asia/Shanghai
spring.datasource.dbb.username=root
spring.datasource.dbb.password=root
上边是自定义前的
下边是自定义后的
spring.datasource.url=pfxSphs3qHtr+PA34DmPwXzDOHzfjt792TiRKY4bMAeMjJF0yzDP3etw8dqny6CKngQnZfXjWAKB6N2tD9+/TuJ3hLXNTx49XFJQzZMaRyVHnWVg+4ommxURosZ/o8YuAhrLnfWIT5AWqOYeE4mg70bh2Wnba9x8K1zL2W0Yg7s=
spring.datasource.us=3jgmUpRuHqoLmF418AV7Sw==
spring.datasource.pa=3jgmUpRuHqoLmF418AV7Sw==

2. 自定义监听器

package com.dragon7531.bdemo.listener;import com.dragon7531.bdemo.aspect.PreventRepeatSubmitAspect;
import com.dragon7531.bdemo.utils.AesUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.event.ApplicationEnvironmentPreparedEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.core.env.ConfigurableEnvironment;public class MyAppEnvPreEveListener implementsApplicationListener<ApplicationEnvironmentPreparedEvent> {private static final Logger LOG = LoggerFactory.getLogger(MyAppEnvPreEveListener.class);@Overridepublic void onApplicationEvent(ApplicationEnvironmentPreparedEvent applicationEnvironmentPreparedEvent) {ConfigurableEnvironment environment = applicationEnvironmentPreparedEvent.getEnvironment();try {//jdbcString url = environment.getProperty("spring.datasource.url");String decUrl= AesUtil.decrypt(url);String unn = environment.getProperty("spring.datasource.us");String decUnn=AesUtil.decrypt(unn);String ppd = environment.getProperty("spring.datasource.pa");String decUPpd=AesUtil.decrypt(ppd);//redis的密码String redisPps = environment.getProperty("spring.redis.pps");if(redisPps!=null){//spring.redis.ppsString decRedisPps=AesUtil.decrypt(redisPps);System.setProperty("spring.redis.password", decRedisPps);}System.setProperty("spring.datasource.url", decUrl);System.setProperty("spring.datasource.username", decUnn);System.setProperty("spring.datasource.password", decUPpd);} catch (Exception e) {LOG.error("配置文件解密报错了"+e.getMessage());}}}

3.启动类中需加入自定义的监听器

@SpringBootApplication
public class BDemoApplication {public static void main(String[] args) {SpringApplicationBuilder builder = new SpringApplicationBuilder(BDemoApplication.class);builder.listeners(new MyAppEnvPreEveListener());builder.run(args);}
}

4.加解密工具类

package com.dragon7531.bdemo.utils;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;/*** Java使用AES加密算法进行加密解密* */
public class AesUtil {private static String aesDefaultKey="1234567890123456" ;public static String encrypt(String text) throws Exception {return encrypt(text,aesDefaultKey);}public static String decrypt(String text) throws Exception {return decrypt(text,aesDefaultKey);}/*** AES算法加密* @Param:text原文* @Param:key密钥* */public static String encrypt(String text,String key) throws Exception {// 创建AES加密算法实例(根据传入指定的秘钥进行加密)Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "AES");// 初始化为加密模式，并将密钥注入到算法中cipher.init(Cipher.ENCRYPT_MODE, keySpec);// 将传入的文本加密byte[] encrypted = cipher.doFinal(text.getBytes());//生成密文// 将密文进行Base64编码，方便传输return Base64.getEncoder().encodeToString(encrypted);}/*** AES算法解密* @Param:base64Encrypted密文* @Param:key密钥* */public static String decrypt(String base64Encrypted,String key)throws Exception{// 创建AES解密算法实例Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "AES");// 初始化为解密模式，并将密钥注入到算法中cipher.init(Cipher.DECRYPT_MODE, keySpec);// 将Base64编码的密文解码byte[] encrypted = Base64.getDecoder().decode(base64Encrypted);// 解密byte[] decrypted = cipher.doFinal(encrypted);return new String(decrypted);}public static void main(String[] args) throws Exception {//明文String text="123456";//秘钥(需要使用长度为16、24或32的字节数组作为AES算法的密钥，否则就会遇到java.security.InvalidKeyException异常)String key=aesDefaultKey;//加密，生成密文String base64Encrypted = encrypt(text,key);System.out.println(base64Encrypted);//解密，获取明文String text2 = decrypt(base64Encrypted,key);System.out.println(text2);}}

5.正常启动并且可以正常访问数据库

6.配套视频演示地址

https://www.bilibili.com/video/BV1Ga4y1z79U/