SpringBoot 集成 Druid 配置及数据库密码加密
在项目中,访问数据库是非常必要的,因此我们需要在配置文件中配置数据库路径,账号,密码等。这时领导往往会告诉我们,数据库密码不能是明文,哪怕是在项目配置文件里,因此我们对配置文件里的密码进行加密是非常有必要的
基础配置
基础配置就不多介绍了,采用的是 yml 配置,上面有注释
PS:这里要说下,加密采用的是 Druid 内置的非对称加密方式,因此这里的数据库密码是加密过的,下面需要 publicKey 公钥用于解密
官方参数文档,如果有需要别的参数,可以参考:官方配置属性
spring:
datasource:
url: xxxxxx # url
username: xxxxxx # 用户名
password: xxxxxx # 私钥加密过的密码
publicKey: xxxxxx #公钥
#Druid 连接池通用配置
datasource:
type: com.alibaba.druid.pool.DruidDataSource
druid:
# 下面为连接池的补充设置,应用到上面所有数据源中
# 初始化大小,最小,最大
initial-size: 5
min-idle: 5
max-active: 20
# 配置获取连接等待超时的时间
max-wait: 60000
# 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
time-between-eviction-runs-millis: 60000
# 配置一个连接在池中最小生存的时间,单位是毫秒
min-evictable-idle-time-millis: 300000
# sql 校验
validation-query: select count(1) from sys.objects Where type='U' And type_desc='USER_TABLE'
test-while-idle: true
test-on-borrow: false
test-on-return: false
# 打开PSCache,并且指定每个连接上PSCache的大小
pool-prepared-statements: true
# 配置监控统计拦截的filters,去掉后监控界面sql无法统计,'wall'用于防火墙
max-pool-prepared-statement-per-connection-size: 20
filters: stat # wall 若开启 wall,会把 if 中的 and 判断为注入进行拦截
use-global-data-source-stat: true
# 通过connectProperties属性来打开mergeSql功能;慢SQL记录
connect-properties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=5000Druid 配置文件
我们需要通过这个配置文件对密码进行个解密,然后再连接数据库
加依赖,通过这个依赖,才能通过配置文件对对象中的值进行注入
<!-- 配置文件处理器 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</dependency>
<!-- Druid 依赖 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.9</version>
</dependency>DruidDatsSourceConfig.java:
import com.alibaba.druid.filter.config.ConfigTools;
import com.alibaba.druid.pool.DruidDataSource;
import lombok.Data;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import javax.sql.DataSource;
import java.sql.SQLException;
import java.util.Properties;
/**
* Druid
* @author: author
* @create: 2019-07-01 11:10
**/
@Configuration
@ConfigurationProperties(prefix = "spring.datasource")
@Data
public class DruidDatsSourceConfig {
private Logger logger = LoggerFactory.getLogger(DruidDatsSourceConfig.class);
@Value("${spring.datasource.url}")
private String url;
@Value("${spring.datasource.username}")
private String username;
@Value("${spring.datasource.password}")
private String password;
@Value("${spring.datasource.type}")
private String type;
@Value("${spring.datasource.publicKey}")
private String publicKey;
@Value("${spring.datasource.druid.initial-size}")
private Integer initialSize;
@Value("${spring.datasource.druid.min-idle}")
private Integer minIdle;
@Value("${spring.datasource.druid.max-active}")
private Integer maxActive;
@Value("${spring.datasource.druid.max-wait}")
private Integer maxWait;
@Value("${spring.datasource.druid.time-between-eviction-runs-millis}")
private Integer timeBetweenEvictionRunsMillis;
@Value("${spring.datasource.druid.min-evictable-idle-time-millis}")
private Integer minEvictableIdleTimeMillis;
@Value("${spring.datasource.druid.validation-query}")
private String validationQuery;
@Value("${spring.datasource.druid.test-while-idle}")
private Boolean testWhileIdle;
@Value("${spring.datasource.druid.test-on-borrow}")
private Boolean testOnBorrow;
@Value("${spring.datasource.druid.test-on-return}")
private Boolean testOnReturn;
@Value("${spring.datasource.druid.pool-prepared-statements}")
private Boolean poolPreparedStatements;
@Value("${spring.datasource.druid.max-pool-prepared-statement-per-connection-size}")
private Integer maxPoolPreparedStatementPerConnectionSize;
@Value("${spring.datasource.druid.filters}")
private String filters;
@Value("${spring.datasource.druid.use-global-data-source-stat}")
private Boolean useGlobalDataSourceStat;
@Value("${spring.datasource.druid.connect-properties}")
private Properties connectProperties;
/**
* 数据库参数注入
* @return
* @throws Exception
*/
@Bean
@Primary
public DataSource druidDataSource() throws Exception {
DruidDataSource datasource = new DruidDataSource();
datasource.setUrl(url);
datasource.setUsername(username);
// 解密后,再 set 进对象
datasource.setPassword(ConfigTools.decrypt(publicKey, password));
logger.info("密码:" + ConfigTools.decrypt(publicKey, password));
datasource.setInitialSize(initialSize);
datasource.setMinIdle(minIdle);
datasource.setMaxActive(maxActive);
datasource.setMaxWait(maxWait);
datasource.setTimeBetweenEvictionRunsMillis(timeBetweenEvictionRunsMillis);
datasource.setMinEvictableIdleTimeMillis(minEvictableIdleTimeMillis);
datasource.setValidationQuery(validationQuery);
datasource.setTestWhileIdle(testWhileIdle);
datasource.setTestOnBorrow(testOnBorrow);
datasource.setTestOnReturn(testOnReturn);
datasource.setUseGlobalDataSourceStat(useGlobalDataSourceStat);
datasource.setConnectProperties(connectProperties);
try {
datasource.setFilters(filters);
} catch (SQLException e) {
logger.error("========druid configuration initialization filter========", e);
}
return datasource;
}
/**
* 生成公私钥以及加密密码
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
String password = "xxxx";
String[] arr = ConfigTools.genKeyPair(512);
System.out.println("password:" + password);
System.out.println("privateKey:" + arr[0]);
System.out.println("publicKey:" + arr[1]);
System.out.println("password:" + ConfigTools.encrypt(arr[0], password));
}
}关于密码加密
这种方式可能有些繁琐,我后面采用了 Jasypt 对数据库密码进行加密
SpringBoot 集成 Jasypt 对数据库加密以及踩坑