使用Spring PropertyPlaceholderConfigurer加载的配置文件加密

为了使application.properties文件中的数据库连接用户名和密码保存成密文，我们做如下处理：首先使用加密程序算出密文，然后spring 加载配置文件的时候再解密，其实就是在数据库连接池调用之前进行了解密工作。

原配置文件如：

jdbc.driverClassName=oracle.jdbc.driver.OracleDriver
jdbc.url=jdbc:oracle:thin:@192.168.0.1:1521:orcl
jdbc.username=oracle
jdbc.password=oracle

 加密后的配置文件[生成此密文的秘钥和下面常量里面的秘钥不同]：

jdbc.driverClassName=eb04a2effc62b4119af9fc911259d3346835eff4edf1de6bbfd187f7a2c73828
jdbc.url=ecb893755ede111c849a884924d16f1ea3874f16546e457950d8a541d3b2aee1ce7bd2073ebd0e3f
jdbc.username=ff91f4d795574a71
jdbc.password=ff91f4d795574a71

 我使用的javax.crypto.Cipher加密解密类，根据项目使用不同可以随意更换自己的加密解密算法，之后添加PropertyPlaceholderConfigurer的子类，在processProperties方法中解密即可，代码如下：

import java.util.Properties;

import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;

import com.joinsoft.LoginConstants;

public class EncryptablePropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer{

	private static final String key = LoginConstants.JDBC_DESC_KEY;

    protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
        throws BeansException {
            try {
            	EncryptionDecryption decryption = new EncryptionDecryption(key);
            	
                String username = props.getProperty(LoginConstants.JDBC_DATASOURCE_USERNAME_KEY);
                if (username != null) {
                    props.setProperty(LoginConstants.JDBC_DATASOURCE_USERNAME_KEY, decryption.decrypt(username));
                }
                
                String password = props.getProperty(LoginConstants.JDBC_DATASOURCE_PASSWORD_KEY);
                if (password != null) {
                    props.setProperty(LoginConstants.JDBC_DATASOURCE_PASSWORD_KEY, decryption.decrypt(password));
                }
                
                String url = props.getProperty(LoginConstants.JDBC_DATASOURCE_URL_KEY);
                if (url != null) {
                    props.setProperty(LoginConstants.JDBC_DATASOURCE_URL_KEY, decryption.decrypt(url));
                }
                
                String driverClassName = props.getProperty(LoginConstants.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY);
                if(driverClassName != null){
                    props.setProperty(LoginConstants.JDBC_DATASOURCE_DRIVERCLASSNAME_KEY, decryption.decrypt(driverClassName));
                }
                super.processProperties(beanFactory, props);
            } catch (Exception e) {
                e.printStackTrace();
                throw new BeanInitializationException(e.getMessage());
            }
        }
}

 附1，加密解密程序：

import java.security.Key;
import java.security.Security;

import javax.crypto.Cipher;

import com.sun.crypto.provider.SunJCE;

public class EncryptionDecryption {
    private static String strDefaultKey = "goodluck";
    private Cipher encryptCipher = null;
    private Cipher decryptCipher = null;

    public static String byteArr2HexStr(byte[] arrB) throws Exception {
        int iLen = arrB.length;
        StringBuffer sb = new StringBuffer(iLen * 2);
        for (int i = 0; i < iLen; i++) {
            int intTmp = arrB[i];
            while (intTmp < 0) {
                intTmp = intTmp + 256;
            }
            if (intTmp < 16) {
                sb.append("0");
            }
            sb.append(Integer.toString(intTmp, 16));
        }
        return sb.toString();
    }

    public static byte[] hexStr2ByteArr(String strIn) throws Exception {
        byte[] arrB = strIn.getBytes();
        int iLen = arrB.length;

        byte[] arrOut = new byte[iLen / 2];
        for (int i = 0; i < iLen; i = i + 2) {
            String strTmp = new String(arrB, i, 2);
            arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16);
        }
        return arrOut;
    }

    public EncryptionDecryption() throws Exception {
        this(strDefaultKey);
    }

    public EncryptionDecryption(String strKey) throws Exception {
        Security.addProvider(new SunJCE());
        Key key = getKey(strKey.getBytes());

        encryptCipher = Cipher.getInstance("DES");
        encryptCipher.init(Cipher.ENCRYPT_MODE, key);

        decryptCipher = Cipher.getInstance("DES");
        decryptCipher.init(Cipher.DECRYPT_MODE, key);
    }

    public byte[] encrypt(byte[] arrB) throws Exception {
        return encryptCipher.doFinal(arrB);
    }

    public String encrypt(String strIn) throws Exception {
        return byteArr2HexStr(encrypt(strIn.getBytes()));
    }

    public byte[] decrypt(byte[] arrB) throws Exception {
        return decryptCipher.doFinal(arrB);
    }

    public String decrypt(String strIn) throws Exception {
        try {
            return new String(decrypt(hexStr2ByteArr(strIn)));
        } catch (Exception e) {
            return "";
        }
    }

    private Key getKey(byte[] arrBTmp) throws Exception {      
        byte[] arrB = new byte[8];
        for (int i = 0; i < arrBTmp.length && i < arrB.length; i++) {
            arrB[i] = arrBTmp[i];
        }
        Key key = new javax.crypto.spec.SecretKeySpec(arrB, "DES");
        return key;
    }
       
}

 附2，常量定义：

//jdbc文件加密
public static final String JDBC_DESC_KEY = "missyou";
public static final String JDBC_DATASOURCE_USERNAME_KEY = "jdbc.username";
public static final String JDBC_DATASOURCE_PASSWORD_KEY = "jdbc.password";
public static final String JDBC_DATASOURCE_URL_KEY = "jdbc.url";
public static final String JDBC_DATASOURCE_DRIVERCLASSNAME_KEY = "jdbc.driverClassName";