【移除】`jasypt-spring-boot-starter` 加密库使用 hutool AES 替代
parent
b8e907ba62
commit
3c4af5210c
|
@ -49,7 +49,6 @@
|
||||||
<!-- Bpm 工作流相关 -->
|
<!-- Bpm 工作流相关 -->
|
||||||
<flowable.version>6.7.2</flowable.version>
|
<flowable.version>6.7.2</flowable.version>
|
||||||
<!-- 工具类相关 -->
|
<!-- 工具类相关 -->
|
||||||
<jasypt-spring-boot-starter.version>3.0.4</jasypt-spring-boot-starter.version>
|
|
||||||
<lombok.version>1.18.24</lombok.version>
|
<lombok.version>1.18.24</lombok.version>
|
||||||
<mapstruct.version>1.5.3.Final</mapstruct.version>
|
<mapstruct.version>1.5.3.Final</mapstruct.version>
|
||||||
<hutool.version>5.8.9</hutool.version>
|
<hutool.version>5.8.9</hutool.version>
|
||||||
|
@ -449,12 +448,6 @@
|
||||||
<version>${revision}</version>
|
<version>${revision}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
|
||||||
<groupId>com.github.ulisesbocchio</groupId>
|
|
||||||
<artifactId>jasypt-spring-boot-starter</artifactId> <!-- 加解密 -->
|
|
||||||
<version>${jasypt-spring-boot-starter.version}</version>
|
|
||||||
</dependency>
|
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>cn.iocoder.cloud</groupId>
|
<groupId>cn.iocoder.cloud</groupId>
|
||||||
<artifactId>yudao-spring-boot-starter-excel</artifactId>
|
<artifactId>yudao-spring-boot-starter-excel</artifactId>
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
package cn.iocoder.yudao.framework.mybatis.core.type;
|
package cn.iocoder.yudao.framework.mybatis.core.type;
|
||||||
|
|
||||||
import cn.hutool.core.lang.Assert;
|
import cn.hutool.core.lang.Assert;
|
||||||
|
import cn.hutool.crypto.SecureUtil;
|
||||||
|
import cn.hutool.crypto.symmetric.AES;
|
||||||
import cn.hutool.extra.spring.SpringUtil;
|
import cn.hutool.extra.spring.SpringUtil;
|
||||||
import org.apache.ibatis.type.BaseTypeHandler;
|
import org.apache.ibatis.type.BaseTypeHandler;
|
||||||
import org.apache.ibatis.type.JdbcType;
|
import org.apache.ibatis.type.JdbcType;
|
||||||
import org.jasypt.encryption.StringEncryptor;
|
|
||||||
|
|
||||||
import java.sql.CallableStatement;
|
import java.sql.CallableStatement;
|
||||||
import java.sql.PreparedStatement;
|
import java.sql.PreparedStatement;
|
||||||
|
@ -12,18 +13,20 @@ import java.sql.ResultSet;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 字段字段的 TypeHandler 实现类,基于 {@link StringEncryptor} 实现
|
* 字段字段的 TypeHandler 实现类,基于 {@link AES} 实现
|
||||||
* 可通过 jasypt.encryptor.password 配置项,设置密钥
|
* 可通过 jasypt.encryptor.password 配置项,设置密钥
|
||||||
*
|
*
|
||||||
* @author 芋道源码
|
* @author 芋道源码
|
||||||
*/
|
*/
|
||||||
public class EncryptTypeHandler extends BaseTypeHandler<String> {
|
public class EncryptTypeHandler extends BaseTypeHandler<String> {
|
||||||
|
|
||||||
private static StringEncryptor encryptor;
|
private static final String ENCRYPTOR_PROPERTY_NAME = "mybatis-plus.encryptor.password";
|
||||||
|
|
||||||
|
private static AES aes;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setNonNullParameter(PreparedStatement ps, int i, String parameter, JdbcType jdbcType) throws SQLException {
|
public void setNonNullParameter(PreparedStatement ps, int i, String parameter, JdbcType jdbcType) throws SQLException {
|
||||||
ps.setString(i, getEncryptor().encrypt(parameter));
|
ps.setString(i, encrypt(parameter));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -48,23 +51,25 @@ public class EncryptTypeHandler extends BaseTypeHandler<String> {
|
||||||
if (value == null) {
|
if (value == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
return getEncryptor().decrypt(value);
|
return getEncryptor().decryptStr(value);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String encrypt(String rawValue) {
|
public static String encrypt(String rawValue) {
|
||||||
if (rawValue == null) {
|
if (rawValue == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
return getEncryptor().encrypt(rawValue);
|
return getEncryptor().encryptBase64(rawValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static StringEncryptor getEncryptor() {
|
private static AES getEncryptor() {
|
||||||
if (encryptor != null) {
|
if (aes != null) {
|
||||||
return encryptor;
|
return aes;
|
||||||
}
|
}
|
||||||
encryptor = SpringUtil.getBean(StringEncryptor.class);
|
// 构建 AES
|
||||||
Assert.notNull(encryptor, "StringEncryptor 不能为空");
|
String password = SpringUtil.getProperty(ENCRYPTOR_PROPERTY_NAME);
|
||||||
return encryptor;
|
Assert.notEmpty(password, "配置项({}) 不能为空", ENCRYPTOR_PROPERTY_NAME);
|
||||||
|
aes = SecureUtil.aes(password.getBytes());
|
||||||
|
return aes;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,10 +58,6 @@ spring:
|
||||||
database: 1 # 数据库索引
|
database: 1 # 数据库索引
|
||||||
# password: 123456 # 密码,建议生产环境开启
|
# password: 123456 # 密码,建议生产环境开启
|
||||||
|
|
||||||
jasypt:
|
|
||||||
encryptor:
|
|
||||||
password: yuanma # 加解密的秘钥
|
|
||||||
|
|
||||||
--- #################### MQ 消息队列相关配置 ####################
|
--- #################### MQ 消息队列相关配置 ####################
|
||||||
spring:
|
spring:
|
||||||
cloud:
|
cloud:
|
||||||
|
|
|
@ -68,10 +68,6 @@ spring:
|
||||||
database: 0 # 数据库索引
|
database: 0 # 数据库索引
|
||||||
# password: 123456 # 密码,建议生产环境开启
|
# password: 123456 # 密码,建议生产环境开启
|
||||||
|
|
||||||
jasypt:
|
|
||||||
encryptor:
|
|
||||||
password: yuanma # 加解密的秘钥
|
|
||||||
|
|
||||||
--- #################### MQ 消息队列相关配置 ####################
|
--- #################### MQ 消息队列相关配置 ####################
|
||||||
spring:
|
spring:
|
||||||
cloud:
|
cloud:
|
||||||
|
|
|
@ -58,10 +58,6 @@ spring:
|
||||||
database: 1 # 数据库索引
|
database: 1 # 数据库索引
|
||||||
# password: 123456 # 密码,建议生产环境开启
|
# password: 123456 # 密码,建议生产环境开启
|
||||||
|
|
||||||
jasypt:
|
|
||||||
encryptor:
|
|
||||||
password: yuanma # 加解密的秘钥
|
|
||||||
|
|
||||||
--- #################### MQ 消息队列相关配置 ####################
|
--- #################### MQ 消息队列相关配置 ####################
|
||||||
spring:
|
spring:
|
||||||
cloud:
|
cloud:
|
||||||
|
|
|
@ -69,10 +69,6 @@ spring:
|
||||||
database: 0 # 数据库索引
|
database: 0 # 数据库索引
|
||||||
# password: 123456 # 密码,建议生产环境开启
|
# password: 123456 # 密码,建议生产环境开启
|
||||||
|
|
||||||
jasypt:
|
|
||||||
encryptor:
|
|
||||||
password: yuanma # 加解密的秘钥
|
|
||||||
|
|
||||||
--- #################### MQ 消息队列相关配置 ####################
|
--- #################### MQ 消息队列相关配置 ####################
|
||||||
spring:
|
spring:
|
||||||
cloud:
|
cloud:
|
||||||
|
|
|
@ -40,6 +40,8 @@ mybatis-plus:
|
||||||
logic-delete-value: 1 # 逻辑已删除值(默认为 1)
|
logic-delete-value: 1 # 逻辑已删除值(默认为 1)
|
||||||
logic-not-delete-value: 0 # 逻辑未删除值(默认为 0)
|
logic-not-delete-value: 0 # 逻辑未删除值(默认为 0)
|
||||||
type-aliases-package: ${yudao.info.base-package}.dal.dataobject
|
type-aliases-package: ${yudao.info.base-package}.dal.dataobject
|
||||||
|
encryptor:
|
||||||
|
password: XDV71a+xqStEA3WH # 加解密的秘钥,可使用 https://www.imaegoo.com/2020/aes-key-generator/ 网站生成
|
||||||
|
|
||||||
--- #################### RPC 远程调用相关配置 ####################
|
--- #################### RPC 远程调用相关配置 ####################
|
||||||
dubbo:
|
dubbo:
|
||||||
|
|
|
@ -21,8 +21,3 @@ spring:
|
||||||
group: DEFAULT_GROUP # 使用的 Nacos 配置分组,默认为 DEFAULT_GROUP
|
group: DEFAULT_GROUP # 使用的 Nacos 配置分组,默认为 DEFAULT_GROUP
|
||||||
name: # 使用的 Nacos 配置集的 dataId,默认为 spring.application.name
|
name: # 使用的 Nacos 配置集的 dataId,默认为 spring.application.name
|
||||||
file-extension: yaml # 使用的 Nacos 配置集的 dataId 的文件拓展名,同时也是 Nacos 配置集的配置格式,默认为 properties
|
file-extension: yaml # 使用的 Nacos 配置集的 dataId 的文件拓展名,同时也是 Nacos 配置集的配置格式,默认为 properties
|
||||||
|
|
||||||
# jasypt 禁止 Spring Cloud 的 bootstrap 阶段的启动,解决 https://github.com/ulisesbocchio/jasypt-spring-boot/issues/256 问题
|
|
||||||
jasypt:
|
|
||||||
encryptor:
|
|
||||||
bootstrap: false
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package cn.iocoder.yudao.module.infra.service.db;
|
package cn.iocoder.yudao.module.infra.service.db;
|
||||||
|
|
||||||
import cn.hutool.core.util.ReflectUtil;
|
import cn.hutool.core.util.ReflectUtil;
|
||||||
|
import cn.hutool.crypto.symmetric.AES;
|
||||||
import cn.iocoder.yudao.framework.mybatis.core.type.EncryptTypeHandler;
|
import cn.iocoder.yudao.framework.mybatis.core.type.EncryptTypeHandler;
|
||||||
import cn.iocoder.yudao.framework.mybatis.core.util.JdbcUtils;
|
import cn.iocoder.yudao.framework.mybatis.core.util.JdbcUtils;
|
||||||
import cn.iocoder.yudao.framework.test.core.ut.BaseDbUnitTest;
|
import cn.iocoder.yudao.framework.test.core.ut.BaseDbUnitTest;
|
||||||
|
@ -9,7 +10,6 @@ import cn.iocoder.yudao.module.infra.controller.admin.db.vo.DataSourceConfigUpda
|
||||||
import cn.iocoder.yudao.module.infra.dal.dataobject.db.DataSourceConfigDO;
|
import cn.iocoder.yudao.module.infra.dal.dataobject.db.DataSourceConfigDO;
|
||||||
import cn.iocoder.yudao.module.infra.dal.mysql.db.DataSourceConfigMapper;
|
import cn.iocoder.yudao.module.infra.dal.mysql.db.DataSourceConfigMapper;
|
||||||
import com.baomidou.dynamic.datasource.spring.boot.autoconfigure.DynamicDataSourceProperties;
|
import com.baomidou.dynamic.datasource.spring.boot.autoconfigure.DynamicDataSourceProperties;
|
||||||
import org.jasypt.encryption.StringEncryptor;
|
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.mockito.MockedStatic;
|
import org.mockito.MockedStatic;
|
||||||
|
@ -24,7 +24,8 @@ import static cn.iocoder.yudao.framework.test.core.util.AssertUtils.assertServic
|
||||||
import static cn.iocoder.yudao.framework.test.core.util.RandomUtils.randomLongId;
|
import static cn.iocoder.yudao.framework.test.core.util.RandomUtils.randomLongId;
|
||||||
import static cn.iocoder.yudao.framework.test.core.util.RandomUtils.randomPojo;
|
import static cn.iocoder.yudao.framework.test.core.util.RandomUtils.randomPojo;
|
||||||
import static cn.iocoder.yudao.module.infra.enums.ErrorCodeConstants.DATA_SOURCE_CONFIG_NOT_EXISTS;
|
import static cn.iocoder.yudao.module.infra.enums.ErrorCodeConstants.DATA_SOURCE_CONFIG_NOT_EXISTS;
|
||||||
import static org.junit.jupiter.api.Assertions.*;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||||
import static org.mockito.ArgumentMatchers.anyString;
|
import static org.mockito.ArgumentMatchers.anyString;
|
||||||
import static org.mockito.ArgumentMatchers.eq;
|
import static org.mockito.ArgumentMatchers.eq;
|
||||||
import static org.mockito.Mockito.mockStatic;
|
import static org.mockito.Mockito.mockStatic;
|
||||||
|
@ -45,7 +46,7 @@ public class DataSourceConfigServiceImplTest extends BaseDbUnitTest {
|
||||||
private DataSourceConfigMapper dataSourceConfigMapper;
|
private DataSourceConfigMapper dataSourceConfigMapper;
|
||||||
|
|
||||||
@MockBean
|
@MockBean
|
||||||
private StringEncryptor stringEncryptor;
|
private AES aes;
|
||||||
|
|
||||||
@MockBean
|
@MockBean
|
||||||
private DynamicDataSourceProperties dynamicDataSourceProperties;
|
private DynamicDataSourceProperties dynamicDataSourceProperties;
|
||||||
|
@ -53,9 +54,9 @@ public class DataSourceConfigServiceImplTest extends BaseDbUnitTest {
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
public void setUp() {
|
public void setUp() {
|
||||||
// mock 一个空实现的 StringEncryptor,避免 EncryptTypeHandler 报错
|
// mock 一个空实现的 StringEncryptor,避免 EncryptTypeHandler 报错
|
||||||
ReflectUtil.setFieldValue(EncryptTypeHandler.class, "encryptor", stringEncryptor);
|
ReflectUtil.setFieldValue(EncryptTypeHandler.class, "aes", aes);
|
||||||
when(stringEncryptor.encrypt(anyString())).then((Answer<String>) invocation -> invocation.getArgument(0));
|
when(aes.encryptBase64(anyString())).then((Answer<String>) invocation -> invocation.getArgument(0));
|
||||||
when(stringEncryptor.decrypt(anyString())).then((Answer<String>) invocation -> invocation.getArgument(0));
|
when(aes.decryptStr(anyString())).then((Answer<String>) invocation -> invocation.getArgument(0));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -58,10 +58,6 @@ spring:
|
||||||
database: 1 # 数据库索引
|
database: 1 # 数据库索引
|
||||||
# password: 123456 # 密码,建议生产环境开启
|
# password: 123456 # 密码,建议生产环境开启
|
||||||
|
|
||||||
jasypt:
|
|
||||||
encryptor:
|
|
||||||
password: yuanma # 加解密的秘钥
|
|
||||||
|
|
||||||
--- #################### MQ 消息队列相关配置 ####################
|
--- #################### MQ 消息队列相关配置 ####################
|
||||||
spring:
|
spring:
|
||||||
cloud:
|
cloud:
|
||||||
|
|
|
@ -68,10 +68,6 @@ spring:
|
||||||
database: 0 # 数据库索引
|
database: 0 # 数据库索引
|
||||||
# password: 123456 # 密码,建议生产环境开启
|
# password: 123456 # 密码,建议生产环境开启
|
||||||
|
|
||||||
jasypt:
|
|
||||||
encryptor:
|
|
||||||
password: yuanma # 加解密的秘钥
|
|
||||||
|
|
||||||
--- #################### MQ 消息队列相关配置 ####################
|
--- #################### MQ 消息队列相关配置 ####################
|
||||||
spring:
|
spring:
|
||||||
cloud:
|
cloud:
|
||||||
|
|
Loading…
Reference in New Issue