一、配置Jasypt
1.在pom.xml中导入依赖
<!-- Jasypt 加密工具 -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>注释:项目使用了@SpringBootApplication或@EnableAutoConfiguration注解,可以直接使用starter依赖,否则要用其他方法。其他方法见参考文章里。
2.配置Jasypt信息
2.1 使用@Configuration配置信息
package com.xj.util.jasypt;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @Author: xjfu
* @Create: 2025/07/16 15:13
* @Description: Jastpt配置信息
*/
@Configuration
public class JasyptConfig {
@Value("${jasypt.encryptor.password:default-secret-key}")
private String password;
/**
* 配置Jasypt加密器
*
* @return StringEncryptor加密器实例
*/
@Bean("jasyptStringEncryptor")
public StringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
// 设置加密密钥 通过配置阐述,安全
config.setPassword(password);
//设置加密秘钥 直接写死,但是不安全
//config.setPassword("xj20250716");
// 设置加密算法
// 注意:Jasypt 3.0.0之后默认算法为PBEWITHHMACSHA512ANDAES_256
// 需要JDK 9+或添加JCE支持,否则可能报错
// 如果使用较低版本的JDK,可以选择兼容的算法如PBEWithMD5AndDES
config.setAlgorithm("PBEWithMD5AndDES");
// 设置密钥获取迭代次数
config.setKeyObtentionIterations("1000");
// 设置加密器的池大小
config.setPoolSize("1");
// 设置随机盐生成器
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
// 设置字符串输出格式
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}
}2.2 使用配置文件方式
# Jasypt配置(必须放在最前面)
jasypt:
encryptor:
bean: jasyptStringEncryptor
# 可以使用环境变量或命令行参数传入密钥
password: ${JASYPT_ENCRYPTOR_PASSWORD:default-secret-key}
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.RandomIvGenerator
2.3 配置文件详解
3.Jasypt工具类
package com.xj.util.jasypt;
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
/**
* @Author: xjfu
* @Create: 2025/07/16 15:15
* @Description: Jasypt工具类
*/
@Component
public class JasyptUtil {
private final StringEncryptor encryptor;
@Autowired
public JasyptUtil(@Qualifier("jasyptStringEncryptor") StringEncryptor encryptor) {
this.encryptor = encryptor;
}
/**
* 加密方法
*
* @param value 待加密的字符串
* @return 加密后的字符串
*/
public String encrypt(String value) {
return encryptor.encrypt(value);
}
/**
* 解密方法
*
* @param value 待解密的字符串
* @return 解密后的字符串
*/
public String decrypt(String value) {
return encryptor.decrypt(value);
}
}4.配置Jasypt的秘钥
4.1 IDEA中配置
4.1.1 配置方法一
--jasypt.encryptor.password=xj20250716
4.1.2 配置方法二
-Djasypt.encryptor.password=xj20250716
4.2 程序启动时命令行中带入
方式一:作为程序启动时的命令行参数来带入
java -jar app.jar --jasypt.encryptor.password=xxxxxx
方式二:作为程序启动时的应用环境变量来带入
java -Djasypt.encryptor.password=xxxxxx -jar app.jar
5.使用ENC()包裹加密密文
Jasypt使用特定格式来标识加密的属性值。在配置文件中,加密的值需要使用ENC(加密后的值)格式。
二、项目举例
1.项目架构
2.代码实现
MainApplication.java:
package com.xj.main;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
/**
* @Author : xjfu
* @Date : 2022/6/8 8:38
* @Description :Spring Boot 启动类
*/
@ComponentScan("com.xj")
@SpringBootApplication
@MapperScan("com.xj.dao.mapper")
public class MainApplication {
public static void main(String[] args) {
try{
SpringApplication.run(MainApplication.class, args);
}catch (Exception e){
e.printStackTrace();
}
}
}
JasyptConfig.java:
package com.xj.util.jasypt;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @Author: xjfu
* @Create: 2025/07/16 15:13
* @Description: Jastpt配置信息
*/
@Configuration
public class JasyptConfig {
@Value("${jasypt.encryptor.password:default-secret-key}")
private String password;
/**
* 配置Jasypt加密器
*
* @return StringEncryptor加密器实例
*/
@Bean("jasyptStringEncryptor")
public StringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
// 设置加密密钥 通过配置阐述,安全
config.setPassword(password);
//设置加密秘钥 直接写死,但是不安全
//config.setPassword("xj20250716");
// 设置加密算法
// 注意:Jasypt 3.0.0之后默认算法为PBEWITHHMACSHA512ANDAES_256
// 需要JDK 9+或添加JCE支持,否则可能报错
// 如果使用较低版本的JDK,可以选择兼容的算法如PBEWithMD5AndDES
config.setAlgorithm("PBEWithMD5AndDES");
// 设置密钥获取迭代次数
config.setKeyObtentionIterations("1000");
// 设置加密器的池大小
config.setPoolSize("1");
// 设置随机盐生成器
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
// 设置字符串输出格式
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}
}JasyptUtil.java:
package com.xj.util.jasypt;
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
/**
* @Author: xjfu
* @Create: 2025/07/16 15:15
* @Description: Jasypt工具类
*/
@Component
public class JasyptUtil {
private final StringEncryptor encryptor;
@Autowired
public JasyptUtil(@Qualifier("jasyptStringEncryptor") StringEncryptor encryptor) {
this.encryptor = encryptor;
}
/**
* 加密方法
*
* @param value 待加密的字符串
* @return 加密后的字符串
*/
public String encrypt(String value) {
return encryptor.encrypt(value);
}
/**
* 解密方法
*
* @param value 待解密的字符串
* @return 解密后的字符串
*/
public String decrypt(String value) {
return encryptor.decrypt(value);
}
}JasyptController.java:
package com.xj.controller;
import com.xj.entity.JasyptRequest;
import com.xj.util.jasypt.JasyptUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.*;
/**
* @Author: xjfu
* @Create: 2025/07/16 15:18
* @Description: Jasypt控制类,用于对铭文进行加密或者解密以及验证数据库密码
*/
@RequestMapping(value = "/jasypt",method = RequestMethod.POST)
@RestController
public class JasyptController {
@Autowired
private JasyptUtil jasyptUtil;
@Value("${spring.datasource.password}")
private String databasePassword;
/**
* 加密接口
*/
@RequestMapping(value = "/encrypt", method = RequestMethod.GET)
public String encrypt(@RequestParam String encryptStr) {
return jasyptUtil.encrypt(encryptStr);
}
/**
* 解密接口
*/
@RequestMapping(value = "/decrypt", method = RequestMethod.POST)
public String decrypt(@RequestBody JasyptRequest jasyptRequest) {
return jasyptUtil.decrypt(jasyptRequest.getDecryptStr());
}
/**
* 测试配置文件中的加密属性是否正确解密
*/
@GetMapping("/test")
public String test() {
return "Database password: " + databasePassword;
}
}JasyptRequest.java:
package com.xj.entity;
import com.fasterxml.jackson.annotation.JsonProperty;
import lombok.Data;
import java.io.Serializable;
/**
* @Author: xjfu
* @Create: 2025/07/16 15:25
* @Description: Jasypt解密请求体
*/
@Data
public class JasyptRequest implements Serializable {
private static final long serialVersionUID = -256451235446545L;
/**
* 待解密字符串
*/
@JsonProperty(value = "decryptStr")
private String decryptStr;
public String getDecryptStr() {
return decryptStr;
}
public void setDecryptStr(String decryptStr) {
this.decryptStr = decryptStr;
}
}
application.yml
#默认配置
server:
port: 8080
# Jasypt配置(必须放在最前面)
#jasypt:
# encryptor:
# bean: jasyptStringEncryptor
# # 可以使用环境变量或命令行参数传入密钥
# password: ${JASYPT_ENCRYPTOR_PASSWORD:default-secret-key}
# algorithm: PBEWithMD5AndDES
# iv-generator-classname: org.jasypt.iv.RandomIvGenerator
# 未加密版本
#spring:
# datasource: #数据源连接信息
# username: root
# password: 12345
# url: jdbc:mysql://127.0.0.1:3306/demo?useUnicode=true&characterEncoding=UTF-8
# driver-class-name: com.mysql.cj.jdbc.Driver
# profiles:
# active: dev #切换配置,指定使用哪个profile
# 加密版本
spring:
datasource: #数据源连接信息
username: ENC(X86Cv+ch9gPTZW7sFcZ+g5NXYUEpSmnB)
password: ENC(tO+OKiSXa20LD80vOjWtjDbpf0vf31/x)
url: jdbc:mysql://127.0.0.1:3306/demo?useUnicode=true&characterEncoding=UTF-8
driver-class-name: com.mysql.cj.jdbc.Driver
profiles:
active: dev #切换配置,指定使用哪个profile
# 设置 Mybatis 的 xml 保存路径
mybatis-plus:
mapper-locations: classpath:mapper/*Mapper.xml
type-aliases-package: com.xj.dao.model
configuration: # 配置打印 MyBatis 执行的 SQL
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl #需要lombok框架支持,可以添加
# 配置打印 MyBatis 执行的 SQL
logging:
level:
com:
example:
demo: debug
---
#开发环境
server:
port: 8081
spring:
config:
activate:
on-profile: dev
---
#测试环境
server:
port: 8082
spring:
config:
activate:
on-profile: test
---
#生产环境
server:
port: 8083
spring:
config:
activate:
on-profile: prod
logging:
config: classpath:logback-spring.xml #指定使用哪个日志配置文件pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.xj</groupId>
<artifactId>SpringBootStudyProject</artifactId>
<version>1.0-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.4.5</version>
<relativePath/>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--导入JDBC的场景启动器-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!--jquery引入-->
<dependency>
<groupId>org.webjars</groupId>
<artifactId>jquery</artifactId>
<version>3.6.0</version>
</dependency>
<!--Thymeleaf 启动器-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!--导入数据库驱动-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!-- MyBatis Plus-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.4.1</version>
</dependency>
<!-- junit测试依赖 -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<!-- lombok依赖 为了简化实体类的编写代码量 -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<!-- Jasypt 加密工具 -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>
</dependencies>
<!--build标签描述了如何来编译及打包项目,而具体的编译和打包工作是通过build中配置的 plugin 来完成-->
<build>
<plugins>
<!--使用SpringBoot的打包插件-->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
3.运行结果
3.1 先将数据库按明文启动,然后获取对应的加密密文
3.1.1 加密
加密URL:
http://127.0.0.1:8081/jasypt/encrypt?encryptStr=root
3.1.2 解密验证
解密URL:
http://127.0.0.1:8081/jasypt/decrypt
报文:
{
"decryptStr":"X86Cv+ch9gPTZW7sFcZ+g5NXYUEpSmnB"
}
3.2 再将加密密文用ENC()包裹起来替换明文,若启动成功,即为加密成功。
替换:
启动成功:
三、重点说明
1.若解密失败,会包如下错误
2.秘钥最好不要有特殊字符,比如“$”、"_",这样会导致解密失败,实测经验
3.解密JasyptController中的decrypt不应该用@GetMapping,因为解密中的字符春包含很多特殊字符,比如“/”,“+”等,这些都会导致解密失败。@RequestMapping + @RequestParam也不行,必须用@RequestMapping + @RequestBody。