我在 hibernate.cfg.xml
中加密数据库密码时遇到问题
这是我的属性文件。
<!-- Database connection settings -->
<property name="connection.driver_class">com.microsoft.sqlserver.jdbc.SQLServerDriver</property>
<property name="connection.url">jdbc:sqlserver://localhost:1433;databaseName=TEST;</property>
<property name="connection.username">sa</property>
<!-- Encryption -->
<property name="connection.password">ENC(vMO/j5jfpaU2cUhPVoOk5Q==)</property>
<property name="connection.provider_class">org.jasypt.hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider</property>
<property name="connection.encryptor_registered_name">hibernateEncryptor</property>
然后在 HiberanteUtil.java
我有这个
// Builds session factory.
private static SessionFactory configureSessionFactory()
throws HibernateException {
Configuration configuration = new Configuration().configure();
StandardPBEStringEncryptor encryptor =
new StandardPBEStringEncryptor();
encryptor.setPassword("pass");
HibernatePBEEncryptorRegistry registry =
HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor("hibernateEncryptor", encryptor);
ServiceRegistry serviceRegistry = new ServiceRegistryBuilder()
.applySettings(configuration.getProperties()).buildServiceRegistry();
return configuration.buildSessionFactory(serviceRegistry);
}
我已经使用 encrypt.bat
创建了加密密码。
那么我的错误是
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'sa'. ClientConnectionId:8033573f-5f52-4fe9-a728-fbe4f57d89c4
如果我删除这部分
StandardPBEStringEncryptor encryptor =
new StandardPBEStringEncryptor();
encryptor.setPassword("someKey");
HibernatePBEEncryptorRegistry registry =
HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor(
"hibernateEncryptor", encryptor);
我有同样的错误,所以我认为它没有注册,但我不知道该怎么做。
我是这样加密的
更新
我唯一能让它工作的就是这样的东西,但不是我想的那样。
StandardPBEStringEncryptor encryptor =
new StandardPBEStringEncryptor();
encryptor.setPassword("somePass");
encryptor.setAlgorithm("PBEWITHMD5ANDDES");
String pass=encryptor.decrypt("HhpmA/XmJoLro8TYYu4YyA==");
HibernatePBEEncryptorRegistry registry =
HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor(
"hibernateEncryptor", encryptor);
Configuration configuration = new Configuration().configure()
.setProperty("hibernate.connection.encryptor_registered_name","hibernateEncryptor")
.setProperty("hibernate.connection.password",pass);
所以我认为问题出在 "hibernateEncryptor"
上,我想我需要注册
<typedef name="encryptedString" class="org.jasypt.hibernate4.type.EncryptedStringType">
<param name="encryptorRegisteredName">hibernateEncryptor</param>
<typedef>
但是当我把它放在 hibernate.cfg.xml
中时说映射无效,所以我将它添加到带有注释的类中但没有任何反应,因为我认为这是在数据库连接后读取的,这就是我想加密。 :(
@TypeDef(name="encryptedString",typeClass=org.jasypt.hibernate4.type.EncryptedStringType.class,
parameters= {@Parameter(name="encryptorRegisteredName",value="hibernateEncryptor")})
最佳答案
这不是正确的做法,但可以解决。
StandardPBEStringEncryptor encryptor =new StandardPBEStringEncryptor();
encryptor.setPassword("somePass");
encryptor.setAlgorithm("PBEWITHMD5ANDDES");
Configuration configuration = new Configuration().configure();
String pass=encryptor.decrypt(configuration.getProperty("hibernate.connection.password"));
configuration.setProperty("hibernate.connection.password",pass);
并且在hibernate.cfg
<property name="connection.username">sa</property>
<property name="connection.password">Nzuyhu5PJJwsVH3mdw==</property>
关于java - 无法在配置文件中加密密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18636547/