Spring Boot Configuration with Jasypt – 用Jasypt配置Spring Boot

1. Introduction

1.介绍

Jasypt (Java Simplified Encryption) Spring Boot provides utilities for encrypting property sources in Boot applications.

Jasypt（Java简化加密）Spring Boot为加密Boot应用程序中的属性源提供了实用工具。

In this article, we’ll discuss how we can add jasypt-spring-boot‘s support and use it.

在这篇文章中，我们将讨论如何添加jasypt-spring-boot的支持并使用它。

For more information on using Jasypt as a framework for encryption, take a look at our Introduction to Jasypt here.

关于使用Jasypt作为加密框架的更多信息，请看我们的Jasypt介绍这里。

2. Why Jasypt?

2.为什么是Jasypt？

Whenever we need to store sensitive information in the configuration file – that means we’re essentially making that information vulnerable; this includes any kind of sensitive information, such as credentials, but certainly a lot more than that.

每当我们需要在配置文件中存储敏感信息时–这意味着我们基本上是在使这些信息变得脆弱；这包括任何种类的敏感信息，如证书，但肯定远远不止这些。

By using Jasypt, we can provide encryption for the property file attributes and our application will do the job of decrypting it and retrieving the original value.

通过使用Jasypt，我们可以为属性文件属性提供加密，我们的应用程序将完成解密和检索原始值的工作。

3. Ways to Use JASYPT With Spring Boot

3.在Spring Boot中使用JASYPT的方法

Let’s discuss the different ways to use Jasypt with Spring Boot.

让我们来讨论在Spring Boot中使用Jasypt的不同方法。

3.1. Using jasypt-spring-boot-starter

3.1.使用jasypt-spring-boot-starter

We need to add a single dependency to our project:

我们需要向我们的项目添加一个单一的依赖关系。

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>2.0.0</version>
</dependency>

Maven Central has the latest version of the jasypt-spring-boot-starter.

Maven Central有最新版本的jasypt-spring-boot-starter。

Let’s now encrypt the text “Password@1” with secret key “password” and add it to the encrypted.properties:

现在让我们用密匙 “password “加密文本“Password@1”，并将其添加到encrypted.properties：。

encrypted.property=ENC(uTSqb9grs1+vUv3iN8lItC0kl65lMG+8)

And let’s define a configuration class AppConfigForJasyptStarter – to specify the encrypted.properties file as a PropertySource :

让我们定义一个配置类AppConfigForJasyptStarter – 指定encrypted.properties文件作为PropertySource。

@Configuration
@PropertySource("encrypted.properties")
public class AppConfigForJasyptStarter {
}

Now, we’ll write a service bean PropertyServiceForJasyptStarter to retrieve the values from the encrypted.properties. The decrypted value can be retrieved using the @Value annotation or the getProperty() method of Environment class:

现在，我们将编写一个服务BeanPropertyServiceForJasyptStarter来检索encrypted.properties中的值。可以使用@Value注解或Environment类的getProperty()方法来检索解密的值：。

@Service
public class PropertyServiceForJasyptStarter {

    @Value("${encrypted.property}")
    private String property;

    public String getProperty() {
        return property;
    }

    public String getPasswordUsingEnvironment(Environment environment) {
        return environment.getProperty("encrypted.property");
    }
}

Finally, using the above service class and setting the secret key which we used for encryption, we can easily retrieve the decrypted password and use in our application:

最后，使用上述服务类并设置我们用于加密的秘密密钥，我们可以轻松地检索解密的密码并在我们的应用程序中使用。

@Test
public void whenDecryptedPasswordNeeded_GetFromService() {
    System.setProperty("jasypt.encryptor.password", "password");
    PropertyServiceForJasyptStarter service = appCtx
      .getBean(PropertyServiceForJasyptStarter.class);
 
    assertEquals("Password@1", service.getProperty());
 
    Environment environment = appCtx.getBean(Environment.class);
 
    assertEquals(
      "Password@1", 
      service.getPasswordUsingEnvironment(environment));
}

3.2. Using jasypt-spring-boot

3.2.使用jasypt-spring-boot

For projects not using @SpringBootApplication or @EnableAutoConfiguration, we can use the jasypt-spring-boot dependency directly:

对于不使用@SpringBootApplication或@EnableAutoConfiguration的项目，我们可以直接使用jasypt-spring-boot依赖：

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot</artifactId>
    <version>2.0.0</version>
</dependency>

Similarly, let’s encrypt the text “Password@2” with secret key “password” and add it to the encryptedv2.properties:

同样，让我们用秘密密钥“password@2”加密文本“password”并将其添加到encryptedv2.properties。

encryptedv2.property=ENC(dQWokHUXXFe+OqXRZYWu22BpXoRZ0Drt)

And let’s have a new configuration class for jasypt-spring-boot dependency.

让我们为jasypt-spring-boot的依赖性建立一个新的配置类。

Here, we need to add the annotation @EncryptablePropertySource :

这里，我们需要添加注解@EncryptablePropertySource。

@Configuration
@EncryptablePropertySource("encryptedv2.properties")
public class AppConfigForJasyptSimple {
}

Also, a new PropertyServiceForJasyptSimple bean to return encryptedv2.properties is defined:

此外，还定义了一个新的PropertyServiceForJasyptSimpleBean来返回encryptedv2.properties。

@Service
public class PropertyServiceForJasyptSimple {
 
    @Value("${encryptedv2.property}")
    private String property;

    public String getProperty() {
        return property;
    }
}

Finally, using the above service class and setting the secret key which we used for encryption, we can easily retrieve the encryptedv2.property:

最后，使用上述服务类并设置我们用于加密的秘密密钥，我们可以很容易地检索到encryptedv2.property：。

@Test
public void whenDecryptedPasswordNeeded_GetFromService() {
    System.setProperty("jasypt.encryptor.password", "password");
    PropertyServiceForJasyptSimple service = appCtx
      .getBean(PropertyServiceForJasyptSimple.class);
 
    assertEquals("Password@2", service.getProperty());
}

3.3. Using Custom JASYPT Encryptor

3.3.使用自定义JASYPT加密器

The encryptors defined in section 3.1. and 3.2. are constructed with the default configuration values.

3.1.和3.2.节中定义的加密器是以默认配置值构建的。

However, let’s go and define our own Jasypt encryptor and try to use for our application.

然而，让我们去定义我们自己的Jasypt加密器并尝试用于我们的应用程序。

S0, the custom encryptor bean will look like:

S0，自定义的加密器Bean将看起来像。

@Bean(name = "encryptorBean")
public StringEncryptor stringEncryptor() {
    PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
    SimpleStringPBEConfig config = new SimpleStringPBEConfig();
    config.setPassword("password");
    config.setAlgorithm("PBEWithMD5AndDES");
    config.setKeyObtentionIterations("1000");
    config.setPoolSize("1");
    config.setProviderName("SunJCE");
    config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
    config.setStringOutputType("base64");
    encryptor.setConfig(config);
    return encryptor;
}

Furthermore, we can modify all the properties for the SimpleStringPBEConfig.

此外，我们可以修改SimpleStringPBEConfig.的所有属性。

Also, we need to add a property “jasypt.encryptor.bean” to our application.properties, so that Spring Boot knows which Custom Encryptor it should use.

此外，我们需要在application.properties中添加一个属性“jasypt.encryptor.bean”，以便Spring Boot知道它应该使用哪个自定义加密器。

For example, we add the custom text “Password@3” encrypted with secret key “password” in the application.properties:

例如，我们在application.properties:中添加用秘密密钥“password”加密的自定义文本“Password@3”。

jasypt.encryptor.bean=encryptorBean
encryptedv3.property=ENC(askygdq8PHapYFnlX6WsTwZZOxWInq+i)

Once we set it, we can easily get the encryptedv3.property from the Spring’s Environment:

一旦我们设置了它，我们就可以轻松地从Spring的Environment中获得encryptedv3.property。

@Test
public void whenConfiguredExcryptorUsed_ReturnCustomEncryptor() {
    Environment environment = appCtx.getBean(Environment.class);
 
    assertEquals(
      "Password@3", 
      environment.getProperty("encryptedv3.property"));
}

4. Conclusion

4.结论

By using Jasypt we can provide additional security for the data that application handles.

通过使用Jasypt，我们可以为应用程序处理的数据提供额外的安全性。

It enables us to focus more on the core of our application and can also be used to provide custom encryption if required.

它使我们能够更加专注于我们的应用程序的核心，如果需要，也可以用来提供自定义的加密。

As always, the complete code for this example is available over on Github.

与往常一样，本例的完整代码可在Github上获得。