无法加密配置文件中的密码

时间:2013-09-05 12:37:52

标签: java hibernate encryption jasypt

我在加密hibernate.cfg.xml

中的数据库密码时遇到问题

这是我的属性文件。

<!-- Database connection settings -->
<property name="connection.driver_class">com.microsoft.sqlserver.jdbc.SQLServerDriver</property>
<property name="connection.url">jdbc:sqlserver://localhost:1433;databaseName=TEST;</property>
<property name="connection.username">sa</property>
<!-- Encryption -->
<property name="connection.password">ENC(vMO/j5jfpaU2cUhPVoOk5Q==)</property>
<property name="connection.provider_class">org.jasypt.hibernate4.connectionprovider.EncryptedPasswordDriverManagerConnectionProvider</property>
<property name="connection.encryptor_registered_name">hibernateEncryptor</property>

然后在HiberanteUtil.java我有这个

// Builds session factory.
private static SessionFactory configureSessionFactory() 
    throws HibernateException {

  Configuration configuration = new Configuration().configure();
  StandardPBEStringEncryptor encryptor =
      new StandardPBEStringEncryptor();
  encryptor.setPassword("pass");

  HibernatePBEEncryptorRegistry registry =
      HibernatePBEEncryptorRegistry.getInstance();

  registry.registerPBEStringEncryptor("hibernateEncryptor", encryptor);

  ServiceRegistry serviceRegistry = new ServiceRegistryBuilder()
      .applySettings(configuration.getProperties()).buildServiceRegistry();

  return configuration.buildSessionFactory(serviceRegistry);
}

我已使用encrypt.bat创建了加密密码。

然后我遇到的错误是

  

com.microsoft.sqlserver.jdbc.SQLServerException:用户登录失败   “山”。 ClientConnectionId:8033573f-5f52-4fe9-A728-fbe4f57d89c4

如果我删除此部分

StandardPBEStringEncryptor encryptor =
        new StandardPBEStringEncryptor();
encryptor.setPassword("someKey");
HibernatePBEEncryptorRegistry registry =
        HibernatePBEEncryptorRegistry.getInstance();

registry.registerPBEStringEncryptor(
        "hibernateEncryptor", encryptor);

我有同样的错误,所以我认为它没有注册,但我不知道该怎么做。

这是我加密的方式

jasypt problem image

更新

我能做到的唯一能让它发挥作用的是这样,但不是我想的那样。 

StandardPBEStringEncryptor encryptor =
                new StandardPBEStringEncryptor();
        encryptor.setPassword("somePass");
        encryptor.setAlgorithm("PBEWITHMD5ANDDES");
        String pass=encryptor.decrypt("HhpmA/XmJoLro8TYYu4YyA==");
        HibernatePBEEncryptorRegistry registry =
                HibernatePBEEncryptorRegistry.getInstance();
        registry.registerPBEStringEncryptor(
                "hibernateEncryptor", encryptor);

        Configuration configuration = new Configuration().configure()
                .setProperty("hibernate.connection.encryptor_registered_name","hibernateEncryptor")
                .setProperty("hibernate.connection.password",pass);

所以我认为问题出在"hibernateEncryptor",我想我需要注册

  <typedef name="encryptedString" class="org.jasypt.hibernate4.type.EncryptedStringType">
   <param name="encryptorRegisteredName">hibernateEncryptor</param>
  <typedef>

但是当我把它放在hibernate.cfg.xml中说无效映射时,所以我将它添加到带注释的类但没有任何事情发生因为我认为这是在数据库连接之后读取的,这是我想要加密的。 :(

@TypeDef(name="encryptedString",typeClass=org.jasypt.hibernate4.type.EncryptedStringType.class,
        parameters= {@Parameter(name="encryptorRegisteredName",value="hibernateEncryptor")})

3 个答案:

答案 0 :(得分:6)

这不是正确的方法,但解决了。

StandardPBEStringEncryptor encryptor =new StandardPBEStringEncryptor();
encryptor.setPassword("somePass");
encryptor.setAlgorithm("PBEWITHMD5ANDDES");
Configuration configuration = new Configuration().configure();
String pass=encryptor.decrypt(configuration.getProperty("hibernate.connection.password"));
configuration.setProperty("hibernate.connection.password",pass);

并在hibernate.cfg 

    <property name="connection.username">sa</property>
    <property name="connection.password">Nzuyhu5PJJwsVH3mdw==</property>

答案 1 :(得分:2)

你可以试试这个:

StandardPBEStringEncryptor strongEncryptor = new StandardPBEStringEncryptor();
strongEncryptor.setPassword("jasypt");
strongEncryptor.setAlgorithm("PBEWITHMD5ANDDES");
HibernatePBEEncryptorRegistry registry =                          HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor("strongHibernateStringEncryptor", strongEncryptor);

Configuration configuration = new Configuration();
configuration.configure("hibernate.cfg.xml");
configuration.setProperty("hibernate.connection.password", strongEncryptor.decrypt(configuration.getProperty("hibernate.connection.password")));
ServiceRegistryBuilder serviceRegistryBuilder = new ServiceRegistryBuilder().applySettings(configuration.getProperties());
sessionFactory = configuration.buildSessionFactory(serviceRegistryBuilder.buildServiceRegistry());

答案 2 :(得分:0)

http://www.jasypt.org/hibernate.html

为什么不将算法切换为:PBEWithMD5AndTripleDES

在StackOverflow上查看这篇文章:Error implementing Jasypt with Hibernate 3 and Struts 2

相关问题
最新问题