jsk druid存在未授权访问解决方法:将数据库配置加密

越权问题解决方法:前端后传数据数据加密，防止别篡改密码
2025-12-23 17:01:13 +08:00 · 2025-12-23 17:01:13 +08:00 · 1491b7c899
parent b68388963f
commit 1491b7c899
6 changed files with 104 additions and 17 deletions
--- a/pom.xml
+++ b/pom.xml
@ -17,6 +17,11 @@
 		<java.version>1.8</java.version>
 	</properties>
 	<dependencies>
+		<dependency>
+			<groupId>com.github.ulisesbocchio</groupId>
+			<artifactId>jasypt-spring-boot-starter</artifactId>
+			<version>3.0.5</version> <!-- 或检查最新稳定版本 -->
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
--- a/src/main/java/com/bonus/boot/manager/SecurityApplication.java
+++ b/src/main/java/com/bonus/boot/manager/SecurityApplication.java
@ -1,19 +1,40 @@
 package com.bonus.boot.manager;

+import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;
+import org.jasypt.encryption.StringEncryptor;
 import org.mybatis.spring.annotation.MapperScan;
+import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.transaction.annotation.EnableTransactionManagement;

+import javax.annotation.Resource;
+
 /**
 * 启动类
 *
 */
+@EnableEncryptableProperties
@SpringBootApplication
@MapperScan("com.bonus.boot.manager.*.dao")
@EnableTransactionManagement//启动事务
-public class SecurityApplication {
+public class SecurityApplication implements CommandLineRunner {
 	public static void main(String[] args) {
 		SpringApplication.run(SecurityApplication.class, args);
 	}
+	@Resource(name="codeSheepEncryptorBean")
+	private StringEncryptor encryptor;
+	@Override
+	public void run(String... args) throws Exception {
+		String encryptStr = encrypt("Jsk@131551" );
+		System.err.println( "原始明文密码加密后的结果为：" + encryptStr );
+	}
+
+	private String encrypt( String originPassord ) {
+		return encryptor.encrypt( originPassord );
+	}
+
+	private String decrypt( String encryptedPassword ) {
+		return encryptor.decrypt( encryptedPassword );
+	}
 }
--- a/src/main/java/com/bonus/boot/manager/manager/config/DruidConfig.java
+++ b/src/main/java/com/bonus/boot/manager/manager/config/DruidConfig.java
@ -3,14 +3,17 @@ package com.bonus.boot.manager.manager.config;
 import com.alibaba.druid.pool.DruidDataSource;
 import com.alibaba.druid.support.http.StatViewServlet;
 import com.alibaba.druid.support.http.WebStatFilter;
+import org.jasypt.encryption.StringEncryptor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;

+import javax.annotation.Resource;
 import javax.sql.DataSource;
 import java.sql.SQLException;

@ -20,7 +23,7 @@ import java.sql.SQLException;
 *
 */
@Deprecated
-//@Configuration
+@Configuration
 public class DruidConfig {

 	private static final Logger log = LoggerFactory.getLogger("adminLogger");
@ -50,7 +53,8 @@ public class DruidConfig {
 		filterRegistrationBean.addInitParameter("exclusions", "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*");
 		return filterRegistrationBean;
 	}
-
+	@Resource(name="codeSheepEncryptorBean")
+	private StringEncryptor encryptor;
 	/**
 	 * 数据源配置
 	 * 
@ -226,9 +230,9 @@ public class DruidConfig {
 		@Primary
 		public DataSource dataSource() {
 			DruidDataSource datasource = new DruidDataSource();
-			datasource.setUrl(url);
-			datasource.setUsername(username);
-			datasource.setPassword(password);
+			datasource.setUrl(encryptor.decrypt(url));
+			datasource.setUsername(encryptor.decrypt(username));
+			datasource.setPassword(encryptor.decrypt(password));
 			datasource.setDriverClassName(driverClassName);

 			datasource.setInitialSize(initialSize);
--- a/src/main/java/com/bonus/boot/manager/manager/config/JasyptConfig.java
+++ b/src/main/java/com/bonus/boot/manager/manager/config/JasyptConfig.java
@ -0,0 +1,41 @@
+package com.bonus.boot.manager.manager.config;
+
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+
+@Configuration
+@Primary  // 解决Bean冲突
+public class JasyptConfig {
+    public  static  String encryPassword;
+    @Value("${jasypt.encryptor.password}")
+    public  void setEncryPassword(String encryPassword) {
+        JasyptConfig.encryPassword = encryPassword;
+    }
+    @Primary  // 解决Bean冲突
+    @Bean("codeSheepEncryptorBean")
+    public StandardPBEStringEncryptor encryptor() {
+        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
+        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
+        // 密钥（生产环境从启动参数/环境变量读取）
+        System.err.println("JasyptConfig.encryPassword============="+JasyptConfig.encryPassword);
+        config.setPassword(JasyptConfig.encryPassword);
+        // 加密算法（必须与生成密文时一致）
+        config.setAlgorithm("PBEWithMD5AndDES");
+        // 迭代次数（必须与生成密文时一致）
+        config.setKeyObtentionIterations("1000");
+        // 池大小
+        config.setPoolSize("1");
+        // 加密提供者
+        config.setProviderName("SunJCE");
+        // 盐值生成器（必须与生成密文时一致）
+        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
+        // 输出格式（必须与生成密文时一致）
+        config.setStringOutputType("base64");
+        encryptor.setConfig(config);
+        return encryptor;
+    }
+}
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -23,25 +23,41 @@ spring.datasource.dynamic.primary=mysqldb
 #spring.datasource.password=HAY@xyksj666
 #spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

+# Jasypt配置
+jasypt.encryptor.password=Encrypt
+jasypt.encryptor.algorithm=PBEWithMD5AndDES
+
 #测试
-spring.datasource.url=jdbc:mysql://192.168.0.16:4419/hftows?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
-spring.datasource.username=root
-spring.datasource.password=Bonus@admin123!
+#spring.datasource.url=jdbc:mysql://127.0.0.1:13306/hftows?allowPublicKeyRetrieval=true&useSSL=false
+#spring.datasource.username=root
+#spring.datasource.password=Jsk@131551
+# 加密后的数据库配置
+spring.datasource.url=bnP7cxXY9VBxpmnoCw6AKMPVuM2CJC2qS5Xdo+5R1erSv6yF4rT5KaVHeZIJQ6Eb8hidRttHZkp9XefsDZ4FsNgCpO8Wpr1RZO7Uec9DeCiq6wYrtIk50A==
+spring.datasource.username=Sl/i+bA1qLvo/0jtgPEd0g==
+spring.datasource.password=k88ZpS57lphu0xoUumSwSWK2ACmtkOMy
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

 #服务器
-#spring.datasource.url=jdbc:mysql://10.67.3.11:13306/hftows?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
-#spring.datasource.username=root
-#spring.datasource.password=Bonus@ss123!7788
-#spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

-#spring.datasource.url=jdbc:mysql://127.0.0.1:13306/hftows?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
+#spring.datasource.url=jdbc:mysql://127.0.0.1:3306/hftows?allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
+#spring.datasource.username=root
+#spring.datasource.password=ss@Bns778899!
+# 加密后的数据库配置
+#spring.datasource.url=mLU1zRnperCRJDoOkRCbk0b94Bt3jLLgiZRFp0usR8dABqflxsszkS9+kteqJXxvNIre2zGSRVSKCf+QgVMLagMnkfIMQz/P6/OUc+cIjkD+0Zuif0L2f8X9qDdR3c9CbzGnKPyDPUr9M/RirNY/aY2+c5EPRMA5CZyCj0r2u1l5NuQBZ6VWpH9c56jwdvynmAazHWdrjOI=
+#spring.datasource.username=d+2Wdd5ZxvusWFjsZrC0gQ==
+#spring.datasource.password=PhmPdVGB3LpeF/GoNK28NoUjLi0H6ZNz
+
+#spring.datasource.url=jdbc:mysql://10.67.3.11:13306/hftows?allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
 #spring.datasource.username=root
 #spring.datasource.password=Bonus@ss123!7788
-#spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+# 加密后的数据库配置
+#spring.datasource.url=SGAKtw23LQkSHxkGVBaDOjD/B1LAZW9D/vu0xWFg8EgHAVwCa9U7wEBztjjuW2EpZKETcj5E966c+EKDz9ZFPVDodkFkW2BusTaN77MWGsCebTNKp2vtwqXR6Ws7Vy+Bs5wYPVGin0ebQWmcseGOZrySYGNrqLorONg8CxX+KI0Qk6h861eDXK4vzpFSHvJ9+/QLZHANKug=
+#spring.datasource.username=j5/3eNO2Q2kuun5CMlNgaA==
+#spring.datasource.password=0QKveQwxQP8KjzdOkd/FlUqUVc9u9FB5njfv74l7PeU=
 spring.datasource.max-idle=10
 spring.datasource.max-wait=60000
 spring.datasource.min-idle=5
+spring.datasource.maxActive=5
 spring.datasource.initial-size=5
 server.session.timeout=10
 server.tomcat.uri-encoding=UTF-8
@ -87,7 +103,7 @@ spring.servlet.multipart.enabled=true

 files.path=/data/files/
 files.win.path=d:/files/
-hfTowsBmw.aq.enable=false
+hfTowsBmw.aq.enable=true

 #\uFFFD\uFFFD\u00BC\uFFFD\uFFFD\u05A4\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\u02B1\uFFFD\u48EC\uFFFD\uFFFD\u03BB \uFFFD\uFFFD\uFFFD\uFFFD
 loginCode.expiration = 3
--- a/src/main/resources/static/js/publicJs.js
+++ b/src/main/resources/static/js/publicJs.js
@ -1,6 +1,6 @@
 var offlineState = "0";
 var ctxPath = getContextPath();
-var aqEnnable = false;//是否开启安全验证
+var aqEnnable = true;//是否开启安全验证
 console.log(ctxPath)
 var dataUrl = getContextPath();
 var imgUrl = dataUrl + /files/;