Jasypt with spring 4.0

Question

我通過XML配置在我的應用程序中使用spring security。

這是我的密碼編碼器豆

<b:bean id="passwordEncoder" 
    class="org.springframework.security.crypto.password.StandardPasswordEncoder"> 
    <b:constructor-arg value="ThisIsASecretSoChangeMe" /> 
</b:bean> 

我想Jasypt加密來取代它。 如何整合jasypt 1.9與spring security 4.0.1.RELEASE？

Answer 1

如果使用彈簧啓動使用此dependeny在POM

 <dependency> 
      <groupId>com.github.ulisesbocchio</groupId> 
      <artifactId>jasypt-spring-boot-starter</artifactId> 
      <version>${jasypt-spring-boot-starter.version}</version> 
     </dependency> 

，並在您application.yml或application.properties文件只是把（）附帶ENC加密的密碼，而不是plainpassword。實施例

password: 
    encrypted: 
     password: ENC(nZ3U2bdJ05FHp1LYQbAVvDKkVs8Pi3Ke) 

jasypt: 
    encryptor: 
     password: IfYouAreGoodAtSomethingNeverDoItForFree 

在此之前需要從使用烏爾明文口令和jasypt.encryptor.password（類似的鹽，在這種情況下IfYouAreGoodAtSomethingNeverDoItForFree）生成該加密的密碼。這可以通過這樣的事情來完成

java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="PasswordToBeEncrypted" password=<SecretKeyToEncryptDecrypt> algorithm=PBEWithMD5AndDES 

或通過java代碼。這是一個粗略的草案。

public class Md5Test { 
    public static void main(String[] args) throws NoSuchAlgorithmException { 

     String password = "plaintextpassword"; 

     BasicTextEncryptor textEncryptor = new BasicTextEncryptor(); 
     textEncryptor.setPassword("somethinglikesalt"); 
     String myEncryptedText = textEncryptor.encrypt(password); 
     System.out.println(myEncryptedText); 
     BasicTextEncryptor textDecryptor = new BasicTextEncryptor(); 
     textDecryptor.setPassword("somethinglikesalt"); 
     String plainText = textDecryptor.decrypt("QBPaH8HKE8JDaeIpJk66Kc8nGHtBfY+L"); 
     System.out.println(plainText); 
    } 
    }