静态加密方法:如何使用Spring配置文件从属性获取密码
我们正在使用静态加密方法:如何使用Spring配置文件从属性获取密码,spring,security,spring-security,morphia,Spring,Security,Spring Security,Morphia,我们正在使用prePersist()(使用Morphia)和实体的getter透明地加密/解密一些数据库属性。为了保持实体的整洁,我们使用静态方法。它看起来像这样: @Override @PrePersist public void prePersist() { super.prePersist(); if(password != null){ if(passwordEncrypted == null){ passwordEncrypted
prePersist()@Override
@PrePersist
public void prePersist() {
super.prePersist();
if(password != null){
if(passwordEncrypted == null){
passwordEncrypted = new EncryptedString();
}
passwordEncrypted.setEncryptedAttribute(AESEncryptor.encrypt(password, passwordEncrypted.getSalt()));
}
}
postLoad()@EntityListenergetPasswordpublic static String encrypt(String input, String salt) {
TextEncryptor encryptor = Encryptors.text(getPassword(), salt);
String cipher = null;
try {
cipher = encryptor.encrypt(input);
} catch(Exception e){
LOG.error("Could not encrypt the input '{}', be sure to check the password for illegal characters", input);
}
return cipher;
}
如何正确地进行配置?如果使用XML进行配置,则可以使用。例如:
public class AESEncryptor {
private static String password;
static void setPassword(String newPass) {
password = newPass;
}
}
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>secret</value>
</list>
</property>
</bean>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:jee="http://www.springframework.org/schema/jee"
xsi:schemaLocation="...">
<beans profile="dev">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>secretForDev</value>
</list>
</property>
</bean>
</beans>
<beans profile="stage">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>secretForStage</value>
</list>
</property>
</bean>
</beans>
<beans profile="prod">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>secretForProd</value>
</list>
</property>
</bean>
</beans>
</beans>
在这种情况下,您试图加载的静态变量是什么?您使用的是静态方法,但该方法没有任何状态。状态是从非静态类传入的。因此,您应该能够使用标准Spring注入密码。我们正在尝试将密码(从每个配置文件的属性)加载到
AESEencryptor<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:jee="http://www.springframework.org/schema/jee"
xsi:schemaLocation="...">
<beans profile="dev">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>secretForDev</value>
</list>
</property>
</bean>
</beans>
<beans profile="stage">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>secretForStage</value>
</list>
</property>
</bean>
</beans>
<beans profile="prod">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>secretForProd</value>
</list>
</property>
</bean>
</beans>
</beans>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="sample.AESEncryptor.setPassword"/>
<property name="arguments">
<list>
<value>${security.encrypt.secret}</value>
</list>
</property>
</bean>
<util:properties location="classpath:environment.properties"/>
security.encrypt.secret=secretForDev