密码加密

pom.xml

@@ -164,6 +164,13 @@
             <artifactId>commons</artifactId>
             <version>1.0.0</version>
         </dependency>
+        <!--密码管理：配置文件中的明文密码-->
+        <!--使用jasypt加密密钥-->
+        <dependency>
+            <groupId>com.github.ulisesbocchio</groupId>
+            <artifactId>jasypt-spring-boot-starter</artifactId>
+            <version>3.0.5</version>
+        </dependency>
     </dependencies>
     <!--将repository放在项目中，组成员直接更新代码便会从私服去取，如果配置到maven的settings配置文件中，没个成员都需要配一遍。-->
     <repositories>

src/main/java/com/infoepoch/pms/dispatchassistant/common/exception/GlobalExceptionHandler.java

@@ -59,8 +59,8 @@ public class GlobalExceptionHandler {
     @ExceptionHandler(value = ValidationException.class)
     @ResponseBody
     public Result validationExceptionHandler(HttpServletResponse response, Exception e) {
-//        logger.info("捕获到验证异常。", e);
-        return Result.error(ErrorCodes.VALIDATION, e.getMessage());
+       logger.info("捕获到验证异常。", e);
+        return Result.error(ErrorCodes.VALIDATION, "捕获到验证异常。");
     }
 
     /**

src/main/java/com/infoepoch/pms/dispatchassistant/common/utils/JasyptEncryptUtils.java

+package com.infoepoch.pms.dispatchassistant.common.utils;
+
+import org.jasypt.util.text.BasicTextEncryptor;
+
+public class JasyptEncryptUtils {
+    public static void main(String[] args) {
+
+
+        //读取环境变量 Jasypt加密密钥，解密同样需要
+        BasicTextEncryptor encryptor = new BasicTextEncryptor();
+        encryptor.setPassword("INFO_epoch1"); // 密钥需保密，后续启动时注入
+        String encryptedPwd = encryptor.encrypt("Epoinfo0004#3"); // 加密原始密码ec6CMgdEf3adQen
+        System.out.println("加密后的密码：" + encryptedPwd); // 复制该密文
+        String decPwd = encryptor.decrypt(encryptedPwd);
+        System.out.println("解密后的密码：" + decPwd); // 复制该密文
+    }
+}
\ No newline at end of file

src/main/java/com/infoepoch/pms/dispatchassistant/controller/basic/AuthController.java

 package com.infoepoch.pms.dispatchassistant.controller.basic;
 
+import com.infoepoch.pms.commons.utils.ResponseUtils;
 import com.infoepoch.pms.dispatchassistant.common.component.BaseController;
 import com.infoepoch.pms.dispatchassistant.common.component.RedisTool;
 import com.infoepoch.pms.dispatchassistant.common.component.Result;
@@ -78,10 +79,10 @@ public class AuthController extends BaseController {
         String sign = ServletTool.getSign();
         if (StringUtils.isBlank(sign)) {
             sign = SnowFlake.instant().nextId().toString();
-
-            Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
-            cookie.setPath(request.getContextPath());
-            response.addCookie(cookie);
+            ResponseUtils.setCookie(response, RedisKeys.SIGN, sign, -1, false, request.getContextPath(), false);
+           // Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
+           // cookie.setPath(request.getContextPath());
+           // response.addCookie(cookie);
         }
         String redisCaptcha = redisTool.get(RedisKeys.CAPTCHA_LOGIN + sign);
         if (!captcha.equals(redisCaptcha)) {
@@ -118,9 +119,10 @@ public class AuthController extends BaseController {
             String sign = ServletTool.getSign();
             if (StringUtils.isBlank(sign)) {
                 sign = SnowFlake.instant().nextId().toString();
-                Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
-                cookie.setPath(request.getContextPath());
-                response.addCookie(cookie);
+                ResponseUtils.setCookie(response, RedisKeys.SIGN, sign, -1, false, request.getContextPath(), false);
+                //Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
+                //cookie.setPath(request.getContextPath());
+                //response.addCookie(cookie);
             }
             // 用户信息失效时间：2小时
             redisTool.put(RedisKeys.AUTHED_USER + sign, JsonUtils.objectToJson(user), 2, TimeUnit.HOURS);
@@ -227,9 +229,10 @@ public class AuthController extends BaseController {
             String sign = ServletTool.getSign();
             if (StringUtils.isBlank(sign)) {
                 sign = SnowFlake.instant().nextId().toString();
-                Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
-                cookie.setPath(request.getContextPath());
-                response.addCookie(cookie);
+                ResponseUtils.setCookie(response, RedisKeys.SIGN, sign, -1, false, request.getContextPath(), false);
+                //Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
+                //cookie.setPath(request.getContextPath());
+                //response.addCookie(cookie);
             }
             redisTool.put(RedisKeys.AUTHED_USER + sign, JsonUtils.objectToJson(user), 2, TimeUnit.HOURS);
             String userAgent = request.getHeader("user-agent");
@@ -265,9 +268,10 @@ public class AuthController extends BaseController {
             String sign = ServletTool.getSign();
             if (StringUtils.isBlank(sign)) {
                 sign = SnowFlake.instant().nextId().toString();
-                Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
-                cookie.setPath(request.getContextPath());
-                response.addCookie(cookie);
+                ResponseUtils.setCookie(response, RedisKeys.SIGN, sign, -1, false, request.getContextPath(), false);
+                //Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
+                //cookie.setPath(request.getContextPath());
+                //response.addCookie(cookie);
             }
             redisTool.put(RedisKeys.AUTHED_USER + sign, JsonUtils.objectToJson(user), 2, TimeUnit.HOURS);
             String userAgent = request.getHeader("user-agent");
@@ -297,10 +301,11 @@ public class AuthController extends BaseController {
             String sign = ServletTool.getSign();
             if (StringUtils.isBlank(sign)) {
                 sign = SnowFlake.instant().nextId().toString();
-                String para = URLEncoder.encode(sign, "UTF-8");
-                Cookie cookie = new Cookie(RedisKeys.SIGN, para);
-                cookie.setPath(request.getContextPath());
-                response.addCookie(cookie);
+                ResponseUtils.setCookie(response, RedisKeys.SIGN, sign, -1, false, request.getContextPath(), false);
+                //String para = URLEncoder.encode(sign, "UTF-8");
+                //Cookie cookie = new Cookie(RedisKeys.SIGN, para);
+                //cookie.setPath(request.getContextPath());
+                //response.addCookie(cookie);
             }
             redisTool.put(RedisKeys.AUTHED_USER + sign, JsonUtils.objectToJson(user), 2, TimeUnit.HOURS);
             String userAgent = request.getHeader("user-agent");
@@ -377,9 +382,10 @@ public class AuthController extends BaseController {
         String sign = ServletTool.getSign();
         if (StringUtils.isBlank(sign)) {
             sign = SnowFlake.instant().nextId().toString();
-            Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
-            cookie.setPath(request.getContextPath());
-            response.addCookie(cookie);
+            ResponseUtils.setCookie(response, RedisKeys.SIGN, sign, -1, false, request.getContextPath(), false);
+            //Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
+            //cookie.setPath(request.getContextPath());
+           // response.addCookie(cookie);
         }
         // 验证码失效时间：5分钟
         redisTool.put(RedisKeys.CAPTCHA_LOGIN + sign, String.valueOf(result), 5, TimeUnit.MINUTES);

src/main/java/com/infoepoch/pms/dispatchassistant/domain/oa/OaService.java

@@ -426,9 +426,10 @@ public class OaService {
         String sign = ServletTool.getSign();
         if (StringUtils.isBlank(sign)) {
             sign = SnowFlake.instant().nextId().toString();
-            Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
-            cookie.setPath(request.getContextPath());
-            response.addCookie(cookie);
+            ResponseUtils.setCookie(response, RedisKeys.SIGN, sign, -1, false, request.getContextPath(), false);
+            //Cookie cookie = new Cookie(RedisKeys.SIGN, sign);
+           // cookie.setPath(request.getContextPath());
+           // response.addCookie(cookie);
         }
         // 用户信息失效时间：2小时
         redisTool.put(RedisKeys.AUTHED_USER + sign, JsonUtils.objectToJson(user), 2, TimeUnit.HOURS);

src/main/resources/application-dev.yml

@@ -6,7 +6,7 @@ spring:
   redis:
     host: pmsdev.js.cmcc
     port: 6379
-    password: infoepoch
+    password: ENC(o0MeEfPupUv8furZk5L9EVycxHkh4Z4P)
     #    cluster:
     #      nodes:
     #        - 172.28.30.62:6379
@@ -37,7 +37,7 @@ spring:
     driver-class-name: oracle.jdbc.OracleDriver
     url: jdbc:oracle:thin:@172.28.30.71:1521:DEVEPMS
     username: software_project
-    password: 123456
+    password: ENC(xOrTS6itLE3GdAqj4d7skA==)
 
     #    driver-class-name: com.oceanbase.jdbc.Driver
     #    url: jdbc:oceanbase://172.28.10.8:2883/trainsupermarket

src/main/resources/application-prod.yml

@@ -7,7 +7,7 @@ spring:
     #    host: glxx.js.cmcc
     #    port: 30305
     #    password: Epoinfo0004|
-    password: Epoinfo0004#3
+    password: ENC(vWaeO5PbTTSZ8CSSnA4nm+0bVq5rBisu)
     cluster:
       nodes:
         - 2409:8020:5c05:200::307:3191@39025
@@ -49,7 +49,7 @@ spring:
     url: jdbc:oceanbase://10.32.166.11:2883,10.32.166.12:2883,10.32.166.13:2883,10.32.166.14:2883,10.32.166.15:2883,10.32.166.16:2883/JSXJY10?continueBatchOnError=false&allowMultiQueries=true&rewriteBatchedStatements=true&loadBalanceStrategy=RANDOM
     #格式： 用户名@租户名#集群名
     username: JSXJY10@epmsdb#OAFCDB1
-    password: ec6CMgdEf3adQen
+    password: ENC(NoKvzXsF9ho1J9eTLCCoJ7EoDwELEoWo)
   #    driver-class-name: oracle.jdbc.driver.OracleDriver
   #    url: jdbc:oracle:thin:@//10.32.164.15:1521/pmsdb
   #    username: dbworkflow

src/main/resources/application-uat.yml

@@ -33,7 +33,7 @@ spring:
     url: jdbc:oceanbase://10.33.240.206:2883,10.33.240.207:2883/EXPERTPLATFORM?rewriteBatchedStatements=true
     #格式： 用户名@租户名#集群名
     username: EXPERTPLATFORM@gxxjycsdb#JSGXCSDB1
-    password: Jsyd1018
+    password: ENC(mRqOzbe9VuQcK0DBSSqP1qxrqObWJhj7)
     druid:
       #testWhileIdle用于在连接空闲时检查连接是否有效
       #validationQuery是用于检查连接是否有效的SQL语句

src/main/resources/application.yml

@@ -63,5 +63,10 @@ custom:
   upload-file:
     save-path: /data/dispatch-assistant/upload
     save-path2: /data/dispatch-assistant/upload2
+jasypt:
+  encryptor:
+    password: ${Jasypt_M}
+    algorithm: PBEWithMD5AndDES #加密算法
+    iv-generator-classname: org.jasypt.iv.NoIvGenerator #无需向量生成器 其中${Jasypt_M}为环境变量，配置的密码要与加密的密码相同，不能将此密码写在yml配置中，配置在环境变量中。