差異處
這裏顯示兩個版本的差異處。
Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
java:jasypt [2016/01/14 21:02] tony |
java:jasypt [2016/01/16 00:56] tony |
||
---|---|---|---|
行 1: | 行 1: | ||
- | {{tag>java}} | + | {{tag>java Jasypt}} |
- | ====== Jasypt ====== | + | ====== Java Simplified Encryption - Jasypt ====== |
- | ===== Problem ===== | + | ===== Articles ===== |
- | 使用這個API的目的主要是為了無痛去加解密資料庫的某個欄位,且它支援Hibernate、Spring的整合方式。 | + | * [[java:jasypt:withProperties|Jasypt With Properties File]] |
- | ===== How to? ===== | + | * [[java:jasypt:withHibernate|Jasypt With Hibernate]] |
- | ==== 安裝Java Cryptography Extension (JCE) ==== | + | |
- | 如果出現Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File錯誤訊息,請自行到Oracle官網下載JCE包([[http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html|JCE]] for Java8),並安裝到%JAVA_HOME%/jre/lib/security中。如果有問題,可以設定JAVA_HOME環境變數再試試看。 (JCE包內容有US_export_policy.jar與local_policy.jar) | + | |
- | ==== Setup Hibernate & Spring ==== | + | |
- | 我的Ivy.xml相依於此兩個libraries: | + | |
- | <code xml> | + | |
- | <dependency org="org.jasypt" name="jasypt" rev="1.9.2"/> | + | |
- | <dependency org="org.jasypt" name="jasypt-hibernate4" rev="1.9.2"/> | + | |
- | </code> | + | |
- | === 最簡單的方式 === | + | |
- | 只要在hbm檔內,將你要加密的欄位設定一下就搞定了。 | + | |
- | \\Hibernate設定: | + | |
- | <code xml> | + | |
- | <hibernate-mapping> | + | |
- | <typedef name="encryptedString" class="org.jasypt.hibernate4.type.EncryptedStringType"> | + | |
- | <param name="algorithm">PBEWithMD5AndTripleDES</param> | + | |
- | <param name="password">jasypt</param> | + | |
- | <param name="keyObtentionIterations">1000</param> | + | |
- | </typedef> | + | |
- | <class name="org.tonylin.fun.tonyaccounts" table="tony_accounts"> | + | |
- | <!-- Other items --> | + | |
- | <property name="password" type="encryptedString"> | + | |
- | <column name="PASSWORD" not-null="true" /> | + | |
- | </property> | + | |
- | </class> | + | |
- | </hibernate-mapping> | + | |
- | </code> | + | |
- | === 使用自己的Encryptor === | + | |
- | Hibernate設定: | + | |
- | <code xml> | + | |
- | <hibernate-mapping> | + | |
- | <typedef name="encryptedString" class="org.jasypt.hibernate4.type.EncryptedStringType"> | + | |
- | <param name="encryptorRegisteredName">tonyEncryptor</param> | + | |
- | </typedef> | + | |
- | <class name="org.tonylin.fun.tonyaccounts" table="tony_accounts"> | + | |
- | <!-- Other items --> | + | |
- | <property name="password" type="encryptedString"> | + | |
- | <column name="PASSWORD" not-null="true" /> | + | |
- | </property> | + | |
- | </class> | + | |
- | </hibernate-mapping> | + | |
- | </code> | + | |
- | Spring設定: | + | |
- | <code xml> | + | |
- | <bean id="strongEncryptor" | + | |
- | class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> | + | |
- | <property name="algorithm"> | + | |
- | <value>PBEWithMD5AndTripleDES</value> | + | |
- | </property> | + | |
- | <property name="password"> | + | |
- | <value>jasypt</value> | + | |
- | </property> | + | |
- | <property name="keyObtentionIterations"> | + | |
- | <value>1000</value> | + | |
- | </property> | + | |
- | </bean> | + | |
- | + | ||
- | <bean id="hibernateStringEncryptor" | + | |
- | class="org.jasypt.hibernate4.encryptor.HibernatePBEStringEncryptor"> | + | |
- | <property name="registeredName"> | + | |
- | <value>tonyEncryptor</value> | + | |
- | </property> | + | |
- | <property name="encryptor"> | + | |
- | <ref bean="strongEncryptor" /> | + | |
- | </property> | + | |
- | </bean> | + | |
- | </code> | + | |
- | ==== PowerMock ==== | + | |
- | 如果有使用PowerMock做測試,記得ignore掉這幾個項目。 | + | |
- | <code java> | + | |
- | @PowerMockIgnore({ | + | |
- | "javax.crypto.*", | + | |
- | "javax.security.*" | + | |
- | }) | + | |
- | </code> | + | |
- | ==== Known Issue ==== | + | |
- | 目前已知使用Hibernate設定criteria搜尋,又或者是HQL搭配NameParam的方式,都會經過Encryptor。但如果使用Jasypt所提供的Password Base相關的加密方式,所產生的密文每次都會不同。如果你所加密的欄位是你要搜尋的對象,變成你必須自行處理,也可能因此產生performance問題。如果自行寫Encryptor去產生一樣的密文,就會比較不安全。該怎麼決擇就由你自行決定了。\\ | + | |
- | 還有無法使用模糊比對去找加密過後的欄位。因為片段加密後,不一定是密文中的片段。 | + | |
- | ===== Reference ===== | + | |
- | * [[http://www.jasypt.org/hibernate.html|Jasypt與Hibernate的整合]] | + | |
- | * [[http://suhothayan.blogspot.tw/2012/05/how-to-install-java-cryptography.html|how-to-install-java-cryptography?]] | + | |
- | * [[http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html|JCE8]] | + | |
- | * [[http://sourceforge.net/p/jasypt/mailman/message/22795317/|Jasypt使用HQL上的問題]] | + | |
===== ===== | ===== ===== | ||
---- | ---- | ||
\\ | \\ | ||
~~DISQUS~~ | ~~DISQUS~~ |