问题描述
tomcat 的server.xml
中的资源定义看起来像这样...
The resource definition in tomcat's server.xml
looks something like this...
<Resource
name="jdbc/tox"
scope="Shareable"
type="javax.sql.DataSource"
url="jdbc:oracle:thin:@yourDBserver.yourCompany.com:1521:yourDBsid"
driverClassName="oracle.jdbc.pool.OracleDataSource"
username="tox"
password="toxbaby"
maxIdle="3"
maxActive="10"
removeAbandoned="true"
removeAbandonedTimeout="60"
testOnBorrow="true"
validationQuery="select * from dual"
logAbandoned="true"
debug="99"/>
密码是明文.如何避免这种情况?
The password is in the clear. How to avoid this?
推荐答案
如前所述,加密密码只是将问题移到其他地方.
As said before encrypting passwords is just moving the problem somewhere else.
无论如何,这很简单.只需为您的密钥等编写一个带有静态字段的类,以及用于加密和解密密码的静态方法.使用此类在 Tomcat 的配置文件(server.xml
或 yourapp.xml
...)中加密您的密码.
Anyway, it's quite simple.Just write a class with static fields for your secret key and so on, and static methods to encrypt, decrypt your passwords.Encrypt your password in Tomcat's configuration file (server.xml
or yourapp.xml
...) using this class.
要在 Tomcat 中即时"解密密码,请扩展 DBCP 的 BasicDataSourceFactory
并在您的资源中使用此工厂.
And to decrypt the password "on the fly" in Tomcat, extend the DBCP's BasicDataSourceFactory
and use this factory in your resource.
它看起来像:
<Resource
name="jdbc/myDataSource"
auth="Container"
type="javax.sql.DataSource"
username="user"
password="encryptedpassword"
driverClassName="driverClass"
factory="mypackage.MyCustomBasicDataSourceFactory"
url="jdbc:blabla://..."/>
对于自定义工厂:
package mypackage;
....
public class MyCustomBasicDataSourceFactory extends org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory {
@Override
public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment) throws Exception {
Object o = super.getObjectInstance(obj, name, nameCtx, environment);
if (o != null) {
BasicDataSource ds = (BasicDataSource) o;
if (ds.getPassword() != null && ds.getPassword().length() > 0) {
String pwd = MyPasswordUtilClass.unscramblePassword(ds.getPassword());
ds.setPassword(pwd);
}
return ds;
} else {
return null;
}
}
希望这会有所帮助.
这篇关于如何避免以明文形式存储密码,以便 tomcat 的 server.xml 数据源的资源定义?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!