通过jvm启动参数使用ConfigFilter
- cmd进入druid包所在目录
- 执行命令
java -cp druid-1.0.18.jar com.alibaba.druid.filter.config.ConfigTools you_password
输出
- 私钥privateKey:MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEA6+4avFnQKP+O7bu5YnxWoOZjv3no4aFV558HTPDoXs6EGD0HP7RzzhGPOKmpLQ1BbA5viSht+aDdaxXp6SvtMQIDAQABAkAeQt4fBo4SlCTrDUcMANLDtIlax/I87oqsONOg5M2JS0jNSbZuAXDv7/YEGEtMKuIESBZh7pvVG8FV531/fyOZAiEA+POkE+QwVbUfGyeugR6IGvnt4yeOwkC3bUoATScsN98CIQDynBXC8YngDNwZ62QPX+ONpqCel6g8NO9VKC+ETaS87wIhAKRouxZL38PqfqV/WlZ5ZGd0YS9gA360IK8zbOmHEkO/AiEAsES3iuvzQNYXFL3x9Tm2GzT1fkSx9wx+12BbJcVD7AECIQCD3Tv9S+AgRhQoNcuaSDNluVrL/B/wOmJRLqaOVJLQGg==
- 公钥publicKey:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOvuGrxZ0Cj/ju27uWJ8VqDmY7956OGhVeefB0zw6F7OhBg9Bz+0c84RjzipqS0NQWwOb4kobfmg3WsV6ekr7TECAwEAAQ==
- 加密后密码
password:PNak4Yui0+2Ft6JSoKBsgNPl+A033rdLhFw+L0np1o+HDRrCo9VkCuiiXviEMYwUgpHZUFxb2FpE0YmSguuRww==注意:jar包版本 druid-xxx.jar
- 配置数据源填加密后的
password - 配置公钥 publickey
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close"> <property name="url" value="jdbc:derby:memory:spring-test;create=true" /> <property name="username" value="sa" /> <!--password为生成的 密码--> <property name="password" value="${password}" /> <property name="filters" value="config" /> <!--publickey为生成的 公钥--> <property name="connectionProperties" value="config.decrypt=true;config.decrypt.key=${publickey}" /> </bean>
其他读取方式
配置文件从服务器本地读取
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close"> <property name="filters" value="config" /> <property name="connectionProperties" value="config.file=file://home/app/druid-pool.properties" /> </bean>
配置文件从远程http读取
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close"> <property name="filters" value="config" /> <property name="connectionProperties" value="config.file=http://127.0.0.1/druid-pool.properties" /> </bean>
这种方式,在一个应用集群中,多个实例可以读取一个配置,集中配置,集中修改,部署方便。
ConfigFilter解密密码
- DruidDataSource的ConnectionProperties中指定
config.decrypt=true - 在jvm启动参数中指定
-Ddruid.config.decrypt=true
例如:
- spring cloud git 仓库中配置
spring: datasource: url: jdbc:mysql://101.236.17.**:3306/xz_customer?useUnicode=true&characterEncoding=utf-8&autoReconnect=true&allowMultiQueries=true username: xz_dev password: ${password} publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAIcDItfWZfY+d4ICQjVp4ZjSJ/YXC0A05w9/6OIIH9Tzv6aIbzykdgLBA530faWtmwwTY04J3hWch3FjPW9S65cCAwEAAQ== password: HPyGQA7Wz+HWvHXcFXHbfwSb4KeTfPV+8XN8e8tRAd2DYaTV5Z07fAoeRSCqINf1RdkqwxQBFCh22qthAeA9gw==
- bootrap.yml内druid配置
spring: druid: initialSize: 5 minIdle: 5 maxActive: 20 # 配置获取连接等待超时的时间 maxWait: 60000 # 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 timeBetweenEvictionRunsMillis: 60000 # 配置一个连接在池中最小生存的时间,单位是毫秒 minEvictableIdleTimeMillis: 300000 validationQuery: SELECT 1 FROM DUAL testWhileIdle: true testOnBorrow: false testOnReturn: false # 打开PSCache,并且指定每个连接上PSCache的大小 poolPreparedStatements: true maxPoolPreparedStatementPerConnectionSize: 20 # 配置监控统计拦截的filters,去掉后监控界面sql无法统计,'wall'用于防火墙 filters: stat,log4j,config # 通过connectProperties属性来打开mergeSql功能;慢SQL记录 connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=5000;config.decrypt=true;config.decrypt.key=${publicKey}
- 用java测试密文解密
