Nutz
  1. 主页/
  2. 问答
NutzCN Logo
精华 要求db配置文件,dao.js里的密码是密文该怎么写呢??
发布于 2998天前 作者 老司机 3639 次浏览 复制 上一个帖子 下一个帖子
标签: druid

如题:要求db配置文件,dao.js里的密码是密文该怎么写呢??

28 回复

这个需要连接池的支持
如果你用的是druid 你可以去查他的官方的api 有相关的使用方法

https://github.com/alibaba/druid/wiki/%E4%BD%BF%E7%94%A8ConfigFilter

查看nutz-onekey的数据源配置即可
https://github.com/Kerbores/NUTZ-ONEKEY

@Rekoe 官方给出的是xml的写法,具体到js里该如何写呢?

跟其他属性一样,对应着写.

@wendal 用druid加密时报错!!
加密方法

ConfigTools.encrypt(value);

db.properties

db.url=jdbc:postgresql://localhost:6443/smartdc
db.username=dcmdba
db.password=AH0vNh41JydAnlcDvdGNTzprPTOX97R2mIunbcOVrVpoCyv+SfXMMUSb76mocoLWXz9z0tgILdElI13IXGu56g==
db.validationQuery=select 1
db.maxActive=100

dataSource

dataSource: {
        type: "com.alibaba.druid.pool.DruidDataSource",
        events: {
            create: "init",
            depose: 'close'
        },
        fields: {
            url: {java: "$conf.get('db.url')"},
            username: {java: "$conf.get('db.username')"},
            password: {java: "$conf.get('db.password')"},
            testWhileIdle: true,
            validationQuery: {java: "$conf.get('db.validationQuery')"},
            maxActive: {java: "$conf.get('db.maxActive')"},
            filters: "config",
            connectionProperties: "druid.stat.slowSqlMillis=2000,config.decrypt=true",
            defaultAutoCommit: false
        }
    },

报错日志:

2016-12-07 14:44:01,115 com.alibaba.druid.pool.DruidDataSource$CreateConnectionThread.run(DruidDataSource.java:2001) ERROR - create connection error, url: jdbc:postgresql://localhost:6443/smartdc, errorCode 0, state 28P01
org.postgresql.util.PSQLException: 致命错误: 用户 "dcmdba" Password 认证失败 (pgjdbc: autodetected server-encoding to be EUC_CN, if the message is not readable, please check database logs and/or host, port, dbname, user, password, pg_hba.conf)
	at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:446)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:220)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:218)
	at org.postgresql.Driver.makeConnection(Driver.java:407)
	at org.postgresql.Driver.connect(Driver.java:275)
	at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:148)
	at com.alibaba.druid.filter.FilterAdapter.connection_connect(FilterAdapter.java:785)
	at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:142)
	at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1423)
	at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1477)
	at com.alibaba.druid.pool.DruidDataSource$CreateConnectionThread.run(DruidDataSource.java:1998)

connectionProperties还得配config.decrypt.key

@wendal 我直接用ConfigTools.encrypt(value);方法得到密文,并没有生成key

@qq_c1bab051 然而, 它会使用默认密钥的.

@wendal 那我dataSource该怎么写?????

config.decrypt=true,config.decrypt.key=''

我这么写并没有用,还是报错

ConfigTools源码里面有默认私钥,不是写个空就能解决的.

@wendal 那怎么调用呢?

@qq_c1bab051 打开源码看啊, 拷贝里面的默认私钥.

PS: 用它的main方法多好, 公钥/私钥/密码, 一次性输出.

@wendal 我的意思是在datasource里面怎么调用config.decrypt.key=?

https://github.com/alibaba/druid/wiki/%E4%BD%BF%E7%94%A8ConfigFilter

@wendal
用户名密码没错(明文能登录),公钥和密文可以用ConfigTools得到密文,但是就是报错,问,dataSource关于公钥配置那边怎么写????

 dataSource: {
        type: "com.alibaba.druid.pool.DruidDataSource",
        events: {
            create: "init",
            depose: 'close'
        },
        fields: {
            url: {java: "$conf.get('db.url')"},
            username: {java: "$conf.get('db.username')"},
            password: {java: "$conf.get('db.password')"},
            testWhileIdle: true,
            validationQuery: {java: "$conf.get('db.validationQuery')"},
            maxActive: {java: "$conf.get('db.maxActive')"},
            filters: "config",
            connectionProperties: "config.decrypt=true,config.decrypt.key=${db.publickey}",
            defaultAutoCommit: false
        }
    },

@qq_c1bab051 connectionProperties整个放到db.properties里面,不支持你这样写变量的。。。

@wendal 那么如果我要将,custom放到与war包,同级的位置,既webapps下(为方便不同用户,实现配置,然后放入war包即可),dao.js里的
conf下的fields:paths怎么写,这么写???没成功啊

 conf: {
        type: "org.nutz.ioc.impl.PropertiesProxy",
        fields: {
            paths: ["../custom/"]
        }
    },

继承PropertiesProxy然后自定义,爱咋写就咋写

用公钥链接数据库老是报密码错误,

dataSource: {
        type: "com.alibaba.druid.pool.DruidDataSource",
        events: {
            create: "init",
            depose: 'close'
        },
        fields: {
            url: {java: "$conf.get('db.url')"},
            username: {java: "$conf.get('db.username')"},
            password: {java: "$conf.get('db.password')"},
            testWhileIdle: true,
            validationQuery: "select 1",
            maxActive: 100,
            filters: "config",
            connectionProperties: {java:"$conf.get('db.publickey)"},
            defaultAutoCommit: false
        }
    },

db.publickey=config.decrypt=true,config.decrypt.key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAI2DnJOZnsw8mfPhiiuBvQL6cLotFew1obNRuNqmH52VN89jvJEA17/TquCZEAk77akRWiroJsT3MMjnJTDya/MCAwEAAQ==

然后调用

ConfigTools.decrypt(String publicKeyText, String cipherText)

输入纯文本的publickey和cipherText,解密出来的明文密码是正确的,所以想问,怎么debug看dao去链接数据库的时候到底用的什么密码?为什么老是报错误

@wendal

何不试试直接写死

@wendal 试了并没有用,而且要求不能写死,用户要求放db.p在war包之外,

来自炫酷的 NutzCN

既然写死都没有,那就依然是connectionProperties和password不对咯

@wendal 我也是按照步骤直接配置了,但好像还是不能用,求解需要怎么配置才能实现数据库配置文件加密显示

是不是配置文件被转义了?

@wendal 这段配置文件好像没有生效

                             filters: "config",
		            connectionProperties: {java:"$conf.get('jdbc.publickey)"},

目测是是你的 connectionProperties: {java:"$conf.get('jdbc.publickey)"} 这里面配置错了
ffilters : "config",
connectionProperties : {java :"$conf.get('jdbc.connectionProperties')"}

jdbc.password=BVPOe0bBIS9hPo4cfLVHWEmcw/d46jXipEMG+JH7T6xNdphoefV0LAS+ToT5v3REwPHyfbDCj/B3WsaxHqOrVg==
jdbc.connectionProperties=config.decrypt=true;config.decrypt.key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAI4cjTxP7yoiWgJTmFaTBYF1HkBCsp2QoxmLkIUjcm2Ne8IcyvyPEH1bWa/kukzz06uIPayvc6M1tkUpf/eEECkCAwEAAF==
这样配置ok

添加回复
请先登陆
回到顶部