当前位置：首页 > news >正文

SpringBoot中安全的设置阿里云日志SLS的accessKey

news 2025/7/1 22:02:35

众所周知,阿里云的服务都是基于accesskeyId和accesskeySecret来进行身份鉴权的,但唯独日志因为需要写入到.xml文件里对于accesskeyId和accesskeySecret需要进行一定程度的改进,尤其是使用了jasypt进行加密的参数传递进去logback.xml更是会遇到需要对参数进行解密的问题,而官网只有简单粗略的带过如何自定义传入accessKey,以下由我来说一下我的改造计划.

1.首先需要引入阿里云日志SLS和jasypt相关Maven包

 <dependency>
        <groupId>com.github.ulisesbocchio</groupId>
        <artifactId>jasypt-spring-boot-starter</artifactId>
        <version>3.0.3</version>
</dependency>

 <dependency>
        <groupId>com.google.protobuf</groupId>
        <artifactId>protobuf-java</artifactId>
        <version>2.5.0</version>
</dependency>

<dependency>
        <groupId>com.aliyun.openservices</groupId>
        <artifactId>aliyun-log-logback-appender</artifactId>
        <version>0.1.29</version>
</dependency>

2.自定义 jasypt.encryptor.password 密码并创建自定义jasypt的bean(务必先自定义jasypt密码),然后放入环境变量中或者你偷懒直接先写死在代码里,在环境变量中通过System.getenv来获取


import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.iv.RandomIvGenerator;
import org.jasypt.salt.RandomSaltGenerator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class JasyptConfig {
    @Bean("jasyptStringEncryptor")
    public StringEncryptor stringEncryptor(){
        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
        encryptor.setAlgorithm("PBEWithMD5AndDES");
        encryptor.setIvGenerator(new RandomIvGenerator());
        encryptor.setSaltGenerator(new RandomSaltGenerator());
        encryptor.setStringOutputType("base64");
        encryptor.setPassword(System.getenv("jasypt.e

查看全文

http://www.dtcms.com/a/86553.html