将 Spring Boot 1.x 升级到 2.x(如果使用 {cipher} 文本,则更新 ENCRYPT KEY VM 参数)
Upgrade Spring Boot 1.x to 2.x (update ENCRYPT KEY VM argument if using {cipher} texts)
如果 {cipher} 加密文本正在您的 spring-boot 应用程序 属性 文件中使用。
application.yml 或 application.properties
my.password='{cipher}68e78a954bfa0297ecc733`
以上是在 SpringBoot2 中启动失败并显示错误消息 Cannot decrypt: key=my.password
堆栈跟踪
java.lang.IllegalStateException: Cannot decrypt: key=enterpriseInventoryService.password
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:292)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.lambda$decrypt[=14=](EnvironmentDecryptApplicationInitializer.java:270)
at java.util.LinkedHashMap.replaceAll(Unknown Source)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:265)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:190)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:124)
at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:413)
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:623)
.
.
Caused by: java.lang.IllegalStateException: Unable to invoke Cipher due to bad padding
at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:142)
Spring-boot-1
以下任一 VM 参数均可有效提供密钥,以便 spring 可以在加载属性时解密 '{cipher}f75146b2d391aa6'。
- encrypt.key(默认键)
- encrypt_key
- 加密密钥
- 加密密钥
- ENCRYPT.KEY
- ENCRYPT_KEY
- 加密密钥
Spring 使用 org.springframework.boot.bind.RelaxedPropertyResolver 解析上述密钥以获得密钥,但是此 class 已在 spring-boot-2.
中弃用和删除
spring-cloud-context-1.x.jar 中的代码片段来自 class org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration
Environment environment = context.getEnvironment();
RelaxedPropertyResolver propertyResolver = new RelaxedPropertyResolver(environment);
hasProperty(propertyResolver, environment, "encrypt.key");
private boolean hasProperty(RelaxedPropertyResolver propertyResolver, Environment environment, String key) {
String value = propertyResolver.getProperty(key);
if (value == null) {
return false;
}
return StringUtils.hasText(environment.resolvePlaceholders(value));
}
Spring-boot-2
只有 encrypt.key 是传递密钥的有效 VM 参数。
spring-cloud-context-2.x.jar 中的代码片段来自 class org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration
Environment environment = context.getEnvironment();
hasProperty(environment, "encrypt.key");
private boolean hasProperty(Environment environment, String key) {
String value = environment.getProperty(key);
if (value == null) {
return false;
}
return StringUtils.hasText(environment.resolvePlaceholders(value));
}
如果 {cipher} 加密文本正在您的 spring-boot 应用程序 属性 文件中使用。
application.yml 或 application.properties
my.password='{cipher}68e78a954bfa0297ecc733`
以上是在 SpringBoot2 中启动失败并显示错误消息 Cannot decrypt: key=my.password
堆栈跟踪
java.lang.IllegalStateException: Cannot decrypt: key=enterpriseInventoryService.password
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:292)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.lambda$decrypt[=14=](EnvironmentDecryptApplicationInitializer.java:270)
at java.util.LinkedHashMap.replaceAll(Unknown Source)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:265)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:190)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:124)
at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:413)
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:623)
.
.
Caused by: java.lang.IllegalStateException: Unable to invoke Cipher due to bad padding
at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:142)
Spring-boot-1
以下任一 VM 参数均可有效提供密钥,以便 spring 可以在加载属性时解密 '{cipher}f75146b2d391aa6'。
- encrypt.key(默认键)
- encrypt_key
- 加密密钥
- 加密密钥
- ENCRYPT.KEY
- ENCRYPT_KEY
- 加密密钥
Spring 使用 org.springframework.boot.bind.RelaxedPropertyResolver 解析上述密钥以获得密钥,但是此 class 已在 spring-boot-2.
spring-cloud-context-1.x.jar 中的代码片段来自 class org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration
Environment environment = context.getEnvironment();
RelaxedPropertyResolver propertyResolver = new RelaxedPropertyResolver(environment);
hasProperty(propertyResolver, environment, "encrypt.key");
private boolean hasProperty(RelaxedPropertyResolver propertyResolver, Environment environment, String key) {
String value = propertyResolver.getProperty(key);
if (value == null) {
return false;
}
return StringUtils.hasText(environment.resolvePlaceholders(value));
}
Spring-boot-2
只有 encrypt.key 是传递密钥的有效 VM 参数。
spring-cloud-context-2.x.jar 中的代码片段来自 class org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration
Environment environment = context.getEnvironment();
hasProperty(environment, "encrypt.key");
private boolean hasProperty(Environment environment, String key) {
String value = environment.getProperty(key);
if (value == null) {
return false;
}
return StringUtils.hasText(environment.resolvePlaceholders(value));
}