前几天分享了一篇《Spring Boot 2.x基础教程:加密配置中的敏感信息》 ,然后看到群里有小伙伴反应跟着这篇文章出现了这个异常com.ulisesbocchio.jasyptspringboot.exception.DecryptionException: Unable to decrypt。
具体完整的错误信息如下:
Causedby:com.ulisesbocchio.jasyptspringboot.exception.DecryptionException:Unabletodecrypt:ENC(/AL9nJENCYCh9Pfzdf2xLPsqOZ6HwNgQ3AnMybFAMeOM5GphZlOK6PxzozwtCm+Q).DecryptionofPropertiesfailed,makesureencryption/decryptionpasswordsmatchatcom.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.lambda$resolvePropertyValue$0(DefaultPropertyResolver.java:46)~[jasypt-spring-boot-3.0.3.jar:na]atjava.util.Optional.map(Optional.java:215)~[na:1.8.0_151]atcom.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.resolvePropertyValue(DefaultPropertyResolver.java:40)~[jasypt-spring-boot-3.0.3.jar:na]atcom.ulisesbocchio.jasyptspringboot.resolver.DefaultLazyPropertyResolver.resolvePropertyValue(DefaultLazyPropertyResolver.java:50)~[jasypt-spring-boot-3.0.3.jar:na]atcom.ulisesbocchio.jasyptspringboot.EncryptablePropertySource.getProperty(EncryptablePropertySource.java:20)~[jasypt-spring-boot-3.0.3.jar:na]atcom.ulisesbocchio.jasyptspringboot.caching.CachingDelegateEncryptablePropertySource.getProperty(CachingDelegateEncryptablePropertySource.java:41)~[jasypt-spring-boot-3.0.3.jar:na]atcom.ulisesbocchio.jasyptspringboot.wrapper.EncryptableMapPropertySourceWrapper.getProperty(EncryptableMapPropertySourceWrapper.java:31)~[jasypt-spring-boot-3.0.3.jar:na]atorg.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:85)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:62)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:588)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.context.support.PropertySourcesPlaceholderConfigurer$1.getProperty(PropertySourcesPlaceholderConfigurer.java:137)~[spring-context-5.3.8.jar:5.3.8]atorg.springframework.context.support.PropertySourcesPlaceholderConfigurer$1.getProperty(PropertySourcesPlaceholderConfigurer.java:133)~[spring-context-5.3.8.jar:5.3.8]atorg.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:85)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.core.env.PropertySourcesPropertyResolver.getPropertyAsRawString(PropertySourcesPropertyResolver.java:74)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:159)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.util.PropertyPlaceholderHelper.replacePlaceholders(PropertyPlaceholderHelper.java:126)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.core.env.AbstractPropertyResolver.doResolvePlaceholders(AbstractPropertyResolver.java:239)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.core.env.AbstractPropertyResolver.resolveRequiredPlaceholders(AbstractPropertyResolver.java:210)~[spring-core-5.3.8.jar:5.3.8]atorg.springframework.context.support.PropertySourcesPlaceholderConfigurer.lambda$processProperties$0(PropertySourcesPlaceholderConfigurer.java:175)~[spring-context-5.3.8.jar:5.3.8]atorg.springframework.beans.factory.support.AbstractBeanFactory.resolveEmbeddedValue(AbstractBeanFactory.java:936)~[spring-beans-5.3.8.jar:5.3.8]atorg.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1321)~[spring-beans-5.3.8.jar:5.3.8]atorg.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300)~[spring-beans-5.3.8.jar:5.3.8]atorg.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.resolveFieldValue(AutowiredAnnotationBeanPostProcessor.java:657)~[spring-beans-5.3.8.jar:5.3.8]atorg.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:640)~[spring-beans-5.3.8.jar:5.3.8]atorg.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)~[spring-beans-5.3.8.jar:5.3.8]atorg.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)~[spring-beans-5.3.8.jar:5.3.8]...69commonframesomittedCausedby:org.jasypt.exceptions.EncryptionOperationNotPossibleException:nullatorg.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1165)~[jasypt-1.9.3.jar:na]atorg.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:738)~[jasypt-1.9.3.jar:na]atorg.jasypt.encryption.pbe.PooledPBEStringEncryptor.decrypt(PooledPBEStringEncryptor.java:511)~[jasypt-1.9.3.jar:na]atcom.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.decrypt(DefaultLazyEncryptor.java:57)~[jasypt-spring-boot-3.0.3.jar:na]atcom.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.lambda$resolvePropertyValue$0(DefaultPropertyResolver.java:44)~[jasypt-spring-boot-3.0.3.jar:na]...94commonframesomitted
直接根据错误信息的描述来判断,就是解密失败了。
下面整理一下可能产生解密失败的几种可能:
第一种:推测解密失败的原因是加密和解密使用的密钥不一致,也就是jasypt.encryptor.password的配置和使用插件时候的参数传的不同。
第二种:没有安装不限长度的JCE版本(Unlimited Strength Java Cryptography Extension)。因为DD以前在用Spring Cloud Config的时候已经装过了,所以在写之前这个案例的时候没有提到这点,应该一些还没有接触Spring Cloud的读者通常都是这个原因导致。
我们可以从Oracle的官方网站中下载你所用Java版本对应的JCE安装包,比如:JCE8下载地址。它是一个压缩包,解压后可以看到下面三个文件:
README.txtlocal_policy.jarUS_export_policy.jar
我们需要将local_policy.jar和US_export_policy.jar两个文件复制到$JAVA_HOME/jre/lib/security目录下,覆盖原来的默认内容,这样加密解密的准备工作就完成了。
欢迎关注我的公众号:程序猿DD,分享外面看不到的干货与思考!