美好的一天,伙计们。我有应用程序女巫与数据库(休眠)和 Spring MVC 一起使用。问题是我将所有密码存储在数据源的 app-config 文件中:
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"> <!-- Using and configuring C3P0 proxy -->
<property name="driverClass"><value>org.h2.Driver</value></property>
<property name="jdbcUrl"><value>jdbc:h2:/home/vadim/workspace-sts-3.1.0.RELEASE/h2/EDUCATION</value></property>
<property name="user"><value>sa</value></property>
<property name="password">password<value></value></property>
<property name="initialPoolSize"><value>3</value></property> <!-- Number of Connections a pool will try to acquire upon startup -->
<property name="minPoolSize"><value>1</value></property> <!-- Minimum connection pool size -->
<property name="maxPoolSize"><value>20</value></property> <!-- Max connection pool size -->
<property name="maxConnectionAge"><value>3600</value></property> <!-- Set max connection age to 1 hour, after it will release -->
<property name="maxIdleTime"><value>600</value></property> <!-- 10 minutes connection can stay unused before be discarded -->
<property name="checkoutTimeout"><value>200000</value></property> <!-- Each what time check for unused connections -->
</bean>
以及安全上下文中用户和管理员的登录密码:
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash="sha-256" base64="true"/>
<security:user-service>
<security:user name="user" password="user" authorities="ROLE_USER"/>
<security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
我怎样才能保护它们免受任何其他眼睛的伤害,我必须制作自定义编码器以保护它们免受 Message Digest Spring 或 java 安全性的任何其他类型的攻击。而编码器算法是服务或前端层的一部分???女巫层必须有我的编码器实现。感谢你们。