Spring boot[maven] - profile에 따른 application.yml 파일 설정 및 암호화

 

 

1. 포트에 따른 개발서버, 로컬서버 분리 application.yml 설정

profiles속성을 이용하여 로컬서버와 개발서버를 분리하고 개발 서버에서 mvn 빌드를 진행할것이다.

 

 

<application.yml>

spring:
  profiles:
    active: @spring.profiles.active@

---


server:
  port: 8080

spring:
  config:
    activate:
      on-profile: dev
  datasource:
    username: ims
    password: ims12!@
    driver-class-name: com.mysql.cj.jdbc.Driver
    jdbc-url: jdbc:mysql://192.168.0.17:3309/ims?serverTimezone=UTC&allowPublicKeyRetrieval=true



---
server:
  port: 8071

spring:
  config:
    activate:
      on-profile: local
  datasource:
    username: ims
    password: ims12!@
    driver-class-name: com.mysql.cj.jdbc.Driver
    jdbc-url: jdbc:mysql://localhost:3306/ims?serverTimezone=UTC&allowPublicKeyRetrieval=true

 

 

spring.profiles.default는 기본적으로 실행될 profile이다.

 

<dependency>
		    <groupId>io.jsonwebtoken</groupId>
		    <artifactId>jjwt</artifactId>
		    <version>0.9.1</version>
		</dependency>
		
		<dependency>
			<groupId>javax.xml.bind</groupId>
			<artifactId>jaxb-api</artifactId>
			<version>2.3.0-b170201.1204</version>
			</dependency>
		
	</dependencies>

...
<profiles>
        <profile>
            <id>local</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <spring.profiles.active>local</spring.profiles.active>
            </properties>
        </profile>
        <profile>
            <id>dev</id>
            <properties>
                <spring.profiles.active>dev</spring.profiles.active>
            </properties>
        </profile>
    </profiles>
    
    ...
    
    
    <build>
		<resources>
	        <resource>
	            <directory>src/main/resources</directory>
	            <filtering>true</filtering>
	        </resource>
	    </resources>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

<pom.xml>

pom.xml 에 아래와 같은 profiles속성을 넣어준다.

  <profiles>
        <profile>
            <id>local</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <spring.profiles.active>local</spring.profiles.active>
            </properties>
        </profile>
        <profile>
            <id>dev</id>
            <properties>
                <spring.profiles.active>dev</spring.profiles.active>
            </properties>
        </profile>
    </profiles>

<resources>
	        <resource>
	            <directory>src/main/resources</directory>
	            <filtering>true</filtering>
	        </resource>
	    </resources>

 

위와 같이 입력하면 maven을 빌드할때 파라미터를 보내줄수있다. 

 

이후 명령어는 mvn clean package -P dev 로 maven을 빌드해주면 on-profile:dev가 활성화되며

 

개발서버 db를 바라보면서 서버가 올라가게 된다

 

 

2. application.yml 값 암호화 하기

- Jsaypt는 특정 값을 암호화해주는 라이브러리 입니다.

<pom.xml>

<dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>3.0.3</version>
        </dependency>

 

- application.yml에 암호화된 내용들을 해석하기 위하여 configuration class를 만듭니다.

 

<JasyptConfig.java>

package com.ims.com.config;

import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class JasyptConfig {
	
	@Bean(name = "jasyptStringEncryptor")
	public StringEncryptor stringEncryptor() {
		
		String key = "my_name_dizzy";
		PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
		SimpleStringPBEConfig config = new SimpleStringPBEConfig();
		config.setPassword(key);
		config.setAlgorithm("PBEWithMD5AndDES");
		config.setKeyObtentionIterations("1000");
		config.setPoolSize("1");
		config.setProviderName("SunJCE");
		config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
		config.setStringOutputType("base64");
		encryptor.setConfig(config);
		return encryptor;
	}
}

 

 

- Test를 통해 암호화할 내용들을  암호로 변경합니다.

package com.ims.app;

import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;

@SpringBootTest
class InnerManageSystemRestApplicationTests {
	
	@Test
	void contextLoads() {
		
		String url = "192.168.0.17:3309/ims";
        String username = "ims";
        String password = "ims12!@";

        System.out.println(jasyptEncoding(url));
        System.out.println(jasyptEncoding(username));
        System.out.println(jasyptEncoding(password));
	}
	
	
	public String jasyptEncoding(String value) {

        String key = "my_name_dizzy";
        StandardPBEStringEncryptor pbeEnc = new StandardPBEStringEncryptor();
        pbeEnc.setAlgorithm("PBEWithMD5AndDES");
        pbeEnc.setPassword(key);
        return pbeEnc.encrypt(value);
    }
}

 

 

- application.yml 설정

jasypt.encrytor.bean 에 jasyptStringEncryptor bean을 등록해주고

ENC를 사용하여 암호화된 내용들을 인코더해준다. 끝

spring:
  profiles:
    active: @spring.profiles.active@

---


---
server:
  port: 8071

spring:
  config:
    activate:
      on-profile: local
  datasource:
    username: ENC(wOYsg6nt2coPPTcmdefplQ==)
    password: ENC(TIvG3zr/qVon3huDMl4fvw==)
    driver-class-name: com.mysql.cj.jdbc.Driver
    jdbc-url: jdbc:mysql://localhost:3306/ims?serverTimezone=UTC&allowPublicKeyRetrieval=true

jasypt:
  encryptor:
    bean: jasyptStringEncryptor