mybatis对数据进行加密

开发过程中,你是否遇到需要对DB敏感数据进行加密,通常的做法是,存储的时候调用加密方法,查询的时候对结果进行解密, 嗯?这应该是一个痛苦的过程,好吧,今晚给大家安利一个强大的工具data-shield,针对mybatis架构,对数据在进行写入时加密,查询解密,为你的数据保驾护航, 我想你一定会爱上它

data-shield

data-shield的实现采用mybatisInterceptor实现,不仅实现的常规的查询和更新,也针对Cursor模式下的查询操作, 对业务代码无任何浸入性,只需要在需要加密的字段,添加一个注解,全程帮你完成数据的加密及解密操作,真是开发一大利器,话不多说, 进入今日的正题

pom.xml配置

1
2
3
4
5
<dependency>
   <groupId>com.github.homeant</groupId>
   <artifactId>data-shield-spring-boot-starter</artifactId>
   <version>1.0-RELEASE</version>
</dependency>

yaml配置

1
2
3
4
5
6
app:
  data:
    shield:
      enable: true
      strategy: aes #支持AES/DES模式 
      key: AD42F6697B035B7580E4FEF93BE20BAD

业务字段配置

为需要处理的业务字段添加@TableField注解,只支持String类型

encrypt: 修改过程是否需要加密,默认为false

decode: 查询过程是否需要解密,默认为false

asserts: decode为true时,针对某些数据(历史数据)提供断言,默认值DefaultAssert.class(encrypt=true,decode=true)

1
2
3
4
5
6
7
8
9
@Data
public class User {
    private Integer id;

    private String username;

    @TableField(encrypt = true,decode = true,assertion=Base64Assert.class)
    private String phone;
}

代码调用

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
public class Test{
   @Autowired
   private UserMapper userMapper;

   @Autowired
   private SqlSessionFactory sqlSessionFactory;

   /**
    * RSA 加密模式会导致密文过长,不推荐使用
    */
   @Test
   public void test() {
      User user = new User();
      user.setUsername("tom");
      user.setPassword("p@ssw0rd1234567");
      userMapper.insert(user);
      DataShieldHelper.dataMasking();
      Optional<User> optional = userMapper.selectOn(user.getId());
      DataShieldHelper.clearDataMasking();
      optional.ifPresent(r -> {
         log.debug("user:{}", r);
      });
   }

   @Test
   public void cursorTest() throws IOException {
      try (SqlSession sqlSession = sqlSessionFactory.openSession();
           Cursor<User> userCursor = sqlSession.getMapper(UserMapper.class).selectList()) {
         Iterator<User> iterator = userCursor.iterator();
         while (iterator.hasNext()){
            log.info("user:{}",iterator.next());
         }
      }

   }
}
1
2
3
4
5
6
7
2021-04-03 16:23:16.604 DEBUG 3020 --- [           main] c.g.h.d.shield.mapper.UserMapper.insert  : ==>  Preparing: insert into t_user (username,password) values ( ?, ?) 
2021-04-03 16:23:16.629 DEBUG 3020 --- [           main] c.g.h.d.shield.mapper.UserMapper.insert  : ==> Parameters: tom(String), L0wfhbKDAELRnj03GtjKoQ==(String)
2021-04-03 16:23:16.651 DEBUG 3020 --- [           main] c.g.h.d.shield.mapper.UserMapper.insert  : <==    Updates: 1
2021-04-03 16:23:16.675 DEBUG 3020 --- [           main] c.g.h.d.s.mapper.UserMapper.selectOn     : ==>  Preparing: select id,username,password from t_user where id = ? 
2021-04-03 16:23:16.675 DEBUG 3020 --- [           main] c.g.h.d.s.mapper.UserMapper.selectOn     : ==> Parameters: 75(Integer)
2021-04-03 16:23:23.313 DEBUG 3020 --- [           main] c.g.h.d.s.mapper.UserMapper.selectOn     : <==      Total: 1
2021-04-03 16:23:26.166 DEBUG 3020 --- [           main] com.github.homeant.data.shield.DataTest  : user:User(id=75, username=tom, password=p@ssw0rd1234567)
1
2
3
4
5
6
7
8
mysql> select * from t_user;
+----+----------+--------------------------+
| id | username | password                 |
+----+----------+--------------------------+
| 74 | tom      | L0wfhbKDAELRnj03GtjKoQ== |
| 75 | tom      | L0wfhbKDAELRnj03GtjKoQ== |
+----+----------+--------------------------+
2 rows in set (0.03 sec)

代码地址