Jasypt实现数据加解密(脱敏)

2年前 (2022) 程序员胖胖胖虎阿
255 0 0

场景一:对配置文件中的裸露的密码进行加密

1、添加依赖

        <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>3.0.4</version>
        </dependency>

2、配置文件application.yml中进行下面配置

jasypt:
  encryptor:
    property:
      prefix: "abc["
      suffix: "]"
    password: encrypass

说明:

        Jasypt默认格式是ENC(XXX),格式主要是为了便于识别该值是否需要解密,如果不按照格式配置,在加载配置的时候将保持原值,不进行解密。如上所示配置prefixx和suffix,则是修改默认的格式为adb[]

password是加密密钥,一般不建议直接放在项目内,可以通过启动时-D参数注入,或者放在配置中心,避免泄露

3、预先生成加密值,可以通过代码内调试API生成

Jasypt实现数据加解密(脱敏)

 4、替换加密字符

Jasypt实现数据加解密(脱敏)

 场景二:数据脱敏

        部分隐私数据,入库的时候要进行数据脱敏处理,查询的时候还要进行反向解密,使用AOP切面来实现

1、定义两个注解@EncryptField@EncryptMethod分别用在字段属性和方法上,实现思路很简单,只要方法上应用到@EncryptMethod注解,则检查入参字段是否标注@EncryptField注解,有则将对应字段内容加密

import java.lang.annotation.*;

@Documented
@Target({ElementType.FIELD,ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptField {

    String[] value() default "";

}
import java.lang.annotation.*;
import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;

@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptMethod {

    String type() default ENCRYPT;

}
public interface EncryptConstant {

    // 加密
    String ENCRYPT = "encrypt";

    // 解密
    String DECRYPT = "decrypt";
}

2、使用AOP切面实现入参加密,出参解密

import com.one.smile.test.utils.EncryptField;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.lang.reflect.Field;
import java.util.Objects;
import static com.one.smile.test.utils.EncryptConstant.DECRYPT;
import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;

@Slf4j
@Aspect
@Component
public class EncryptHandler {

    @Autowired
    private StringEncryptor stringEncryptor;

    @Pointcut("@annotation(com.one.smile.test.utils.EncryptMethod)")
    public void pointCut() {
    }

    @Around("pointCut()")
    public Object around(ProceedingJoinPoint joinPoint) {
        /**
         * 加密
         */
        encrypt(joinPoint);
        /**
         * 解密
         */
        Object decrypt = decrypt(joinPoint);
        return decrypt;
    }

    public void encrypt(ProceedingJoinPoint joinPoint) {

        try {
            Object[] objects = joinPoint.getArgs();
            if (objects.length != 0) {
                for (Object o : objects) {
                    if (o instanceof String) {
                        encryptValue(o);
                    } else {
                        handler(o, ENCRYPT);
                    }
                    //TODO 其余类型自己看实际情况加
                }
            }
        } catch (IllegalAccessException e) {
            e.printStackTrace();
        }
    }

    public Object decrypt(ProceedingJoinPoint joinPoint) {
        Object result = null;
        try {
            Object obj = joinPoint.proceed();
            if (obj != null) {
                if (obj instanceof String) {
                    decryptValue(obj);
                } else {
                    result = handler(obj, DECRYPT);
                }
                //TODO 其余类型自己看实际情况加
            }
        } catch (Throwable e) {
            e.printStackTrace();
        }
        return result;
    }

    private Object handler(Object obj, String type) throws IllegalAccessException {

        if (Objects.isNull(obj)) {
            return null;
        }
        Field[] fields = obj.getClass().getDeclaredFields();
        for (Field field : fields) {
            boolean hasSecureField = field.isAnnotationPresent(EncryptField.class);
            if (hasSecureField) {
                field.setAccessible(true);
                String realValue = (String) field.get(obj);
                String value;
                if (DECRYPT.equals(type)) {
                    value = stringEncryptor.decrypt(realValue);
                } else {
                    value = stringEncryptor.encrypt(realValue);
                }
                field.set(obj, value);
            }
        }
        return obj;
    }

    public String encryptValue(Object realValue) {
        String value = null;
        try {
            value = stringEncryptor.encrypt(String.valueOf(realValue));
        } catch (Exception ex) {
            return value;
        }
        return value;
    }

    public String decryptValue(Object realValue) {
        String value = String.valueOf(realValue);
        try {
            value = stringEncryptor.decrypt(value);
        } catch (Exception ex) {
            return value;
        }
        return value;
    }

}

3、测试

@RestController
@RequestMapping("/encry")
public class EncryController {

    @EncryptMethod
    @PostMapping(value = "test")
    @ResponseBody
    public Object testEncrypt(@RequestBody UserVo userVo,@EncryptField String name){
        System.out.println("加密后的数据:user" + JSON.toJSONString(userVo) + name);
        return userVo;
    }

}
@Data
public class UserVo implements Serializable {

    private Long userId;

    @EncryptField
    private String mobile;

    @EncryptField
    private String address;

    private String age;

}
版权声明:程序员胖胖胖虎阿 发表于 2022年9月16日 下午9:08。
转载请注明:Jasypt实现数据加解密(脱敏) | 胖虎的工具箱-编程导航

相关文章

暂无评论

暂无评论...