场景一:对配置文件中的裸露的密码进行加密
1、添加依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
2、配置文件application.yml中进行下面配置
jasypt:
encryptor:
property:
prefix: "abc["
suffix: "]"
password: encrypass
说明:
Jasypt默认格式是ENC(XXX),格式主要是为了便于识别该值是否需要解密,如果不按照格式配置,在加载配置的时候将保持原值,不进行解密。如上所示配置prefixx和suffix,则是修改默认的格式为adb[]
password是加密密钥,一般不建议直接放在项目内,可以通过启动时-D
参数注入,或者放在配置中心,避免泄露
3、预先生成加密值,可以通过代码内调试API生成
4、替换加密字符
场景二:数据脱敏
部分隐私数据,入库的时候要进行数据脱敏处理,查询的时候还要进行反向解密,使用AOP切面来实现
1、定义两个注解@EncryptField
、@EncryptMethod
分别用在字段属性和方法上,实现思路很简单,只要方法上应用到@EncryptMethod
注解,则检查入参字段是否标注@EncryptField
注解,有则将对应字段内容加密
import java.lang.annotation.*;
@Documented
@Target({ElementType.FIELD,ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptField {
String[] value() default "";
}
import java.lang.annotation.*;
import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;
@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptMethod {
String type() default ENCRYPT;
}
public interface EncryptConstant {
// 加密
String ENCRYPT = "encrypt";
// 解密
String DECRYPT = "decrypt";
}
2、使用AOP切面实现入参加密,出参解密
import com.one.smile.test.utils.EncryptField;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.lang.reflect.Field;
import java.util.Objects;
import static com.one.smile.test.utils.EncryptConstant.DECRYPT;
import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;
@Slf4j
@Aspect
@Component
public class EncryptHandler {
@Autowired
private StringEncryptor stringEncryptor;
@Pointcut("@annotation(com.one.smile.test.utils.EncryptMethod)")
public void pointCut() {
}
@Around("pointCut()")
public Object around(ProceedingJoinPoint joinPoint) {
/**
* 加密
*/
encrypt(joinPoint);
/**
* 解密
*/
Object decrypt = decrypt(joinPoint);
return decrypt;
}
public void encrypt(ProceedingJoinPoint joinPoint) {
try {
Object[] objects = joinPoint.getArgs();
if (objects.length != 0) {
for (Object o : objects) {
if (o instanceof String) {
encryptValue(o);
} else {
handler(o, ENCRYPT);
}
//TODO 其余类型自己看实际情况加
}
}
} catch (IllegalAccessException e) {
e.printStackTrace();
}
}
public Object decrypt(ProceedingJoinPoint joinPoint) {
Object result = null;
try {
Object obj = joinPoint.proceed();
if (obj != null) {
if (obj instanceof String) {
decryptValue(obj);
} else {
result = handler(obj, DECRYPT);
}
//TODO 其余类型自己看实际情况加
}
} catch (Throwable e) {
e.printStackTrace();
}
return result;
}
private Object handler(Object obj, String type) throws IllegalAccessException {
if (Objects.isNull(obj)) {
return null;
}
Field[] fields = obj.getClass().getDeclaredFields();
for (Field field : fields) {
boolean hasSecureField = field.isAnnotationPresent(EncryptField.class);
if (hasSecureField) {
field.setAccessible(true);
String realValue = (String) field.get(obj);
String value;
if (DECRYPT.equals(type)) {
value = stringEncryptor.decrypt(realValue);
} else {
value = stringEncryptor.encrypt(realValue);
}
field.set(obj, value);
}
}
return obj;
}
public String encryptValue(Object realValue) {
String value = null;
try {
value = stringEncryptor.encrypt(String.valueOf(realValue));
} catch (Exception ex) {
return value;
}
return value;
}
public String decryptValue(Object realValue) {
String value = String.valueOf(realValue);
try {
value = stringEncryptor.decrypt(value);
} catch (Exception ex) {
return value;
}
return value;
}
}
3、测试
@RestController
@RequestMapping("/encry")
public class EncryController {
@EncryptMethod
@PostMapping(value = "test")
@ResponseBody
public Object testEncrypt(@RequestBody UserVo userVo,@EncryptField String name){
System.out.println("加密后的数据:user" + JSON.toJSONString(userVo) + name);
return userVo;
}
}
@Data
public class UserVo implements Serializable {
private Long userId;
@EncryptField
private String mobile;
@EncryptField
private String address;
private String age;
}
相关文章
暂无评论...