场景一:对配置文件中的裸露的密码进行加密
1、添加依赖
<dependency><groupId>com.github.ulisesbocchio</groupId><artifactId>jasypt-spring-boot-starter</artifactId><version>3.0.4</version></dependency>
2、配置文件application.yml中进行下面配置
jasypt:encryptor:property:prefix: "abc["suffix: "]"password: encrypass
说明:
Jasypt默认格式是ENC(XXX),格式主要是为了便于识别该值是否需要解密,如果不按照格式配置,在加载配置的时候将保持原值,不进行解密。如上所示配置prefixx和suffix,则是修改默认的格式为adb[]
password是加密密钥,一般不建议直接放在项目内,可以通过启动时-D
参数注入,或者放在配置中心,避免泄露
3、预先生成加密值,可以通过代码内调试API生成
4、替换加密字符
场景二:数据脱敏
部分隐私数据,入库的时候要进行数据脱敏处理,查询的时候还要进行反向解密,使用AOP切面来实现
1、定义两个注解@EncryptField
、@EncryptMethod
分别用在字段属性和方法上,实现思路很简单,只要方法上应用到@EncryptMethod
注解,则检查入参字段是否标注@EncryptField
注解,有则将对应字段内容加密
import java.lang.annotation.*;@Documented@Target({ElementType.FIELD,ElementType.PARAMETER})@Retention(RetentionPolicy.RUNTIME)public @interface EncryptField {String[] value() default "";}
import java.lang.annotation.*;import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;@Documented@Target({ElementType.METHOD})@Retention(RetentionPolicy.RUNTIME)public @interface EncryptMethod {String type() default ENCRYPT;}
public interface EncryptConstant {// 加密String ENCRYPT = "encrypt";// 解密String DECRYPT = "decrypt";}
2、使用AOP切面实现入参加密,出参解密
import com.one.smile.test.utils.EncryptField;import lombok.extern.slf4j.Slf4j;import org.aspectj.lang.ProceedingJoinPoint;import org.aspectj.lang.annotation.Around;import org.aspectj.lang.annotation.Aspect;import org.aspectj.lang.annotation.Pointcut;import org.jasypt.encryption.StringEncryptor;import org.springframework.beans.factory.annotation.Autowired;import org.ponent;import java.lang.reflect.Field;import java.util.Objects;import static com.one.smile.test.utils.EncryptConstant.DECRYPT;import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;@Slf4j@Aspect@Componentpublic class EncryptHandler {@Autowiredprivate StringEncryptor stringEncryptor;@Pointcut("@annotation(com.one.smile.test.utils.EncryptMethod)")public void pointCut() {}@Around("pointCut()")public Object around(ProceedingJoinPoint joinPoint) {/*** 加密*/encrypt(joinPoint);/*** 解密*/Object decrypt = decrypt(joinPoint);return decrypt;}public void encrypt(ProceedingJoinPoint joinPoint) {try {Object[] objects = joinPoint.getArgs();if (objects.length != 0) {for (Object o : objects) {if (o instanceof String) {encryptValue(o);} else {handler(o, ENCRYPT);}//TODO 其余类型自己看实际情况加}}} catch (IllegalAccessException e) {e.printStackTrace();}}public Object decrypt(ProceedingJoinPoint joinPoint) {Object result = null;try {Object obj = joinPoint.proceed();if (obj != null) {if (obj instanceof String) {decryptValue(obj);} else {result = handler(obj, DECRYPT);}//TODO 其余类型自己看实际情况加}} catch (Throwable e) {e.printStackTrace();}return result;}private Object handler(Object obj, String type) throws IllegalAccessException {if (Objects.isNull(obj)) {return null;}Field[] fields = obj.getClass().getDeclaredFields();for (Field field : fields) {boolean hasSecureField = field.isAnnotationPresent(EncryptField.class);if (hasSecureField) {field.setAccessible(true);String realValue = (String) field.get(obj);String value;if (DECRYPT.equals(type)) {value = stringEncryptor.decrypt(realValue);} else {value = stringEncryptor.encrypt(realValue);}field.set(obj, value);}}return obj;}public String encryptValue(Object realValue) {String value = null;try {value = stringEncryptor.encrypt(String.valueOf(realValue));} catch (Exception ex) {return value;}return value;}public String decryptValue(Object realValue) {String value = String.valueOf(realValue);try {value = stringEncryptor.decrypt(value);} catch (Exception ex) {return value;}return value;}}
3、测试
@RestController@RequestMapping("/encry")public class EncryController {@EncryptMethod@PostMapping(value = "test")@ResponseBodypublic Object testEncrypt(@RequestBody UserVo userVo,@EncryptField String name){System.out.println("加密后的数据:user" + JSON.toJSONString(userVo) + name);return userVo;}}
@Datapublic class UserVo implements Serializable {private Long userId;@EncryptFieldprivate String mobile;@EncryptFieldprivate String address;private String age;}