mybatis-plus拦截器敏感字段加解密的实现方法是什么
短信预约 -IT技能 免费直播动态提醒
本篇内容主要讲解“mybatis-plus拦截器敏感字段加解密的实现方法是什么”,感兴趣的朋友不妨来看看。本文介绍的方法操作简单快捷,实用性强。下面就让小编来带大家学习“mybatis-plus拦截器敏感字段加解密的实现方法是什么”吧!
背景
数据库在保存数据时,对于某些敏感数据需要脱敏或者加密处理,如果一个一个的去加显然工作量大而且容易出错,这个时候可以考虑使用拦截器,本文针对的是mybatis-plus作为持久层框架,其他场景未测试。代码如下:
一、查询拦截器
package com.sfpay.merchant.service.interceptor; import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;import com.sfpay.merchant.service.service.CryptService;import lombok.extern.slf4j.Slf4j;import org.apache.ibatis.binding.MapperMethod;import org.apache.ibatis.cache.CacheKey;import org.apache.ibatis.executor.Executor;import org.apache.ibatis.mapping.BoundSql;import org.apache.ibatis.mapping.MappedStatement;import org.apache.ibatis.plugin.Interceptor;import org.apache.ibatis.plugin.Intercepts;import org.apache.ibatis.plugin.Invocation;import org.apache.ibatis.plugin.Signature;import org.apache.ibatis.session.ResultHandler;import org.apache.ibatis.session.RowBounds;import org.springframework.beans.factory.annotation.Autowired; import java.util.ArrayList;import java.util.Map;import java.util.Objects; @Slf4j@Intercepts({ @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class, CacheKey.class, BoundSql.class}), @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class})})public class QueryInterceptor implements Interceptor { private static final String DECRYPT = "decrypt"; @Autowired private CryptService cryptService; @Autowired private UpdateInterceptor updateInterceptor; @Override public Object intercept(Invocation invocation) throws Throwable { //获取查询参数,查询条件是否需要加密 Object[] args = invocation.getArgs(); Object parameter = args[1]; Object result = null; //设置执行标识 boolean flag = true; if (parameter instanceof MapperMethod.ParamMap) { Map paramMap = (Map) parameter; if (paramMap.containsKey(DECRYPT)) { Object queryParameter = paramMap.get(DECRYPT); if (updateInterceptor.needToCrypt(queryParameter)) { //执行sql,还原加密后的报文 MappedStatement mappedStatement = (MappedStatement) args[0]; result = updateInterceptor.proceed(invocation, mappedStatement, queryParameter); flag = false; } } } //是否需要执行 if (flag) { result = invocation.proceed(); } if (Objects.isNull(result)) { return null; } // 返回列表数据,循环检查 if (result instanceof ArrayList) { ArrayList resultList = (ArrayList) result; if (CollectionUtils.isNotEmpty(resultList) && updateInterceptor.needToCrypt(resultList.get(0))) { for (Object o : resultList) { cryptService.decrypt(o); } } } else if (updateInterceptor.needToCrypt(result)) { cryptService.decrypt(result); } //返回结果 return result; }}二、插入和更新拦截器
package com.sfpay.merchant.service.interceptor; import com.baomidou.mybatisplus.annotation.TableId;import com.sfpay.merchant.common.util.annotation.CryptAnnotation;import com.sfpay.merchant.service.service.CryptService;import org.apache.ibatis.binding.MapperMethod;import org.apache.ibatis.executor.Executor;import org.apache.ibatis.mapping.MappedStatement;import org.apache.ibatis.mapping.SqlCommandType;import org.apache.ibatis.plugin.Interceptor;import org.apache.ibatis.plugin.Intercepts;import org.apache.ibatis.plugin.Invocation;import org.apache.ibatis.plugin.Signature;import org.apache.ibatis.session.defaults.DefaultSqlSession;import org.springframework.beans.BeanUtils;import org.springframework.beans.factory.annotation.Autowired; import java.lang.reflect.Field;import java.lang.reflect.InvocationTargetException;import java.util.Arrays;import java.util.Map;import java.util.Objects;import java.util.Optional; @Intercepts({@Signature(type = Executor.class, method = "update", args = {MappedStatement.class, Object.class})})public class UpdateInterceptor implements Interceptor { @Autowired private CryptService cryptService; private static final String CRYPT = "et"; @Override public Object intercept(Invocation invocation) throws Throwable { //代理类方法参数,该拦截器拦截的update方法有两个参数args = {MappedStatement.class, Object.class} Object[] args = invocation.getArgs(); //获取方法参数 MappedStatement mappedStatement = (MappedStatement) args[0]; Object parameter = args[1]; if (Objects.isNull(parameter)) { //无参数,直接放行 return invocation.proceed(); } // 如果是多个参数或使用Param注解(Param注解会将参数放置在ParamMap中) if (parameter instanceof MapperMethod.ParamMap) { Map paramMap = (Map) parameter; if (paramMap.containsKey(CRYPT)) { Object updateParameter = paramMap.get(CRYPT); if (needToCrypt(updateParameter)) { //执行sql,还原加解密后的报文 return proceed(invocation, mappedStatement, updateParameter); } } } else if (parameter instanceof DefaultSqlSession.StrictMap) { //不知道是啥意思,直接过 return invocation.proceed(); } else if (needToCrypt(parameter)) { //执行sql,还原加解密后的报文 return proceed(invocation, mappedStatement, parameter); } //其他场景直接放行 return invocation.proceed(); } Object proceed(Invocation invocation, MappedStatement mappedStatement, Object parameter) throws IllegalAccessException, InstantiationException, InvocationTargetException { //先复制一个对象备份数据 Object newInstance = newInstance(parameter); //调用加解密服务 cryptService.encrypt(parameter); //执行操作,得到返回结果 Object result = invocation.proceed(); //把加解密后的字段还原 reductionParameter(mappedStatement, newInstance, parameter); //返回结果 return result; } private Object newInstance(Object parameter) throws IllegalAccessException, InstantiationException { Object newInstance = parameter.getClass().newInstance(); BeanUtils.copyProperties(parameter, newInstance); return newInstance; } private void reductionParameter(MappedStatement mappedStatement, Object newInstance, Object parameter) throws IllegalAccessException { //获取映射语句命令类型 SqlCommandType sqlCommandType = mappedStatement.getSqlCommandType(); if (SqlCommandType.INSERT == sqlCommandType) { //从参数属性中找到注解是TableId的字段 Field[] parameterFields = parameter.getClass().getDeclaredFields(); Optional<Field> optional = Arrays.stream(parameterFields).filter(field -> field.isAnnotationPresent(TableId.class)).findAny(); if (optional.isPresent()) { Field field = optional.get(); field.setAccessible(true); Object id = field.get(parameter); //覆盖参数加解密的值 BeanUtils.copyProperties(newInstance, parameter); field.set(parameter, id); } else { //覆盖参数加解密的值 BeanUtils.copyProperties(newInstance, parameter); } } else { //覆盖参数加解密的值 BeanUtils.copyProperties(newInstance, parameter); } } public boolean needToCrypt(Object object) { if (object == null) { return false; } Class<?> clazz = object.getClass(); if (clazz.isPrimitive() || object instanceof String) { //基本类型和字符串不加解密 return false; } //获取DO注解 boolean annotationPresent = clazz.isAnnotationPresent(CryptAnnotation.class); if (!annotationPresent) { //无DO注解不加解密 return false; } //获取属性注解 Field[] fields = clazz.getDeclaredFields(); return Arrays.stream(fields).anyMatch(field -> field.isAnnotationPresent(CryptAnnotation.class)); }}三、注解
import com.sfpay.merchant.common.constant.EncryptDataTypeEnum; import java.lang.annotation.*; @Retention(RetentionPolicy.RUNTIME)@Target({ElementType.FIELD, ElementType.TYPE})@Documented@Inheritedpublic @interface CryptAnnotation { EncryptDataTypeEnum type() default EncryptDataTypeEnum.OTHER;}cryptService 为加密服务,怎么实现自己可以根据实际情况来实现。
到此,相信大家对“mybatis-plus拦截器敏感字段加解密的实现方法是什么”有了更深的了解,不妨来实际操作一番吧!这里是编程网网站,更多相关内容可以进入相关频道进行查询,关注我们,继续学习!
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
