mybatisplus在springboot中配置敏感数据加密拦截器
时间: 2023-09-07 14:11:27 浏览: 163
springboot拦截器
Mybatis-plus提供了加密拦截器`MybatisPlusInterceptor`,可以在查询和修改时对敏感数据进行加密和解密操作。以下是在Spring Boot中配置Mybatis-plus加密拦截器的步骤:
1. 首先,需要在pom.xml文件中添加mybatis-plus-boot-starter依赖:
```xml
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>${mybatis-plus.version}</version>
</dependency>
```
2. 创建一个`MetaObjectHandler`实现类,该类可以在插入和更新时自动填充公共字段,例如创建时间、修改时间等。在该类中,需要实现`insertFill`和`updateFill`方法,并在需要自动填充的字段上添加`@TableField(fill = FieldFill.INSERT)`和`@TableField(fill = FieldFill.UPDATE)`注解。
```java
@Component
public class MyMetaObjectHandler implements MetaObjectHandler {
@Override
public void insertFill(MetaObject metaObject) {
this.strictInsertFill(metaObject, "createTime", LocalDateTime::now, LocalDateTime.class);
}
@Override
public void updateFill(MetaObject metaObject) {
this.strictUpdateFill(metaObject, "updateTime", LocalDateTime::now, LocalDateTime.class);
}
}
```
3. 创建一个加密拦截器`EncryptInterceptor`,该拦截器可以在查询和修改时对敏感数据进行加密和解密操作。在该拦截器中,需要实现`intercept`方法,并在需要加密的字段上添加`@TableField(fill = FieldFill.INSERT_UPDATE)`注解。
```java
@Component
public class EncryptInterceptor implements Interceptor {
private static final String AES_KEY = "1234567890123456";
private static final String CHARSET = "UTF-8";
@Override
public Object intercept(Invocation invocation) throws Throwable {
Object parameter = invocation.getArgs()[1];
if (parameter instanceof MappedStatement && ((MappedStatement) parameter).getId().contains("update")) {
MetaObject metaObject = SystemMetaObject.forObject(parameter);
String[] propertyNames = metaObject.getSetterNames();
for (String propertyName : propertyNames) {
if (metaObject.hasSetter(propertyName) && metaObject.hasGetter(propertyName)) {
TableField tableField = metaObject.getOriginalObject().getClass().getDeclaredField(propertyName)
.getAnnotation(TableField.class);
if (tableField != null && tableField.fill() == FieldFill.UPDATE) {
Object value = metaObject.getValue(propertyName);
if (value != null && value instanceof String) {
metaObject.setValue(propertyName, encrypt((String) value));
}
}
}
}
}
return invocation.proceed();
}
private String encrypt(String content) throws Exception {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed(AES_KEY.getBytes());
keygen.init(128, random);
SecretKey secretKey = keygen.generateKey();
byte[] enCodeFormat = secretKey.getEncoded();
SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
Cipher cipher = Cipher.getInstance("AES");
byte[] byteContent = content.getBytes(CHARSET);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] byteRresult = cipher.doFinal(byteContent);
return Base64.encodeBase64String(byteRresult);
}
}
```
4. 在配置文件中配置Mybatis-plus的加密拦截器和自动填充功能:
```yaml
mybatis-plus:
global-config:
meta-object-handler: com.example.demo.handler.MyMetaObjectHandler
configuration:
map-underscore-to-camel-case: true
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
interceptors:
- com.example.demo.interceptor.EncryptInterceptor
```
5. 在需要加密的字段上添加`@TableField(fill = FieldFill.INSERT_UPDATE)`注解,例如:
```java
@TableField(fill = FieldFill.INSERT_UPDATE)
private String password;
```
通过以上步骤,就可以在Spring Boot中配置Mybatis-plus加密拦截器了。注意,在实际应用中,需要对加密算法、加密密钥等进行更加严格的保护。
阅读全文