I. Introduction
In the actual software system development process, due to business needs, in the code level to achieve data desensitization or far from enough, often also need to be in the database level for some key sensitive information, such as: ID card number, bank card number, cell phone number, salary and other information encrypted storage, to achieve the true meaning of the data obfuscation and desensitization to meet the needs of information security.
So how do we achieve this quickly in the actual business development process?
Today, through this article, we come together to understand how to quickly realize the encryption and decryption of data in Spring Boot. Not much to say, directly jack code!
II. Programmatic practices
In the Spring Boot ecosystem, there is a very powerful open source framework: Apache ShardingSphere.
It is a distributed SQL transaction and query engine that can augment any database with data sharding, elastic scaling, encryption and other capabilities. We can use its data desensitization module to quickly implement encryption and decryption operations on SQL fields.
If the current project is developed with Spring Boot, the integration can be seamless and there will be very little modification to the original system.
Here's an example of the user table togetherShardingSphere
The implementation process of data encryption and decryption of the
2.1 Create user table
First, create a user table in the database, the sample script is as follows!
CREATE TABLE user (
id bigint(20) NOT NULL COMMENT 'subscribersID',
email varchar(255) NOT NULL DEFAULT '' COMMENT 'mails',
nick_name varchar(255) DEFAULT NULL COMMENT 'term of endearment',
pass_word varchar(255) NOT NULL DEFAULT '' COMMENT 'secondary code',
reg_time varchar(255) NOT NULL DEFAULT '' COMMENT 'Registration Time',
user_name varchar(255) NOT NULL DEFAULT '' COMMENT 'subscribers名',
salary varchar(255) DEFAULT NULL COMMENT 'basic salary',
PRIMARY KEY (id) USING BTREE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
2.2. Create a springboot project and add dependencies.
Next, create a Spring Boot project and add the relevant dependency packages, as shown in the following example:
<dependencies>
<!--spring bootcrux-->
<dependency>
<groupId></groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<!--spring boot beta (software)-->
<dependency>
<groupId></groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--springmvc web-->
<dependency>
<groupId></groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--mysql data sources-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!--mybatis be in favor of-->
<dependency>
<groupId></groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
<!--shardingspheredata slice、Desensitization tools-->
<dependency>
<groupId></groupId>
<artifactId>sharding-jdbc-spring-boot-starter</artifactId>
<version>4.1.0</version>
</dependency>
<dependency>
<groupId></groupId>
<artifactId>sharding-jdbc-spring-namespace</artifactId>
<version>4.1.0</version>
</dependency>
</dependencies>
2.3 Add relevant configuration
existfile, add the
shardingsphere
Configure it to desensitize a table.
=8080
=log
#shardingsphere data source integration
=ds
=
-class-name=
-url=jdbc:mysql://127.0.0.1:3306/test
=xxxx
=xxxx
#Encryption method, key configuration
.encryptor_aes.type=aes
.encryptor_aes.=hkiqAXU6Ur5fixGHaO4Lb2V2ggausYwW
#plainColumn for plaintext columns, cipherColumn for desensitized columns
=
=salary
#.pass_word.assistedQueryColumn=
= encryptor_aes
#.pass_word.assistedQueryColumn= =encryptor_aes
=true
=true
#Configuration based on xml methods
-locations=classpath:mapper/*.xml
The configuration information for a couple of them is more important, theis the table to be desensitized.
user
is the table name.salary
indicateuser
The true column in the table whereplainColumn
Referring to an explicit list.cipherColumn
refers to the desensitized columns, if it is a new project, only the desensitized columns need to be configured!
A sample configuration is shown below!
# Used to tell ShardingSphere which columns in the data table are used to store plaintext data
=
# Used to tell ShardingSphere which column in the datasheet is used to store ciphertext data
= =salary
# Used to tell ShardingSphere which column in the datasheet to use for storing auxiliary query data
=salary
# Used to tell which column in the ShardingSphere data table is used to encrypt and decrypt using which algorithm
=encryptor_aes
2.4. Writing the data persistence layer
Then, a data persistence layer is written for data storage and query operations.
<mapper namespace="" >
<resultMap id="BaseResultMap" type="" >
<id column="id" property="id" jdbcType="BIGINT" />
<result column="email" property="email" jdbcType="VARCHAR" />
<result column="nick_name" property="nickName" jdbcType="VARCHAR" />
<result column="pass_word" property="passWord" jdbcType="VARCHAR" />
<result column="reg_time" property="regTime" jdbcType="VARCHAR" />
<result column="user_name" property="userName" jdbcType="VARCHAR" />
<result column="salary" property="salary" jdbcType="VARCHAR" />
</resultMap>
<select id="findAll" resultMap="BaseResultMap">
SELECT * FROM user
</select>
<insert id="insert" parameterType="">
INSERT INTO user(id,email,nick_name,pass_word,reg_time,user_name, salary)
VALUES(#{id},#{email},#{nickName},#{passWord},#{regTime},#{userName}, #{salary})
</insert>
</mapper>
public interface UserMapperXml {
/**
* Query all information
* @return
*/
List<UserEntity> findAll();
/**
* New data
* @param user
*/
void insert(UserEntity user);
}
public class UserEntity {
private Long id;
private String email;
private String nickName;
private String passWord;
private String regTime;
private String userName;
private String salary;
//an omissionset、get...
}
2.5 Unit testing
Finally, we write a unit test to verify that the code is correct.
Write a service-enabling program
@SpringBootApplication
@MapperScan("")
public class ShardingSphereApplication {
public static void main(String[] args) {
(, args);
}
}
Writing Unit Tests
@RunWith()
@SpringBootTest(classes = )
public class UserTest {
@Autowired
private UserMapperXml userMapperXml;
@Test
public void insert() throws Exception {
UserEntity entity = new UserEntity();
(3l);
("123@");
("Ah-Sam (1930-), third governor of *");
("123");
("2021-10-10 00:00:00");
("John Doe");
("2500");
(entity);
}
@Test
public void query() throws Exception {
List<UserEntity> dataList = ();
((dataList));
}
}
After inserting the data, as shown below, the data stored in the database is encrypted!
Let's move on and run the query service, the result is shown below, the data was successfully decrypted!
The biggest advantage of using the configuration method is that the desensitization of certain data table fields can be accomplished directly by configuring the desensitization column, which is very convenient.
III. Summary
When there is a need to desensitize certain data table fields, it can be quickly implemented using the Apache ShardingSphere framework.
But there's one detail that's easy to miss, and that's the field type, for examplesalary
field, according to the conventional, it is easy to think of using a numeric type, but it is not, to know that after encryption of the data are a string of garbled code, numeric type is certainly not able to store the string, so in the definition of the time, this should be kept in mind.
I hope the above examples will help!
Sample code:spring-boot-example-shardingsphere