使用前必看
加密后字段不可以进行like查询
加密字段以及涉及的表,代码中需改成小写,数据库表定义也需改成小写
jar包引入
mybatis-spring-boot-starter升级为2.2.2
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.2</version>
<exclusions>
<exclusion>
<artifactId>mybatis</artifactId>
<groupId>org.mybatis</groupId>
</exclusion>
<exclusion>
<artifactId>mybatis-spring</artifactId>
<groupId>org.mybatis</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>shardingsphere-jdbc-core-spring-boot-starter</artifactId>
<version>5.1.0</version>
<exclusions>
<exclusion>
<artifactId>shardingsphere-encrypt-spring-boot-starter</artifactId>
<groupId>org.apache.shardingsphere</groupId>
</exclusion>
<exclusion>
<artifactId>shardingsphere-jdbc-core</artifactId>
<groupId>org.apache.shardingsphere</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>shardingsphere-encrypt-spring-boot-starter</artifactId>
<version>5.1.0</version>
<exclusions>
<exclusion>
<artifactId>shardingsphere-encrypt-core</artifactId>
<groupId>org.apache.shardingsphere</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<artifactId>shardingsphere-encrypt-core</artifactId>
<groupId>org.apache.shardingsphere.rx</groupId>
<version>5.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>shardingsphere-jdbc-core</artifactId>
<version>5.1.0</version>
<exclusions>
<exclusion>
<artifactId>shardingsphere-encrypt-core</artifactId>
<groupId>org.apache.shardingsphere</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>shardingsphere-encrypt-api</artifactId>
<version>5.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>shardingsphere-encrypt-distsql-parser</artifactId>
<version>5.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>shardingsphere-encrypt-distsql-handler</artifactId>
<version>5.1.0</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>22.0</version>
</dependency>
common包升级
<dependency>
<groupId>com.chinaunicom.rxcx</groupId>
<artifactId>common</artifactId>
<version>0.0.7-encry-sensitive-SNAPSHOT</version>
<exclusions>
<exclusion>
<artifactId>mybatis-spring-boot-starter</artifactId>
<groupId>org.mybatis.spring.boot</groupId>
</exclusion>
</exclusions>
</dependency>
bootstrap.yml 【引入sharding-jdbc配置】
spring:
cloud:
nacos:
config:
extension-configs:
- data-id: host-shared-jdbc.yml
group: rxcx
refresh: true
配置文件内容
spring:
shardingsphere:
datasource:
ds:
type: com.zaxxer.hikari.HikariDataSource
driver-class-name: com.mysql.cj.jdbc.Driver
jdbc-url: jdbc:mysql://rx.mysql.com:3306/zhcd_security_service?autoReconnect=true&failOverReadOnly=false&seUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&serverTimezone=Asia/Shanghai
password: gwc.LTTEST123
username: rxcx
names: ds
rules:
encrypt:
encryptors:
name-encryptor:
props:
#aes加密密钥
aes-key-value: hello@aes.username
#aes加密类型
type: AES
sm4-encryptor:
props:
sm4-padding: PKCS5Padding
#加密模式
sm4-mode: ECB
#国密加密密钥
sm4-key : 66b77319f642d2642fd334cf1a2f21a0
#使用国密sm4加密
type: sm4
tables:
#加密表
audit_log:
columns:
#加密表字段
user_name:
#加密字段,存储列
cipher-column: user_name
#加密方案
encryptor-name: sm4-encryptor
#使用密文列查询
queryWithCipherColumn: true
app_user_basic:
columns:
id_card:
\#plainColumn: id_card
cipher-column: id_card
encryptor-name: sm4-encryptor
real_name:
cipher-column: real_name
encryptor-name: sm4-encryptor
mobile_cmpp:
cipher-column: mobile_cmpp
encryptor-name: sm4-encryptor
queryWithCipherColumn: true
driver_info:
columns:
driving_license_id:
cipher-column: driving_license_id
encryptor-name: sm4-encryptor
queryWithCipherColumn: true
props:
#显示sql
sql-show: true
queryWithCipherColumn: true
隐位处理
注意:返回值,必须为实体对象,禁止使用map
隐位策略
隐位策略SensitiveStrategy
USERNAME 用户名
ID_CARD 身份证号
PHONE 手机号
BANK_CARD 银行卡号
REAL_NAME 真实名称
EMAIL 邮箱
ADDRESS 地址
CAR_NUMBER 车牌号
使用注解
@Sensitive(strategy = SensitiveStrategy.EMAIL)
// 隐位字段
private String email;
//原文加密字段
private String emailEncrypt;
//设置原文加密字段
public void setEmail(String email) {
this.email = email;
this.emailEncrypt = Sm4Util.encrypt(email);
}
//获取原文加密字段
public String getEmailEncrypt() {
return emailEncrypt;
}
增加配置
biz:
integration:
sensitive:
#true打开隐位 ,false关闭隐位
enabled: true
手动脱敏
使用DesensitizedUtils手动脱敏
单对象脱敏
UserVO s = DesensitizedUtils.getObj(v);
list脱敏
DesensitizedUtils.getList(sd))
@Test
public void sensitive(){
UserVO v = new UserVO();
v.setName("立场平时");
v.setCustomer("dsfdsfkdsjfkdsfjkdsjfkds");
UserVO s = DesensitizedUtils.getObj(v);
System.out.println(JSON.toJSONString(s));
List sd = new ArrayList<>();
sd.add(v);
System.out.println(JSON.toJSONString(DesensitizedUtils.getList(sd)));
}