首先感谢
RayPickhttps://blog.csdn.net/weixin_44388689业务上有张用户表,表中存储了用户名和登录密码,在这边假如只针对登录密码字段加密。
首先,先配置自定义Typehandler:
import lombok.SneakyThrows;
import org.apache.ibatis.type.JdbcType;
import org.apache.ibatis.type.TypeHandler;
import java.sql.CallableStatement;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class AesTypeHandler implements TypeHandler<String> {
@SneakyThrows
@Override
public void setParameter(PreparedStatement ps, int i, String parameter, JdbcType jdbcType) {
ps.setString(i, AESUtil.encrypt(parameter));
}
@Override
public String getResult(ResultSet rs, String columnName) throws SQLException {
return AESUtil.decrypt(rs.getString(columnName));
}
@Override
public String getResult(ResultSet rs, int columnIndex) throws SQLException {
return AESUtil.decrypt(rs.getString(columnIndex));
}
@Override
public String getResult(CallableStatement cs, int columnIndex) throws SQLException {
return AESUtil.decrypt(cs.getString(columnIndex));
}
}
再配置一个AESUtil类:
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.CommandLineRunner;
import org.springframework.context.EnvironmentAware;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
@Component
@Slf4j
public class AESUtil implements CommandLineRunner, EnvironmentAware {
/**
* 加密用的Key 可以用26个字母和数字组成
* 此处使用AES-128-CBC加密模式,key需要为16位。
*/
public static String S_KEY;
public static String IV_PARAMETER;
private Environment environment;
/**
* 加密
*
* @param sSrc
* @return
* @throws Exception
*/
public static String encrypt(String sSrc) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] raw = S_KEY.getBytes();
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
IvParameterSpec iv = new IvParameterSpec(IV_PARAMETER.getBytes());//使用CBC模式,需要一个向量iv,可增加加密算法的强度
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] encrypted = cipher.doFinal(sSrc.getBytes(StandardCharsets.UTF_8));
return new BASE64Encoder().encode(encrypted);//此处使用BASE64做转码。
}
/**
* 解密
*
* @param sSrc
* @return
*/
public static String decrypt(String sSrc) {
try {
byte[] raw = S_KEY.getBytes(StandardCharsets.UTF_8);
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec iv = new IvParameterSpec(IV_PARAMETER.getBytes());
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] encrypted1 = new BASE64Decoder().decodeBuffer(sSrc);//先用base64解密
byte[] original = cipher.doFinal(encrypted1);
return new String(original, StandardCharsets.UTF_8);
} catch (Exception ex) {
return null;
}
}
@Override
public void run(String... args) {
AESUtil.S_KEY = environment.getProperty("internal.aes.key");
AESUtil.IV_PARAMETER = environment.getProperty("internal.aes.iv");
}
@Override
public void setEnvironment(Environment env) {
this.environment = env;
}
}
接下来是重点:
在mybatis-config中配置:
<typeHandlers>
<package name="com.ruoyi.resever.util.AesTypeHandler"></package>
</typeHandlers>
在application.yml中配置:
AES_key后面的字段随便写,但是要注意:这个字段必须要前后端统一,不然双方加密解密后会不相同。(前端的部分在这里)目前只针对后端的话可以随便写。
internal:
aes:
key: ${AES_KEY:unicomecssunicom}
iv: ${AES_IV:1234567890123456}
接下来是SQL部分,这部分也是重点:
首先,这部分涉及到两个部分,一个是登录,一个是注册。分别对应的SQL是select和insert语句
在resultMap需要加密的字段上添加typehandler。
<resultMap type="com.ruoyi.resever.domain.Member" id="MemberResult">
<result property="id" column="id" />
<result property="fileNumber" column="file_number" />
<result property="idCard" column="id_card" />
<result property="password" column="password" typeHandler="com.ruoyi.resever.util.AesTypeHandler" javaType="java.lang.String" jdbcType="VARCHAR"/>
<result property="phoneNumber" column="phone_number" />
<result property="name" column="name" />
<result property="sex" column="sex" />
<result property="birthday" column="birthday" />
<result property="nation" column="nation" />
<result property="age" column="age" />
<result property="email" column="email" />
<result property="marriage" column="marriage" />
<result property="occupation" column="occupation" />
<result property="education" column="education" />
<result property="nativePalace" column="native_palace" />
<result property="healthManager" column="health_manager" />
<result property="status" column="status" />
<result property="remark" column="remark" />
<result property="delFlag" column="del_flag" />
<result property="createBy" column="create_by" />
<result property="createTime" column="create_time" />
<result property="updateBy" column="update_by" />
<result property="updateTime" column="update_time" />
<result property="info" column="info" />
</resultMap>
注册功能:涉及到插入数据库部分,这部分就是数据加密的部分,这样数据入库的时候是加密的,在传过来的密码的参数位置配上typehandler属性:
<insert id="insertMember" parameterType="com.ruoyi.resever.domain.Member" useGeneratedKeys="true" keyProperty="id" >
insert into t_member
<trim prefix="(" suffix=")" suffixOverrides=",">
<if test="fileNumber != null">file_number,</if>
<if test="idCard != null">id_card,</if>
<if test="password != null">password,</if>
<if test="phoneNumber != null">phone_number,</if>
<if test="name != null">name,</if>
<if test="sex != null">sex,</if>
<if test="birthday != null">birthday,</if>
<if test="nation != null">nation,</if>
<if test="age != null">age,</if>
<if test="email != null">email,</if>
<if test="marriage != null">marriage,</if>
<if test="occupation != null">occupation,</if>
<if test="education != null">education,</if>
<if test="nativePalace != null">native_palace,</if>
<if test="healthManager != null">health_manager,</if>
<if test="status != null">status,</if>
<if test="remark != null">remark,</if>
<if test="delFlag != null">del_flag,</if>
<if test="createBy != null">create_by,</if>
<if test="createTime != null">create_time,</if>
<if test="updateBy != null">update_by,</if>
<if test="updateTime != null">update_time,</if>
</trim>
<trim prefix="values (" suffix=")" suffixOverrides=",">
<if test="fileNumber != null">#{fileNumber},</if>
<if test="idCard != null">#{idCard},</if>
<if test="password != null">#{password,typeHandler=com.ruoyi.resever.util.AesTypeHandler,jdbcType=VARCHAR,javaType=java.lang.String},</if>
<if test="phoneNumber != null">#{phoneNumber},</if>
<if test="name != null">#{name},</if>
<if test="sex != null">#{sex},</if>
<if test="birthday != null">#{birthday},</if>
<if test="nation != null">#{nation},</if>
<if test="age != null">#{age},</if>
<if test="email != null">#{email},</if>
<if test="marriage != null">#{marriage},</if>
<if test="occupation != null">#{occupation},</if>
<if test="education != null">#{education},</if>
<if test="nativePalace != null">#{nativePalace},</if>
<if test="healthManager != null">#{healthManager},</if>
<if test="status != null">#{status},</if>
<if test="remark != null">#{remark},</if>
<if test="delFlag != null">#{delFlag},</if>
<if test="createBy != null">#{createBy},</if>
<if test="createTime != null">#{createTime},</if>
<if test="updateBy != null">#{updateBy},</if>
<if test="updateTime != null">#{updateTime},</if>
</trim>
</insert>
而在登录的时候,就是select语句中,这部分就是查询解密,同样如上:
<select id="getInfoByLogin" resultMap="MemberResult">
<include refid="selectMemberVo"/>
where phone_number=#{phoneNumber} and password =#{password,typeHandler=com.ruoyi.resever.util.AesTypeHandler,jdbcType=VARCHAR,javaType=java.lang.String} and del_flag = '0'
</select>
以上配置完成之后,数据入库就是加密状态,查询的时候就解密了。