MyBatis-Plus数据安全保护(加密解密)

news/2024/10/30 23:16:55/
  1. 项目创建
  2. POM依赖
    <dependency><!--MyBatis-Plus 企业级模块--><groupId>com.baomidou</groupId><artifactId>mybatis-mate-starter</artifactId><version>1.2.8</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.bouncycastle/bctls-jdk15on -->
    <dependency><!--SM2 SM3 SM4 加密算法依赖--><groupId>org.bouncycastle</groupId><artifactId>bctls-jdk15on</artifactId><version>1.70</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.jasypt/jasypt -->
    <dependency><!--混合加密算法依赖--><groupId>org.jasypt</groupId><artifactId>jasypt</artifactId><version>1.9.3</version>
    </dependency>
  3. YML配置
    spring:datasource:# 配置安全:https://blog.csdn.net/tongxin_tongmeng/article/details/128664932url: mpw:IlcV2VrLIr+z3ruf0oHP1sV3JuEvntw9QZDEYhQWDNHJ9Xkm7qZokxkEeTCPNqmausername: mpw:aoVz0lDJNymnmrhw6LkQow==password: mpw:StRVtLG7vB6iKVt83du7fw==driver-class-name: com.mysql.cj.jdbc.Driver# Mybatis Mate 配置
    mybatis-mate:cert:# 请添加微信wx153666购买授权,不白嫖从我做起! 测试证书会失效,请勿正式环境使用grant: thisIsTestLicenselicense: TtY9GC88CzSkEmUhzIyvM2MJKvsgPyxoNCExH4/GhaBwuTQ93aeLaR6/dM49wMSk+oQdmqUibCM8b5H74s1Nx+2C5V3U1gKiLtddVc8Eg8oC1F2nLxOiDKDvPpdxWFGsPW6mQE2LDr+tK8GXpFS3N8xwmYy/gHCwQ4Avqp9JqBbke7pZzL2adIlxYHmCYpfNTN+NRHIEFaGFTBlzZHDb3UfJaeqLaAtWBol0QOPEM69Kz3JSemxBHnEO1ID75bwwmkgqC7Ps4z9iYAK9GLzzaPwSiFELNCmIvwa5YSJLxP9NMQUWbVGIRqehxnVqfgx/68+yIfpByqGTMxLR33yeEQ==# 全局配置加密算法密钥encryptor:# MD5_32 MD5_16 BASE64 AES SM2 SM3 SM4 需要 password,其他加密算法需要 password publicKey privateKeypassword: mybatis-mate-encryptor-password-666publicKey: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEOCMScPeNaJ0DP9N9vd/fXwPGUVnuxeGPpRePXfWuX/X/Yk5IMhwEfYLXictxQk/oAqGnqtDuS/PCL/7mqL+8wFSYnWWErCSkDdT6LjyD07l9dWv+Xj1UTEjP24sEgYA92f4AZyvhsw8I/Bj6a9a30r+kVOGoEZgGMf2c2xK4CQIDAQABprivateKey: MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIQ4IxJw941onQM/0329399fA8ZRWe7F4Y+lF49d9a5f9f9iTkgyHAR9gteJy3FCT+gCoaeq0O5L88Iv/uaov7zAVJidZYSsJKQN1PouPIPTuX11a/5ePVRMSM/biwSBgD3Z/gBnK+GzDwj8GPpr1rfSv6RU4agRmAYx/ZzbErgJAgMBAAECgYBAlFK9DSQ8k14tWh1oizcvmO71DIMKluhHCvHo+pGnLAOxS0jFBoScxNkFga42kZcJ0U8337zQx5Q1ws+TxdRwHxQO889ZGQH3kOFB0ErUMTgFrTOakZhV0dMWzebkYitNcduSKZ1yfgM5ekF9k3owPIQhUNy8eXjagiLLb9/woQJBALwofOx+fuanQLC1yotFqYAx0XED9EpVPhS/G8mc4dZSNWZ548bIyq3ozP0CoHqriQo/X3NVzIJOU3rhn92fwj0CQQCz5FaeHzSqe1H4bTxzwgR5BUHttxrAPtktwfgCRgaSrZByjFldtP/dGaJmjR2Vzp848WcusJZlSlaLTfndm6W9AkEAoSxlZgctGNKn3Ta7mvU/Lmp+J7rlZU8DcK4LVXYnFXkx+OfsLvkMdE/4V7oKUUnih36lepxCJFSHubjPQf55WQJBAIUa8yxUkreCQAi9avmMGZsiVMH7tgOBfVjqKQQlpD9rxXG8f3Nitd93VD7lM3rhQ9byaBKX/vA7rQWuUK+0t1ECQDTGhLRJFZK4J7UGklTX94pknM/5rO3N/JPkFJcGilbgzkqy0s13D1K+8cR0qTn2DPW8vPoLQpVGuaATTTmMdvg=
    
    @SpringBootTest
    class MybatisPlusApplicationTests {@Testvoid contextLoads() throws Exception {Map<String, Key> keyMap = RSA.genKeyPair();String publicKey = RSA.getPublicKey(keyMap);String privateKey = RSA.getPrivateKey(keyMap);System.out.println("publicKey========="+publicKey);System.out.println("privateKey========="+privateKey);}}注意:password为任意字符串,publicKey和privateKey通过如上方法生成
  4. SQL脚本
    CREATE TABLE `encrypt` (`id` bigint NOT NULL COMMENT '主键ID',`MD5_32` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'MD5_32',`MD5_16` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'MD5_16',`BASE64` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'BASE64',`AES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'AES',`RSA` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'RSA',`SM2` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM2',`SM3` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM3',`SM4` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM4',`PBEWithMD5AndDES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithMD5AndDES',`PBEWithMD5AndTripleDES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithMD5AndTripleDES',`PBEWithHMACSHA512AndAES_256` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithHMACSHA512AndAES_256',`PBEWithSHA1AndDESede` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithSHA1AndDESede',`PBEWithSHA1AndRC2_40` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithSHA1AndRC2_40',PRIMARY KEY (`id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
  5. 代码生成(MybatisX)
    @RestController
    @RequestMapping("/encrypt")
    public class EncryptController {@Autowiredprivate EncryptService encrtptService;@PostMapping("/create")public Boolean create(@RequestBody Encrypt encrypt) {return encrtptService.save(encrypt);}@GetMapping("/get")public Encrypt get(@RequestBody Encrypt encrypt) {return encrtptService.getById(encrypt.getId());}@GetMapping("/getAll")public List<Encrypt> getAll() {return encrtptService.list();}@PutMapping("/update")public Boolean update(@RequestBody Encrypt encrypt) {return encrtptService.updateById(encrypt);}@DeleteMapping("/delete")public Boolean delete(@RequestBody Encrypt encrypt) {return encrtptService.removeById(encrypt);}@DeleteMapping("/deleteAll")public Boolean deleteAll() {return encrtptService.remove(new QueryWrapper<>());}}
  6. 加密算法
  7. 字段加密(@FieldEncrypt)
    /**** @TableName encrypt*/
    @TableName(value ="encrypt")
    @Data
    public class Encrypt implements Serializable {/*** 主键ID*/@TableId(value = "id")private Long id;/*** MD5_32*/@FieldEncrypt(algorithm = Algorithm.MD5_32)@TableField(value = "MD5_32")private String md532;/*** MD5_16*/@FieldEncrypt(algorithm = Algorithm.MD5_16)@TableField(value = "MD5_16")private String md516;/*** BASE64*/@FieldEncrypt(algorithm = Algorithm.BASE64)@TableField(value = "BASE64")private String base64;/*** AES*/@FieldEncrypt(algorithm = Algorithm.AES)@TableField(value = "AES")private String aes;/*** RSA*/@FieldEncrypt(algorithm = Algorithm.RSA)@TableField(value = "RSA")private String rsa;/*** SM2*/@FieldEncrypt(algorithm = Algorithm.SM2)@TableField(value = "SM2")private String sm2;/*** SM3*/@FieldEncrypt(algorithm = Algorithm.SM3)@TableField(value = "SM3")private String sm3;/*** SM4*/@FieldEncrypt(algorithm = Algorithm.SM4)@TableField(value = "SM4")private String sm4;/*** PBEWithMD5AndDES*/@FieldEncrypt(algorithm = Algorithm.PBEWithMD5AndDES)@TableField(value = "PBEWithMD5AndDES")private String pbewithmd5anddes;/*** PBEWithMD5AndTripleDES*/@FieldEncrypt(algorithm = Algorithm.PBEWithMD5AndTripleDES)@TableField(value = "PBEWithMD5AndTripleDES")private String pbewithmd5andtripledes;/*** PBEWithHMACSHA512AndAES_256*/@FieldEncrypt(algorithm = Algorithm.PBEWithHMACSHA512AndAES_256)@TableField(value = "PBEWithHMACSHA512AndAES_256")private String pbewithhmacsha512andaes256;/*** PBEWithSHA1AndDESede*/@FieldEncrypt(algorithm = Algorithm.PBEWithSHA1AndDESede)@TableField(value = "PBEWithSHA1AndDESede")private String pbewithsha1anddesede;/*** PBEWithSHA1AndRC2_40*/@FieldEncrypt(algorithm = Algorithm.PBEWithSHA1AndRC2_40)@TableField(value = "PBEWithSHA1AndRC2_40")private String pbewithsha1andrc240;@TableField(exist = false)private static final long serialVersionUID = 1L;@Overridepublic boolean equals(Object that) {if (this == that) {return true;}if (that == null) {return false;}if (getClass() != that.getClass()) {return false;}Encrypt other = (Encrypt) that;return (this.getId() == null ? other.getId() == null : this.getId().equals(other.getId()))&& (this.getMd532() == null ? other.getMd532() == null : this.getMd532().equals(other.getMd532()))&& (this.getMd516() == null ? other.getMd516() == null : this.getMd516().equals(other.getMd516()))&& (this.getBase64() == null ? other.getBase64() == null : this.getBase64().equals(other.getBase64()))&& (this.getAes() == null ? other.getAes() == null : this.getAes().equals(other.getAes()))&& (this.getRsa() == null ? other.getRsa() == null : this.getRsa().equals(other.getRsa()))&& (this.getSm2() == null ? other.getSm2() == null : this.getSm2().equals(other.getSm2()))&& (this.getSm3() == null ? other.getSm3() == null : this.getSm3().equals(other.getSm3()))&& (this.getSm4() == null ? other.getSm4() == null : this.getSm4().equals(other.getSm4()))&& (this.getPbewithmd5anddes() == null ? other.getPbewithmd5anddes() == null : this.getPbewithmd5anddes().equals(other.getPbewithmd5anddes()))&& (this.getPbewithmd5andtripledes() == null ? other.getPbewithmd5andtripledes() == null : this.getPbewithmd5andtripledes().equals(other.getPbewithmd5andtripledes()))&& (this.getPbewithhmacsha512andaes256() == null ? other.getPbewithhmacsha512andaes256() == null : this.getPbewithhmacsha512andaes256().equals(other.getPbewithhmacsha512andaes256()))&& (this.getPbewithsha1anddesede() == null ? other.getPbewithsha1anddesede() == null : this.getPbewithsha1anddesede().equals(other.getPbewithsha1anddesede()))&& (this.getPbewithsha1andrc240() == null ? other.getPbewithsha1andrc240() == null : this.getPbewithsha1andrc240().equals(other.getPbewithsha1andrc240()));}@Overridepublic int hashCode() {final int prime = 31;int result = 1;result = prime * result + ((getId() == null) ? 0 : getId().hashCode());result = prime * result + ((getMd532() == null) ? 0 : getMd532().hashCode());result = prime * result + ((getMd516() == null) ? 0 : getMd516().hashCode());result = prime * result + ((getBase64() == null) ? 0 : getBase64().hashCode());result = prime * result + ((getAes() == null) ? 0 : getAes().hashCode());result = prime * result + ((getRsa() == null) ? 0 : getRsa().hashCode());result = prime * result + ((getSm2() == null) ? 0 : getSm2().hashCode());result = prime * result + ((getSm3() == null) ? 0 : getSm3().hashCode());result = prime * result + ((getSm4() == null) ? 0 : getSm4().hashCode());result = prime * result + ((getPbewithmd5anddes() == null) ? 0 : getPbewithmd5anddes().hashCode());result = prime * result + ((getPbewithmd5andtripledes() == null) ? 0 : getPbewithmd5andtripledes().hashCode());result = prime * result + ((getPbewithhmacsha512andaes256() == null) ? 0 : getPbewithhmacsha512andaes256().hashCode());result = prime * result + ((getPbewithsha1anddesede() == null) ? 0 : getPbewithsha1anddesede().hashCode());result = prime * result + ((getPbewithsha1andrc240() == null) ? 0 : getPbewithsha1andrc240().hashCode());return result;}@Overridepublic String toString() {StringBuilder sb = new StringBuilder();sb.append(getClass().getSimpleName());sb.append(" [");sb.append("Hash = ").append(hashCode());sb.append(", id=").append(id);sb.append(", md532=").append(md532);sb.append(", md516=").append(md516);sb.append(", base64=").append(base64);sb.append(", aes=").append(aes);sb.append(", rsa=").append(rsa);sb.append(", sm2=").append(sm2);sb.append(", sm3=").append(sm3);sb.append(", sm4=").append(sm4);sb.append(", pbewithmd5anddes=").append(pbewithmd5anddes);sb.append(", pbewithmd5andtripledes=").append(pbewithmd5andtripledes);sb.append(", pbewithhmacsha512andaes256=").append(pbewithhmacsha512andaes256);sb.append(", pbewithsha1anddesede=").append(pbewithsha1anddesede);sb.append(", pbewithsha1andrc240=").append(pbewithsha1andrc240);sb.append(", serialVersionUID=").append(serialVersionUID);sb.append("]");return sb.toString();}
    }
  8. 加密测试
    加密前:
    {"md532": "md532","md516": "md516","base64": "base64","aes": "aes","rsa": "rsa","sm2": "sm2","sm3": "sm3","sm4": "sm4","pbewithmd5anddes": "pbewithmd5anddes","pbewithmd5andtripledes": "pbewithmd5andtripledes","pbewithhmacsha512andaes256": "pbewithhmacsha512andaes256","pbewithsha1anddesede": "pbewithsha1anddesede","pbewithsha1andrc240": "pbewithsha1andrc240"
    }注意:调用控制器接口向数据库插入数据

    加密后:
    {"id": "1614832069533679617","md532": "0ed5449e148dfaac16d1247667d62554","md516": "838026c17d7ac626","base64": "YmFzZTY0","aes": "3420e2d91b8f913bb035258e5013cc6f","rsa": "FqVQIe05Q/usNmZZWA9omCf63WYbhT7z4Qsrpvr+RsWv70vV3hVK5sV1/HZvQL6uI9pU0dkdPDEwIzn0DCJIoVKCW3l7fubdOkjOgaqxv5tIdcLmZFl9XivzA6sDhSIzitFLAj4OJu2HgbF1fNDoVEdYqAD7BEMeNeCyQYyjNQk=","sm2": "sm2","sm3": "d0c7f21dc640a69786764d688920d4d968a103a437a6159b9e7cc7c4b826b8ac","sm4": "sm4","pbewithmd5anddes": "q30eLvs6615ATdqtscdIpSdZLgC+vg1/+8mLzeD2INo=","pbewithmd5andtripledes": "PjjKX2OkRE2D/mz3UZLTXXAsLkjuAk6rF8l4WVz/CaE=","pbewithhmacsha512andaes256": "N5GESK0bGjLsJGO4DadbUMNzPo6ov/svzNHCZg0S4gmrsMLSDMLHDO/6ZrPNsYhpBTR53Xmksi9fxwSU5ScshQ==","pbewithsha1anddesede": "1kGvVHNUKDbwYG1ZnLhaK2QPre3jFddM3tB6MQETzwE=","pbewithsha1andrc240": "my9MZrkBSRtwgV6/MjAjwug7HB/lKHTMzmZJeUOrCQY="
    }注意:数据库存储内容为密文,其中SM2与SM4加密失败,其他算法加密成功

    解密后:
    {"id": 1614832069533679617,"md532": "0ed5449e148dfaac16d1247667d62554","md516": "838026c17d7ac626","base64": "base64","aes": "aes","rsa": "rsa","sm2": "sm2","sm3": "d0c7f21dc640a69786764d688920d4d968a103a437a6159b9e7cc7c4b826b8ac","sm4": "sm4","pbewithmd5anddes": "pbewithmd5anddes","pbewithmd5andtripledes": "pbewithmd5andtripledes","pbewithhmacsha512andaes256": "pbewithhmacsha512andaes256","pbewithsha1anddesede": "pbewithsha1anddesede","pbewithsha1andrc240": "pbewithsha1andrc240"
    }注意:调用控制器接口查询数据,查询结果为加密前数据,其中MD5_32 MD5_16 SM3仍是密文,说明这三种算法不可逆

  9. 自定义算法

    注意:自定义加密算法需实现IEncryptor接口,IEncryptor接口可有多个实现类,但只能有一个实现类添加@Component注解,添加
    @Component注解便启用自定义加密算法,一旦启用自定义加密算法,那么项目中所有@FieldEncrypt加密的字段都将使用自定义加密
    算法进行加密,其他算法均不再生效,如下CustomEncryptor自定义加密算法,加密时"##$$##=="+plaintext+"--&&$$&&"实现加密,
    解密时encrypt.replace("##$$##==", "").replace("--&&$$&&", "")实现解密
    // 自定义加密算法,这里为开启使用默认加密库
    @Component
    public class CustomEncryptor implements IEncryptor {/*** 加密** @param algorithm  算法* @param password   密码(对称加密算法密钥)* @param plaintext  明文* @param publicKey  非对称加密算法(公钥)* @param metaObject {@link MetaObject}* @return*/@Overridepublic String encrypt(Algorithm algorithm, String password, String publicKey, String plaintext, Object metaObject) {if (metaObject instanceof MetaObject) {// _metaObject为加密字段所属对象,可通过已知属性名获取属性值,_metaObject.getValue("属性名")MetaObject _metaObject = ((MetaObject) metaObject);}return "##$$##=="+plaintext+"--&&$$&&";}/*** 解密** @param algorithm  算法* @param password   密码(对称加密算法密钥)* @param encrypt    密文* @param privateKey 非对称加密算法(私钥)* @param metaObject {@link MetaObject}* @return*/@Overridepublic String decrypt(Algorithm algorithm, String password, String privateKey, String encrypt, Object metaObject) {if (metaObject instanceof MetaObject) {// _metaObject为加密字段所属对象,可通过已知属性名获取属性值,_metaObject.getValue("属性名")MetaObject _metaObject = ((MetaObject) metaObject);}return encrypt.replace("##$$##==", "").replace("--&&$$&&", "");}
    }


http://www.ppmy.cn/news/12733.html

相关文章

价值创造链路及经营计划

“价值创造过程最主要的环节是建立链接&#xff0c;北京万柳书院在网上热议&#xff0c;其背后是人与人的大量链接&#xff0c;近期热议的湖南卫视春晚亦如是&#xff0c;这种链接为价值的设计、沟通、传递创造条件&#xff1b;企业以客户为中心设计产品&#xff0c;往大了说是…

linux挂载新磁盘

一、查看磁盘挂载状态&#xff1a; fdisk -l df -h 二、为其中一个磁盘创建新的分区&#xff0c;参考&#xff1a; linux用fdisk创建分区,在Linux下用fdisk创建分区_weixin_39968410的博客-CSDN博客 sudo fdisk /dev/nvme0n1 1. 创建主分区&#xff1a; -----------------…

工作的同时,我也在这里做副业

文章目录一、什么是独自开&#xff1f;二、独自开能给我们带来什么利益&#xff1f;三、如何使用独自开&#xff1f;3.1、用户任务报价步骤13.2、用户任务报价步骤2四、未来的愿景一、什么是独自开&#xff1f; 独自开&#xff0c;全称独自开发一套系统&#xff0c;是基于商品…

洛谷 225153 数字组合

1.数字组合 题目链接&#xff1a;数字组合 - 洛谷 标签&#xff1a;背包问题 注意点&#xff1a;将dp[0]初始化为1 AC代码&#xff1a; #include<iostream> using namespace std;int dp[100005];int main() {int n,m,t;cin>>n>>m;dp[0]1;for(int i1;i&l…

基于Leaflet的VideoOverlay视频图层叠加实战

前言在基于二维的场景中&#xff0c;也许会遇到以下的需求。在某交通路口或者重要的监控点&#xff0c;需要将实时或者录制的视频信息叠加在地图上。更有甚者&#xff0c;随着设备通讯方式的增强&#xff0c;无人机等设备可以采集实时数据&#xff0c;实时回传到控制终端&#…

蚂蚁智能内容合规产品,提供一站式营销合规管控解决方案

随着互联网服务的不断深化&#xff0c;产品营销的形式从传统文本、长图文&#xff0c;增加到短视频、直播等新媒介形态&#xff0c;展现形式愈加丰富的同时&#xff0c;也为营销宣传内容合规审核带来了诸多难题。如何解决与日俱增的审核量与合规审核人员有限之间的矛盾&#xf…

UI自动化测试模块与环境管理全面打通,MeterSphere开源持续测试平台v2.6.0发布

2023年1月16日&#xff0c;MeterSphere一站式开源持续测试平台正式发布v2.6.0版本。 在这一版本中&#xff0c;MeterSphere的UI自动化测试模块与环境管理全面打通&#xff0c;更好地满足了用户一个脚本同时跑多个环境的测试需求。在测试跟踪模块中&#xff0c;测试计划关联测试…

[ECE]模拟试题-5

在cluster1上有一task1索引,请编写一个查询并满足以下要求: ● 定义一个名为a的运行时字段,通过a字段实现以下聚合(a字段的值等于b字段减去c字段) ● 聚合a值小于-2的文档 ● 聚合-5到5之间的文档 ● 聚合大于5的文档DELETE task1 PUT task1 {"settings": {"…