整合 Mybatis-Plus-Enhance 进行数据加解密、签名处理
说明:该文档重要讲述
Mybatis-Plus-Enhance与tianyin-boot-crypto-autoconfigure的集成整合。你可以参考下面的说明进行,也可以直接查看 tianyin-edu-authz 服务的release/ty-base-v1.0.6.1分支代码,了解整合过程。
1、项目父级依赖 tianyin-cloud-parent 改为 1.0.3-SNAPSHOT
<parent>
<groupId>com.tianyin</groupId>
<artifactId>tianyin-cloud-parent</artifactId>
<version>1.0.3-SNAPSHOT</version>
<relativePath/>
</parent>2、集成 Mybatis-Plus-Enhance
首先根据,
基于 Mybatis-Plus-Enhance 的数据处理方案中的描述,完成数据加解密(Data Encryption And Decryption)和数据签名与验签(Data Signature)逻辑的整合
3、集成 tianyin-boot-crypto-autoconfigure
添加 tianyin-boot-crypto-autoconfigure 通用的加解密组件
<!-- For Tianyin -->
<dependency>
<groupId>com.tianyin</groupId>
<artifactId>tianyin-boot-crypto-autoconfigure</artifactId>
<version>${tianyin-boot.version}</version>
</dependency>配置 tianyin-boot-crypto-autoconfigure 组件所需参数
################################################################################################################
###加解密(CryptoProperties)配置:
################################################################################################################
crypto:
# 加密解密方式
type: internal
# 使用的对称加密算法
symmetric-algorithm: AES
# 使用的签名算法
hmac-algorithm: HmacSHA256
# 采用的加密模式,系统支持 ecb,cbc,cfb,ofb,推荐 cbc,国密不允许使用 ecb 模式【必须】
mode: cbc
# 加密运算所采用的填充模式,系统支持 PKCS5Padding 和 NoPadding,推荐 PKCS5Padding【必须】
padding: pkcs5padding
# 加密解密密钥
key: T0R0ZWlmRHp3UnZXOTVBWg==
# 加密解密向量
iv: KnA4b1hAck9uaHA5VV4vSA==
# 明文是否进行了 base64 编码 true/false
plain-is-encode: true
# 弗兰科信息加解密服务配置
flksec-address: 10.54.14.122
flksec-port: 94434、自定义 EncryptedFieldHandler 实现
import com.baomidou.mybatisplus.core.toolkit.ExceptionUtils;
import com.baomidou.mybatisplus.enhance.crypto.handler.EncryptedFieldHandler;
import com.tianyin.boot.autoconfigure.crypto.CryptoProvider;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class TyEncryptedFieldHandler implements EncryptedFieldHandler {
@Getter
private CryptoProvider cryptoProvider;
public TyEncryptedFieldHandler(CryptoProvider cryptoProvider) {
this.cryptoProvider = cryptoProvider;
}
@Override
public <T> String encrypt(T value) {
try {
String valueAsString = getCryptoProvider().encrypt(value);
log.debug("Encrypt Value : {}", valueAsString);
return valueAsString;
} catch (Exception ex) {
log.error("Encrypt Error : {}", ex.getMessage());
throw ExceptionUtils.mpe("Encrypt Error", ex);
}
}
@Override
public <T> T decrypt(String value, Class<T> rtType) {
try {
T decryptValue = getCryptoProvider().decrypt(value, rtType);
log.debug("Decrypt Value : {}",decryptValue);
return decryptValue;
} catch (Exception ex) {
log.error("Decrypt Error : {}", ex.getMessage());
throw ExceptionUtils.mpe("Encrypt Error", ex);
}
}
@Override
public <T> String hmac(T value) {
try {
String hmacValue = getCryptoProvider().hmac(value);
log.debug("HMAC Digest Value : {}", hmacValue);
return hmacValue;
} catch (Exception ex) {
log.error("HMAC Digest Error : {}", ex.getMessage());
throw ExceptionUtils.mpe("HMAC Digest Error", ex);
}
}
}5、整合 Mybatis-Plus-Enhance 和 tianyin-boot-crypto-autoconfigure
整合 Mybatis-Plus-Enhance 和 tianyin-boot-crypto-autoconfigure 的目的是,可以使用 tianyin-boot-crypto-autoconfigure 中的加解密方法,也方便后期扩展
修改 MybatisPlusConfiguration 配置替换 EncryptedFieldHandler 实现为 TyEncryptedFieldHandler
@Bean
public EncryptedFieldHandler encryptedFieldHandler(ObjectProvider<CryptoProvider> cryptoProvider) {
return new TyEncryptedFieldHandler(cryptoProvider.getIfAvailable());
}6、MybatisPlusConfiguration 完整配置
import com.baomidou.mybatisplus.core.injector.DefaultSqlInjector;
import com.baomidou.mybatisplus.core.injector.ISqlInjector;
import com.baomidou.mybatisplus.enhance.crypto.handler.EncryptedFieldHandler;
import com.baomidou.mybatisplus.enhance.interceptor.MybatisPlusDecryptInterceptor;
import com.baomidou.mybatisplus.enhance.interceptor.inner.DataEncryptionInnerInterceptor;
import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
import com.baomidou.mybatisplus.extension.plugins.inner.InnerInterceptor;
import com.baomidou.mybatisplus.extension.plugins.inner.OptimisticLockerInnerInterceptor;
import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
import com.tianyin.boot.autoconfigure.crypto.CryptoProvider;
import com.tianyin.edu.authz.setup.crypto.TyEncryptedFieldHandler;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
@MapperScan({ "com.tianyin.**.dao", "com.tianyin.**.mapper", "com.tianyin.**.repository" })
public class MybatisPlusConfiguration {
/**
* 新的分页插件,一缓和二缓遵循mybatis的规则,需要设置 MybatisConfiguration#useDeprecatedExecutor =
* false 避免缓存出现问题(该属性会在旧插件移除后一同移除)
*/
@Bean
public MybatisPlusEnhanceInterceptor mybatisPlusInterceptor(ObjectProvider<EncryptedFieldHandler> encryptedFieldHandlerProvider,
ObjectProvider<InnerInterceptor> innerInterceptorProvider) {
// MybatisPlus 解密和签名验证拦截器,用于替代 MybatisPlus 的原生拦截器,实现对数据库字段的解密和签名验证操作
MybatisPlusEnhanceInterceptor interceptor = new MybatisPlusEnhanceInterceptor();
innerInterceptorProvider.stream().forEach(interceptor::addInnerInterceptor);
return interceptor;
}
@Bean
public EncryptedFieldHandler encryptedFieldHandler(ObjectProvider<CryptoProvider> cryptoProvider) {
return new TyEncryptedFieldHandler(cryptoProvider.getIfAvailable());
}
/**
* mybatis-plus 扩展:字段加解和签名拦截器
*/
@Bean
public DataEncryptionInnerInterceptor dataEncryptionInnerInterceptor(ObjectProvider<EncryptedFieldHandler> encryptedFieldHandlerProvider) {
return new DataEncryptionInnerInterceptor(encryptedFieldHandlerProvider.getIfAvailable());
}
/**
* mybatis-plus 扩展:字段解密和验签拦截器
*/
@Bean
public DataDecryptionInnerInterceptor dataDecryptionInnerInterceptor(ObjectProvider<EncryptedFieldHandler> encryptedFieldHandlerProvider) {
return new DataDecryptionInnerInterceptor(true, encryptedFieldHandlerProvider.getIfAvailable());
}
/**
* mybatis-plus:分页插件<br>
* 文档:http://mp.baomidou.com<br>
*/
@Bean
public PaginationInnerInterceptor paginationInterceptor() {
PaginationInnerInterceptor paginationInterceptor = new PaginationInnerInterceptor();
paginationInterceptor.setOverflow(false);
return paginationInterceptor;
}
/**
* mybatis-plus:乐观锁插件
*/
@Bean
public OptimisticLockerInnerInterceptor optimisticLockerInterceptor() {
return new OptimisticLockerInnerInterceptor();
}
/**
* mybatis-plus:防止全表更新与删除插件
@Bean
public BlockAttackInnerInterceptor blockAttackInnerInterceptor() {
BlockAttackInnerInterceptor sqlExplainInterceptor = new BlockAttackInnerInterceptor();
return sqlExplainInterceptor;
}
*/
/**
* 注入sql注入器
*/
@Bean
public ISqlInjector sqlInjector() {
return new DefaultSqlInjector();
}
/**
* 注入主键生成器
@Bean
public IKeyGenerator keyGenerator() {
return new H2KeyGenerator();
}
*/
/*
* oracle数据库配置JdbcTypeForNull
* 参考:https://gitee.com/baomidou/mybatisplus-boot-starter/issues/IHS8X
* 不需要这样配置了,参考 yml: mybatis-plus: confuguration dbc-type-for-null: 'null'
*
* @Bean public ConfigurationCustomizer configurationCustomizer(){ return new
* MybatisPlusCustomizers(); }
*
* class MybatisPlusCustomizers implements ConfigurationCustomizer {
*
* @Override public void customize(org.apache.ibatis.session.Configuration
* configuration) { configuration.setJdbcTypeForNull(JdbcType.NULL); } }
*/
}作者:Jeebiz 创建时间:2024-11-13 15:53
最后编辑:Jeebiz 更新时间:2024-11-14 21:58
最后编辑:Jeebiz 更新时间:2024-11-14 21:58
