针对mybatis对业务敏感数据进行加密,为企业数据保驾护航
2021-04-03 16:23:16.604 DEBUG 3020 --- [ main] c.g.h.d.shield.mapper.UserMapper.insert : ==> Preparing: insert into t_user (username,password) values ( ?, ?)
2021-04-03 16:23:16.629 DEBUG 3020 --- [ main] c.g.h.d.shield.mapper.UserMapper.insert : ==> Parameters: tom(String), L0wfhbKDAELRnj03GtjKoQ==(String)
2021-04-03 16:23:16.651 DEBUG 3020 --- [ main] c.g.h.d.shield.mapper.UserMapper.insert : <== Updates: 1
2021-04-03 16:23:16.675 DEBUG 3020 --- [ main] c.g.h.d.s.mapper.UserMapper.selectOn : ==> Preparing: select id,username,password from t_user where id = ?
2021-04-03 16:23:16.675 DEBUG 3020 --- [ main] c.g.h.d.s.mapper.UserMapper.selectOn : ==> Parameters: 75(Integer)
2021-04-03 16:23:23.313 DEBUG 3020 --- [ main] c.g.h.d.s.mapper.UserMapper.selectOn : <== Total: 1
2021-04-03 16:23:26.166 DEBUG 3020 --- [ main] com.github.homeant.data.shield.DataTest : user:User(id=75, username=tom, password=p@ssw0rd1234567)mysql> select * from t_user;
+----+----------+--------------------------+
| id | username | password |
+----+----------+--------------------------+
| 74 | tom | L0wfhbKDAELRnj03GtjKoQ== |
| 75 | tom | L0wfhbKDAELRnj03GtjKoQ== |
+----+----------+--------------------------+
2 rows in set (0.03 sec)<dependency>
<groupId>com.github.homeant</groupId>
<artifactId>data-shield</artifactId>
<version>1.0-BATE</version>
</dependency>app:
data:
shield:
enable: true
strategy: aes #支持AES/DES模式
key: AD42F6697B035B7580E4FEF93BE20BAD为需要处理的业务字段添加@TableField注解,只支持String类型
encrypt: 修改过程是否需要加密,默认为false
decode: 查询过程是否需要解密,默认为false
asserts: decode为true时,针对某些数据(历史数据)提供断言,默认值DefaultAssert.class(encrypt=true,decode=true)
@Data
public class User {
private Integer id;
private String username;
@TableField(encrypt = true,decode = true,assertion=Base64Assert.class)
private String phone;
}2020-05-17
data-shield问世,针对mybatis对业务敏感数据进行加密,包含query、update操作;加密模式有AES和DES- 新增
DataShieldService可单独对业务对象进行加解密 - 新增
DataShieldHelper可对查询结果进行打码操作
2021-04-03
- 添加
mybatis的Cursor查询 - 修改
query模式不污染原始查询对象