Shulou(Shulou.com)06/01 Report--

API data encryption framework monkey-api-encrypt how to build, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

The following describes how to automatically encrypt and decrypt the data of the interface in Spring Boot, and specify whether it needs to be encrypted or decrypted by means of annotations.

The principle is also simple: the request response can be processed through the RequestBodyAdvice and ResponseBodyAdvice provided by Spring.

Originally, I was going to update it, because it also needs to be encrypted and decrypted in Spring Cloud Zuul, so my package can't be used.

Coincidentally, Fei Chao talked to me last week and provided some very useful suggestions, so on Saturday I spent a day refactoring the encryption framework, no longer providing services in the way of Spring Boot Starter, but directly a jar package to encrypt and decrypt the data based on the Servlet level.

Compared to previous changes:

Built-in AES encryption algorithm, you can configure different encryption key

No longer bind Spring Boot. You can use encryption and decryption by configuring Filter.

The Spring Cloud Zuul framework can also support

Support user-defined encryption algorithm

GitHub address: https://github.com/yinjihuan/monkey-api-encrypt

Sample code: https://github.com/yinjihuan/monkey-api-encrypt/tree/master/encrypt-springboot-example

Monkey-api-encrypt is not released to the central Maven warehouse, but only to the jitpack warehouse. You can also download the source code and package it to your own company's private server.

Benefits of automatic encryption and decryption

Traditional practices are as follows:

/ / the data from the client is the encrypted string public String add (String data) {/ / 1. Decrypt the data through the tool class, and then serialize it into an object using / / 2. Deal with the business logic and use the tool class to encrypt the data to the client when the data is returned.

The disadvantage is that you have to deal with the encryption and decryption logic manually in each business method.

By using monkey-api-encrypt, developers do not need to pay attention to the logic of encryption and decryption, such as:

@ PostMapping ("/ save") public UserResult add (@ RequestBody User data) {UserResult result = new UserResult (); result.setXXX.... Return result;}

The above code is exactly the same as usual, there is no encryption and decryption logic, when you need to do encryption and decryption logic for data, you only need to configure a filter, and then specify which URI needs to be encrypted and decrypted. Let's learn how to use monkey-api-encrypt.

Quick use

The following is shown in the jitpack warehouse

Step 1: add warehouse address to pom.xml

Jitpack.io https://jitpack.io

Step 2: increase project dependency

Com.github.yinjihuan monkey-api-encrypt 1.1.1

Step 3: configure the encryption and decryption filter (configured in Spring Boot)

@ Configuration

Public class FilterConfig {

@ Bean

Public FilterRegistrationBean filterRegistration () {

EncryptionConfig config = new EncryptionConfig ()

Config.setKey ("abcdef0123456789")

Config.setRequestDecyptUriList (Arrays.asList ("/ save", "/ decryptEntityXml"))

Config.setResponseEncryptUriList (Arrays.asList ("/ encryptStr", "/ encryptEntity", "/ save", "/ encryptEntityXml", "/ decryptEntityXml"))

FilterRegistrationBean registration = new FilterRegistrationBean ()

Registration.setFilter (new EncryptionFilter (config))

Registration.addUrlPatterns ("/ *")

Registration.setName ("EncryptionFilter")

Registration.setOrder (1)

Return registration

}

}

EncryptionConfig EncryptionConfig is a configuration class for encryption and decryption. Configuration items are defined as follows:

Public class EncryptionConfig {

/ * *

* AES encryption key, length must be 16

, /

Private String key = "d7b85f6e214abcda"

/ * *

* API URI that needs to encrypt the response content

* for example: / user/list

* URI in @ PathVariable format is not supported

, /

Private List responseEncryptUriList = new ArrayList ()

/ * *

* API URI that needs to decrypt the request content

* for example: / user/list

* URI in @ PathVariable format is not supported

, /

Private List requestDecyptUriList = new ArrayList ()

/ * *

* response data coding

, /

Private String responseCharset = "UTF-8"

/ * *

* enable debug mode. No encryption and decryption operations are performed in debug mode, which is used for online API test scenarios such as Swagger.

, /

Private boolean debug = false

}

Custom encryption algorithm

Built-in AES encryption algorithm for data encryption and decryption operations, while users can customize the algorithm to replace the built-in algorithm.

Custom algorithms need to implement the EncryptAlgorithm interface:

/ * *

* Custom RSA algorithm

*

* @ author yinjihuan

*

* @ date 2019-01-12

*

* @ about http://cxytiandi.com/about

*

, /

Public class RsaEncryptAlgorithm implements EncryptAlgorithm {

Public String encrypt (String content, String encryptKey) throws Exception {

Return RSAUtils.encryptByPublicKey (content)

}

Public String decrypt (String encryptStr, String decryptKey) throws Exception {

Return RSAUtils.decryptByPrivateKey (encryptStr)

}

}

Specify the algorithm when registering Filter:

EncryptionConfig config = new EncryptionConfig (); registration.setFilter (new EncryptionFilter (config, new RsaEncryptAlgorithm (); FAQ 1. How to use it in Spring Cloud Zuul?

Use it in the same way as in Spring Boot, no different.

two。 What if all requests need to be encrypted and decrypted?

If RequestDecyptUriList and ResponseEncryptUriList are not configured by default, all requests will be processed (requests within the scope specified by the interceptor)

3. What should I do when I test the interface with Swagger?

Debug mode can be turned on without encrypting and decrypting the request, by configuring debug=true

4. Can RequestDecyptUriList and ResponseEncryptUriList support / user/* pattern matching?

The filter itself has this function, so the exact matching equality in the framework can be used to specify the address of the interface to be processed through the filter's registration.addUrlPatterns ("/ user/", "/ order/").

After reading the above, have you mastered how to build the API data encryption framework monkey-api-encrypt? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.