Shulou(Shulou.com)06/02 Report--

This article mainly introduces how to use custom annotations in springboot to achieve encryption, decryption and desensitization. This article is very detailed and has a certain reference value. Interested friends must read it!

Custom annotations for encryption, decryption and desensitization @ Documented@Target ({ElementType.FIELD}) @ Retention (RetentionPolicy.RUNTIME) @ Order (Ordered.HIGHEST_PRECEDENCE) public @ interface PrivateData {} @ Documented@Target ({ElementType.METHOD}) @ Retention (RetentionPolicy.RUNTIME) @ Order (Ordered.HIGHEST_PRECEDENCE) public @ interface PrivateDataMethod {}

First define two custom annotations, privateData and privateDataMethod, and define the @ Target attribute as FIELD and METHOD, respectively.

Construct AOP logic

Declare a starting point

@ Pointcut ("@ annotation (com.max.base.services.annotation.PrivateDataMethod)") public void annotationPointCut () {}

Cut in all methods that add @ privateDataMethod annotations.

Declaration notice

@ Around ("annotationPointCut ()") public Object around (ProceedingJoinPoint joinPoint) {Object responseObj = null; try {Object [] request = joinPoint.getArgs (); for (Object object: request) {if (object instanceof Collection) {Collection collection = (Collection) object Collection.forEach (var-> {try {handleEncrypt (var);} catch (IllegalAccessException e) {e.printStackTrace ();}}) } else {handleEncrypt (object);}} responseObj = joinPoint.proceed (); if (responseObj instanceof Collection) {Collection collection = (Collection) responseObj; collection.forEach (var-> {try {handleDecrypt (var)) } catch (IllegalAccessException e) {e.printStackTrace ();}});} else {handleDecrypt (responseObj);}} catch (Throwable throwable) {throwable.printStackTrace (); log.error ("SecureFieldAop exception {}", throwable) } return responseObj;}

Declare Aroud notice, judge the object of the input and output of the method, and directly encrypt and decrypt the object if it is not a collection object, otherwise split the collection and operate one by one

Deal with encryption and decryption

/ * handle encryption * @ param requestObj * / private void handleEncrypt (Object requestObj) throws IllegalAccessException {if (Objects.isNull (requestObj)) {return;} Field [] fields = requestObj.getClass () .getDeclaredFields (); for (Field field: fields) {boolean hasSecureField = field.isAnnotationPresent (PrivateData.class) If (hasSecureField) {Boolean accessible = field.isAccessible (); if (! accessible) {field.setAccessible (true);} String plaintextValue = (String) field.get (requestObj); String encryptValue = AseUtil.encrypt (plaintextValue, secretKey); field.set (requestObj, encryptValue) If (! accessible) {field.setAccessible (false);}}

Get the Field list of the object through reflection, execute the * * encryptValue () * * method for the field with the @ PrivateData annotation and overwrite the original field with the encrypted string.

Decryption logic is similar to encryption and does not go into detail.

test

Identifies the insert () method as a method that requires encryption

Public interface CmTenantMapper {int deleteByPrimaryKey (Long id); @ PrivateDataMethod int insert (CmTenant record); int insertSelective (CmTenant record); CmTenant selectByPrimaryKey (Long id); int updateByPrimaryKeySelective (CmTenant record); int updateByPrimaryKey (CmTenant record);}

Add comments to the fields that need to be encrypted in the incoming object

Public class CmTenant {private Long id; private String tenantId; @ PrivateData private String tenantName; private String createBy; private Date createDate; private String updateBy; private Date updateDate; private String remarks; private Byte delFlag;//set get...

Call the insert method to view the data saving result

Incoming object

{"createBy": "Coke is not happy", "delFlag": "NOTDELETE", "remarks": "testing encryption", "tenantId": "996", "tenantName": "chair team", "updateBy": "Coke is not happy"}

Database saves objects

There are no comments on the decryption test, so let's try it on your own.

Desensitization logic

Desensitization logic is basically the same as encryption and decryption. One thing to note is that desensitized annotations need to add type types.

Documented@Target ({ElementType.FIELD}) @ Retention (RetentionPolicy.RUNTIME) @ Order (Ordered.HIGHEST_PRECEDENCE) public @ interface MaskingField {MaskingTypeEnum type ();}

Define the classification of desensitization in MaskingTypeEnum

Public enum MaskingTypeEnum {/ * ID number * / ID_CARD, / * Mobile number * / PHONE, / * address * / ADDRESS, / * name * / NAME}

Identify the type of field when using is MaskingTypeEnum

@ MaskingField (type = MaskingTypeEnum.NAME) private String cpName; customizes the encryption and decryption of a string package com.hanqi.lianxi;package com.hanqi.lianxi;import java.util.Scanner;public class jiamiqi {public static void main (String [] args) {/ / enter the content before decryption Scanner sc = new Scanner (System.in); System.out.println ("Please enter the contents of the letter to be decoded"); String tex = sc.nextLine () / decrypt System.out.print ("tex.replaceAll (" A "," c "). ReplaceAll (" B "," d "). ReplaceAll (" C "," e "). ReplaceAll (" D "," f "). ReplaceAll (" E "," g "). ReplaceAll (" F "," h "). ReplaceAll (" G "," I "). ReplaceAll (" H "). "j". ReplaceAll ("I", "k"). ReplaceAll ("J", "l"). ReplaceAll ("K", "m"). ReplaceAll ("L", "n"). ReplaceAll ("M", "o"). ReplaceAll ("N", "p"). ReplaceAll ("O", "Q"). ReplaceAll ("P", "r"). ReplaceAll ("Q", "s"). ReplaceAll ("R", "t"). ReplaceAll ("S") ReplaceAll ("T", "v"). ReplaceAll ("U", "w"). ReplaceAll ("V", "x"). ReplaceAll ("W", "y"). ReplaceAll ("X", "z"). ReplaceAll ("Y", "a"). ReplaceAll ("Z", "b")) }}

The above is all the contents of the article "how to use custom annotations to encrypt, decrypt and desensitize in springboot". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.