Shulou(Shulou.com)06/01 Report--

This article mainly shows you "mybatis how to achieve special field encryption", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "mybatis how to achieve special field encryption" this article.

I. background

Sometimes some sensitive information of users, such as mobile phone number, bank card and so on, will be saved in our database. If this information is saved in clear text, it is not safe. If the hacker hacks into the database, or the departing staff exports the data, it may lead to the leakage of these sensitive data. So we need to find a way to solve this problem.

II. Solutions

Because we used Mybatis as the database persistence layer in our system, we decided to use Mybatis's TypeHandler or Plugin to solve the problem.

TypeHandler: we need to manually specify typeHandler on some columns to choose which typeHandler to use or infer by ourselves based on the @ MappedJdbcTypes and @ MappedTypes annotations.

Plugin: you can intercept select, insert, update, delete and other statements in the system, and you can also obtain the parameters before and after the execution of sql.

After consideration, it is decided to use TypeHandler to encrypt and decrypt data.

III. Demand

We have a customer table customer, which has fields such as customer mobile phone number (phone) and customer address (address), in which customer mobile phone number (phone) needs to be encrypted and saved in the database.

1. When adding customer information, automatically encrypt and save the customer's mobile phone number to the data.

2. When querying customer information, the customer mobile phone number is decrypted automatically.

Fourth, the realization train of thought

1. Write an entity class, and all the data of this entity class represents the data that needs to be encrypted and decrypted.

Public class Encrypt {private String value; public Encrypt () {} public Encrypt (String value) {this.value = value; public String getValue () {return value; public void setValue (String value) {}

2. Write an encrypted and decrypted TypeHandler

Encrypt data when setting parameters.

Decrypt the data when getting the record from the database.

Package com.huan.study.mybatis.typehandler; import cn.hutool.crypto.SecureUtil;import cn.hutool.crypto.symmetric.AES;import org.apache.ibatis.type.BaseTypeHandler;import org.apache.ibatis.type.JdbcType;import org.apache.ibatis.type.MappedJdbcTypes;import org.apache.ibatis.type.MappedTypes;import java.nio.charset.StandardCharsets;import java.sql.CallableStatement;import java.sql.PreparedStatement;import java.sql.ResultSet;import java.sql.SQLException / * * encryption and decryption TypeHandler * * @ author huan.fu 2021-5-18-9:20 * / @ MappedJdbcTypes (JdbcType.VARCHAR) @ MappedTypes (Encrypt.class) public class EncryptTypeHandler extends BaseTypeHandler {private static final byte [] KEYS = "12345678abcdefgh" .getBytes (StandardCharsets.UTF_8) / * set parameters * / @ Override public void setNonNullParameter (PreparedStatement ps, int I, Encrypt parameter, JdbcType jdbcType) throws SQLException {if (parameter = = null | | parameter.getValue () = = null) {ps.setString (I, null); return;} AES aes = SecureUtil.aes (KEYS); String encrypt = aes.encryptHex (parameter.getValue ()) Ps.setString (I, encrypt);} * get the value public Encrypt getNullableResult (ResultSet rs, String columnName) throws SQLException {return decrypt (rs.getString (columnName)); public Encrypt getNullableResult (ResultSet rs, int columnIndex) throws SQLException {return decrypt (rs.getString (columnIndex)); public Encrypt getNullableResult (CallableStatement cs, int columnIndex) throws SQLException {return decrypt (cs.getString (columnIndex)) Public Encrypt decrypt (String value) {if (null = = value) {return null; return new Encrypt (SecureUtil.aes (KEYS) .decryptStr (value));}

Note ⚠️:

MappedTypes: indicates what type of java the processor is dealing with.

MappedJdbcTypes: indicates the type of Jdbc processed by the processor.

3. How to write in sql sentence

Insert into customer (phone,address) values (# {phone}, # {address}) select * from customer where phone = # {phone}

There is no special way to write in SQL.

4. Specify the package path of Typehandler in the configuration file

Mybatis.type-handlers-package=com.huan.study.mybatis.typehandler

5. Write background code

Provide a way to add

Provide a method to query according to mobile phone number

The background code is relatively simple. Check it directly:

"https://gitee.com/huan1993/spring-cloud-parent/tree/master/mybatis/mybatis-typehandler-encrypt

Post a screenshot of the mapper layer.

6. Test results

As can be seen from the test results, when adding data, the data that needs to be encrypted (phone) has been encrypted in the database, and the encrypted data has been automatically decrypted when querying.

The above is all the content of the article "how to achieve Special Field encryption in mybatis". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.