一、寫在前面

日常開發中，經常有一些敏感數據，直接寫入數據庫的話，很容易泄露。
本文基于mybatis攔截器插件，實現敏感數據的加解密。

二、編碼實現

1、注解

import java.lang.annotation.*;@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface EncryptedField {String algorithm() default "AES";
}

2、攔截器插件

import com.example.encryption.annotation.EncryptedField;
import com.example.encryption.service.EncryptionService;
import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.SqlCommandType;
import org.apache.ibatis.plugin.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.lang.reflect.Field;
import java.util.Properties;@Component
@Intercepts({@Signature(type = Executor.class, method = "update", args = {MappedStatement.class, Object.class}),@Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, org.apache.ibatis.session.RowBounds.class, org.apache.ibatis.session.ResultHandler.class})
})
public class EncryptDecryptInterceptor implements Interceptor {@Autowiredprivate EncryptionService encryptionService;@Overridepublic Object intercept(Invocation invocation) throws Throwable {MappedStatement ms = (MappedStatement) invocation.getArgs()[0];Object parameter = invocation.getArgs()[1];// 加密處理 INSERT/UPDATEif (ms.getSqlCommandType() == SqlCommandType.INSERT || ms.getSqlCommandType() == SqlCommandType.UPDATE) {handleEncryption(parameter);}Object result = invocation.proceed();// 解密處理 SELECTif (ms.getSqlCommandType() == SqlCommandType.SELECT) {handleDecryption(result);}return result;}private void handleEncryption(Object parameter) throws Exception {if (parameter == null) return;for (Field field : parameter.getClass().getDeclaredFields()) {if (field.isAnnotationPresent(EncryptedField.class)) {field.setAccessible(true);Object value = field.get(parameter);if (value instanceof String) {field.set(parameter, encryptionService.encrypt((String) value));}}}}private void handleDecryption(Object result) throws Exception {if (result == null) return;if (result instanceof java.util.Collection) {for (Object obj : (java.util.Collection<?>) result) {decryptObject(obj);}} else {decryptObject(result);}}private void decryptObject(Object obj) throws Exception {for (Field field : obj.getClass().getDeclaredFields()) {if (field.isAnnotationPresent(EncryptedField.class)) {field.setAccessible(true);Object value = field.get(obj);if (value instanceof String) {field.set(obj, encryptionService.decrypt((String) value));}}}}@Overridepublic Object plugin(Object target) {return Plugin.wrap(target, this);}@Overridepublic void setProperties(Properties properties) {}
}

3、配置插件

import com.example.encryption.interceptor.EncryptDecryptInterceptor;
import org.mybatis.spring.boot.autoconfigure.ConfigurationCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;@Configuration
public class MyBatisConfig {@Beanpublic ConfigurationCustomizer configurationCustomizer(EncryptDecryptInterceptor interceptor) {return configuration -> configuration.addInterceptor(interceptor);}
}

4、實體類

import com.example.encryption.annotation.EncryptedField;public class User {private Long id;private String username;@EncryptedFieldprivate String idCard;@EncryptedFieldprivate String phoneNumber;// Getters and Setterspublic Long getId() { return id; }public void setId(Long id) { this.id = id; }public String getUsername() { return username; }public void setUsername(String username) { this.username = username; }public String getIdCard() { return idCard; }public void setIdCard(String idCard) { this.idCard = idCard; }public String getPhoneNumber() { return phoneNumber; }public void setPhoneNumber(String phoneNumber) { this.phoneNumber = phoneNumber; }// toString@Overridepublic String toString() {return "User{" +"id=" + id +", username='" + username + '\'' +", idCard='" + idCard + '\'' +", phoneNumber='" + phoneNumber + '\'' +'}';}}

5、測試

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.ConfigurableApplicationContext;import com.example.encryption.entity.User;
import com.example.encryption.mapper.UserMapper;@SpringBootApplication
public class EncryptionDemoApplication {public static void main(String[] args) {ConfigurableApplicationContext run = SpringApplication.run(EncryptionDemoApplication.class, args);UserMapper userMapper = run.getBean(UserMapper.class);// 增User user = new User();user.setId(1L);user.setUsername("test1");user.setIdCard("111111111111");user.setPhoneNumber("1311111");userMapper.insert(user);System.out.println(userMapper.selectById(1L));;// 改user.setUsername("test2");user.setIdCard("2222222222");user.setPhoneNumber("1322222222");userMapper.updateById(user);System.out.println(userMapper.selectById(1L));;System.out.println(userMapper.selectById(1L));;}
}

三、擴展

1、優化點

1、插件使用反射對類進行賦值、獲取值，為了提高性能，可以考慮將字段進行緩存（使用ConcurrentHashMap）
2、加解密方法，可以考慮擴展成接口，加密方式可擴展。
3、本內容只支持MyBatis簡單場景，MyBatisPlus、分頁場景、參數為List、Map或者復雜對象，需要對參數進一步遞歸處理。