该章节主要介绍如何使用数据脱敏功能,如何进行相关配置。数据脱敏功能即可与数据分片功能共同使用,又可作为单独功能组件,独立使用。
与数据分片功能共同使用时,会创建ShardingDataSource;单独使用时,会创建EncryptDataSource来完成数据脱敏功能。
不使用Spring
引入Maven依赖
org.apache.shardingsphere
sharding-jdbc-core
${sharding-sphere.version}
基于Java编码的规则配置
// 配置数据源
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName("com.mysql.jdbc.Driver");
dataSource.setUrl("jdbc:mysql://127.0.0.1:3306/encrypt");
dataSource.setUsername("root");
dataSource.setPassword("");
// 配置脱敏规则
Properties props = new Properties();
props.setProperty("aes.key.value", "123456");
EncryptorRuleConfiguration encryptorConfig = new EncryptorRuleConfiguration("AES", props);
EncryptColumnRuleConfiguration columnConfig = new EncryptColumnRuleConfiguration("plain_pwd", "cipher_pwd", "", "aes");
EncryptTableRuleConfiguration tableConfig = new EncryptTableRuleConfiguration(Collections.singletonMap("pwd", columnConfig));
EncryptRuleConfiguration encryptRuleConfig = new EncryptRuleConfiguration();
encryptRuleConfig.getEncryptors().put("aes", encryptorConfig);
encryptRuleConfig.getTables().put("t_encrypt", tableConfig);
// 获取数据源对象
DataSource dataSource = EncryptDataSourceFactory.createDataSource(dataSource, encryptRuleConfig, new Properties());基于Yaml的规则配置
或通过Yaml方式配置,与以上配置等价:
dataSource: !!org.apache.commons.dbcp2.BasicDataSource
driverClassName: com.mysql.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/encrypt?serverTimezone=UTC&useSSL=false
username: root
password:
encryptRule:
tables:
t_order:
columns:
user_id:
cipherColumn: user_cipher
encryptor: order_encryptor
encryptors:
order_encryptor:
type: aes
props:
aes.key.value: 123456
props:
query.with.cipher.column: true #是否使用密文列查询 DataSource dataSource = YamlEncryptDataSourceFactory.createDataSource(yamlFile);使用Spring
引入Maven依赖
org.apache.shardingsphere
sharding-jdbc-spring-boot-starter
${sharding-sphere.version}
org.apache.shardingsphere
sharding-jdbc-spring-namespace
${sharding-sphere.version}
基于Spring boot的规则配置
spring.shardingsphere.datasource.name=ds
spring.shardingsphere.datasource.ds.type=org.apache.commons.dbcp2.BasicDataSource
spring.shardingsphere.datasource.ds.driver-class-name=com.mysql.jdbc.Driver
spring.shardingsphere.datasource.ds.url=jdbc:mysql://127.0.0.1:3306/encrypt?serverTimezone=UTC&useSSL=false
spring.shardingsphere.datasource.ds.username=root
spring.shardingsphere.datasource.ds.password=
spring.shardingsphere.datasource.ds.max-total=100
spring.shardingsphere.encrypt.encryptors.encryptor_aes.type=aes
spring.shardingsphere.encrypt.encryptors.encryptor_aes.props.aes.key.value=123456
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.plainColumn=user_decrypt
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.cipherColumn=user_encrypt
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.assistedQueryColumn=user_assisted
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.encryptor=encryptor_aes
spring.shardingsphere.props.sql.show=true
spring.shardingsphere.props.query.with.cipher.column=true基于Spring boot + JNDI的规则配置
如果您计划使用Spring boot + JNDI的方式,在应用容器(如Tomcat)中使用Sharding-JDBC时,可使用spring.shardingsphere.datasource.${datasourceName}.jndiName来代替数据源的一系列配置。
如:
spring.shardingsphere.datasource.name=ds
spring.shardingsphere.datasource.ds.jndi-name=java:comp/env/jdbc/ds
spring.shardingsphere.encrypt.encryptors.encryptor_aes.type=aes
spring.shardingsphere.encrypt.encryptors.encryptor_aes.props.aes.key.value=123456
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.plainColumn=user_decrypt
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.cipherColumn=user_encrypt
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.assistedQueryColumn=user_assisted
spring.shardingsphere.encrypt.tables.t_order.columns.user_id.encryptor=encryptor_aes
spring.shardingsphere.props.sql.show=true
spring.shardingsphere.props.query.with.cipher.column=true基于Spring命名空间的规则配置
123456
true
true
在Spring中使用DataSource
直接通过注入的方式即可使用DataSource,或者将DataSource配置在JPA、Hibernate或MyBatis中使用。
@Resource
private DataSource dataSource;