springboot项目利用ShardingSphere实现数据库字段加解密

springboot项目利用ShardingSphere实现数据库字段加解密

使用默认的加解密方式

• 引入jar包

<dependency>
    <groupId>org.apache.shardingspheregroupId>
    <artifactId>sharding-jdbc-spring-boot-starterartifactId>
    <version>4.0.0version>
dependency>

• 编写yml配置文件

spring:
  shardingsphere:
    datasource:
      name: master
      master:
        type: com.alibaba.druid.pool.DruidDataSource
        driverClassName: com.mysql.cj.jdbc.Driver
        url: jdbc:mysql://192.168.20.181:3060/collateral?useSSL=false&allowPublicKeyRetrieval=true&characterEncoding=utf8
        username: 数据库用户名
        password: 数据库密码
    encrypt:
      encryptors:
        encryptor_aes:
          type: aes 
          props: 
            aes.key.value: abcdef#ghij#klmn 
      tables:
        t_collateral_record:
          columns:
            project_name:
              cipherColumn: project_name 
              encryptor: encryptor_aes 
            project_no:
              cipherColumn: project_no 
              encryptor: encryptor_aes 
    props:
      sql:
        show: false 
      query:
        with:
          cipher:
            column: true 

使用自定义的加解密方式

• 编写yml配置文件

spring:
  shardingsphere:
    datasource:
      name: master
      master:
        type: com.alibaba.druid.pool.DruidDataSource
        driverClassName: com.mysql.cj.jdbc.Driver
        url: jdbc:mysql://192.168.20.181:3060/collateral?useSSL=false&allowPublicKeyRetrieval=true&characterEncoding=utf8
        username: 数据库用户名
        password: 数据库密码
    encrypt:
      encryptors:
        encryptor_aes:
          type: my-aes 
      tables:
        t_collateral_record:
          columns:
            project_name:
              cipherColumn: project_name 
              encryptor: encryptor_aes 
            project_no:
              cipherColumn: project_no 
              encryptor: encryptor_aes 
    props:
      sql:
        show: false 
      query:
        with:
          cipher:
            column: true 

• 编写自定义算法类

import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.symmetric.AES;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.apache.shardingsphere.spi.encrypt.ShardingEncryptor;
import org.springframework.core.io.support.PropertiesLoaderUtils;
import org.springframework.util.StringUtils;

import java.io.IOException;
import java.util.Properties;

/**
 * aes加解密
 */
@Slf4j
@Data
public class ShardingEncryptorAes implements ShardingEncryptor {

    private static final String AES_PROPERTIES = "aes.properties";

    private Properties properties;

    @Override
    public void init() {
        try {
            properties = PropertiesLoaderUtils.loadAllProperties(AES_PROPERTIES);
        } catch (IOException e) {
            e.printStackTrace();
            throw new RuntimeException("aes秘钥配置文件读取失败", e);
        }
    }

    @Override
    public String encrypt(Object o) {
        if (o == null) {
            return null;
        }
        AES aes = SecureUtil.aes(getKey().getBytes());
        return aes.encryptHex((String) o);
    }

    @Override
    public Object decrypt(String str) {
        AES aes = SecureUtil.aes(getKey().getBytes());
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        return aes.decryptStr(str);
    }

    @Override
    public String getType() {
        return "my-aes";
    }

    @Override
    public Properties getProperties() {
        return properties;
    }

    @Override
    public void setProperties(Properties properties) {

    }

    private String getKey() {
        return getProperties().getProperty("aesKey");
    }
}

• 在resources目录下创建文件
  1. 在resources目录下创建子目录META-INF\services
  2. 在META-INF\services目录下创建文件org.apache.shardingsphere.spi.encrypt.ShardingEncryptor
  3. 文件里面写上加密类全称com.defang.collateral.util.ShardingEncryptorAes
  4. 在resources目录下创建aes秘钥配置文件 aes.properties

     aesKey=/sbJqG2uF+/40CoabQ+b893T6vNEnVVG