foreword
Last month, a new project made by another team in the company was generally stable after it went live, but two people, including the R&D director, quit immediately after the project went live, and then handed it over to me, the "garbage collector".
This week, the monitoring platform of another manufacturer of Party A scanned some sensitive information of some interfaces of our project without encryption, and asked us to deal with it immediately.
After checking it, I found that it was really the case. The mobile phone and ID number were not desensitized, and ten thousand beasts were running in my heart.
Fortunately, I have long-term experience in dealing with such emergencies. I directly wrote a custom annotation, and then added it to the interface that needs to be encrypted and decrypted. It is connected with the front-end for debugging, and Oak gets it done. Afterwards, my face remains heavy. But the heart is calm and fishing, so unrestrained.
Taking advantage of the free time of fishing, I simplified the implementation method and shared it in the most understandable way. You can save it, and you can fish it out someday when you need it, so as to save some thinking time.
technical version
Implementation process
1. Introduce dependencies
2. Entity class
We define two entity classes, one is the object UserInfo returned by the interface response when simulating querying user information.
One is the request object UserInfoReq when saving the user
In this way, we can separately test the encryption of sensitive attributes of objects returned by the query interface, and the decryption of sensitive attributes of objects requested by the save interface.
3. yml configuration
Here, we mainly add the custom configuration of the key, which is convenient for flexible modification.
4. Custom annotations
Here, we define two parameters for the annotation, which attributes are to be decrypted when requesting, and which attributes are to be encrypted when responding, and default values are given respectively.
5. Encryption and decryption tools
Encryption and decryption tool class We use the AES encryption and decryption tool provided by Hutool
Note two points here:
1) To obtain the yml configuration in the tool class, you need to add the @component annotation, and then set static for the variable, but remove the static in the set method, and put @Value on the set method, otherwise it will not take effect;
2) The construction of the AES tool should be placed in the @PostConstruct annotation, indicating the content loaded after the Spring container initializes the bean. If it is not processed directly, a null pointer exception will be thrown.
6. AOP section
Here is the AOP aspect class with custom annotations, which is also a specific implementation. The core idea is to use the reflection mechanism of Java. Some of the writing methods are generally fixed and can be properly understood. It is not recommended to understand too much, so as not to cause trouble.
7. Test interface
First, let's test the query interface and encrypt some sensitive attributes of the returned object.
Here, we set reqPropsName={}, which means that the request parameters will not be encrypted and decrypted, and set respPropsName={"phone", "idCard", "name"}, which means that the mobile phone number, ID number, and name in the returned object encrypted return.
Next, let's test the save interface to decrypt some of the encrypted properties of the request object.
Here, we set reqPropsName={"phone", "idCard", "name"}, which means to decrypt the mobile phone number, ID card number, and name in the request parameters, and set respPropsName={}, which means not to decrypt the returned object cryptographic operations.
After the save interface is executed, we can just return this object directly to see if it has been decrypted.
8. Effect
The query interface returns the object encryption effect
Save the decryption effect of the interface request object
Summarize
There are many functions that can be realized by custom annotations. For example, an anti-repeat submission annotation that I wrote for you before focuses on the idea of AOP, and the writing method is generally fixed.
The encryption and decryption annotations here still have limitations:
1) Only interfaces with clear public return objects are supported, such as Result here;
2) Only @RequestBody request object is supported, and other forms such as multiple param parameters and Map are not supported, and can be expanded by itself;
Although not perfect, it is generally sufficient, because most SpringBoot projects follow the specification and define public return objects. Most of the request interfaces are also received by @RequesetBody.
In the implementation of AOP aspect, there is also a hole for the type of request object. Interested friends can download the source code and expand it by themselves. It is a good choice for practice.
The source code will be given in the comment area~
The original article is purely written by hand. If you feel that there is a drop of help, please give a thumbs up and bookmark ~
Continue to share the real experience and experience in the work, if you like it, please pay attention ~