I've written an encrypted article before. How to Ensure Data Security by Front-end and Back-end API Interaction . It is mainly about how to automatically encrypt and decrypt the interface data in Spring Book, and specify whether encrypt and decrypt is needed by annotation.
The principle is simple, too. Request Body Advice and Response Body Advice provided by Spring can process the request response.
It was also intended to be updated, because I also need encryption and decryption in Spring Cloud Zuul, so my encapsulation will not be used.
It happened that last week Feichao chatted with me and offered some very useful suggestions. So on Saturday, he spent a day reconstructing the encryption framework. Instead of providing services in the Spring Boot Starter way, he was directly a jar package, encrypting and decrypting data on the Servlet level.
Compared with previous changes:
- Built-in AES encryption algorithm, you can configure different encryption key s
- Instead of binding Spring Boot, you can use encryption and decryption by configuring Filter
- Spring Cloud Zuul framework can also support
- Support user-defined encryption algorithm
GitHub address: https://github.com/yinjihuan/...
Sample code: https://github.com/yinjihuan/...
monkey-api-encrypt was not released to the Maven central warehouse, but to the jitpack warehouse. You can also download the source code package and upload it to your company's private clothes.
The Benefits of Automatic Encryption and Decryption
Traditional practices are as follows:
// The data coming from the client is the encrypted string. public String add(String data) { // 1. Decrypt the data through the tool class, and then serialize it into objects for use // 2. Processing business logic. When data is returned, the data is encrypted back to the client with the tool class. }
The disadvantage is that the logic of encryption and decryption must be handled manually in each business method.
By using monkey-api-encrypt, developers can avoid paying attention to the logic of encryption and decryption, such as:
@PostMapping("/save") public UserResult add(@RequestBody User data) { UserResult result = new UserResult (); result.setXXX.... return result; }
The above code is exactly the same as usual. There is no logic of encryption and decryption. When data needs to be encrypted and decrypted, only a filter is needed to configure and then specify which URI s need to be encrypted and decrypted. Let's learn how to use monkey-api-encrypt.
Rapid use
Listed below in the jitpack repository
Step 1: Add warehouse address to pom.xml
<repositories> <repository> <id>jitpack.io</id> <url>https://jitpack.io</url> </repository> </repositories>
Step 2: Increase project dependency
<dependency> <groupId>com.github.yinjihuan</groupId> <artifactId>monkey-api-encrypt</artifactId> <version>1.1.1</version> </dependency>
Step 3: Configure encryption and decryption filters (configuration in Spring Boot)
@Configuration public class FilterConfig { @Bean public FilterRegistrationBean<EncryptionFilter> filterRegistration() { EncryptionConfig config = new EncryptionConfig(); config.setKey("abcdef0123456789"); config.setRequestDecyptUriList(Arrays.asList("/save", "/decryptEntityXml")); config.setResponseEncryptUriList(Arrays.asList("/encryptStr", "/encryptEntity", "/save", "/encryptEntityXml", "/decryptEntityXml")); FilterRegistrationBean<EncryptionFilter> registration = new FilterRegistrationBean<EncryptionFilter>(); registration.setFilter(new EncryptionFilter(config)); registration.addUrlPatterns("/*"); registration.setName("EncryptionFilter"); registration.setOrder(1); return registration; } }
- EncryptionConfig
EncryptionConfig is a configuration class for encryption and decryption. The configuration items are defined as follows:
public class EncryptionConfig { /** * AES Encryption Key, length must be 16 */ private String key = "d7b85f6e214abcda"; /** * Interface URI < br> requiring encryption of response content * For example: / user / list < br > * URI in @PathVariable format is not supported */ private List<String> responseEncryptUriList = new ArrayList<String>(); /** * Interface URI < br> requiring decryption of request content * For example: / user / list < br > * URI in @PathVariable format is not supported */ private List<String> requestDecyptUriList = new ArrayList<String>(); /** * Response data coding */ private String responseCharset = "UTF-8"; /** * Open debugging mode without encryption and decryption in debugging mode for online API test scenarios like Swagger */ private boolean debug = false; }
Custom Encryption Algorithms
AES encryption algorithm is built in to encrypt and decrypt data. At the same time, users can customize the algorithm to replace the built-in algorithm.
Custom algorithms need to implement the EncryptAlgorithm interface:
/** * Custom RSA algorithm * * @author yinjihuan * * @date 2019-01-12 * * @about http://cxytiandi.com/about * */ public class RsaEncryptAlgorithm implements EncryptAlgorithm { public String encrypt(String content, String encryptKey) throws Exception { return RSAUtils.encryptByPublicKey(content); } public String decrypt(String encryptStr, String decryptKey) throws Exception { return RSAUtils.decryptByPrivateKey(encryptStr); } }
Specify the algorithm when registering Filter:
EncryptionConfig config = new EncryptionConfig(); registration.setFilter(new EncryptionFilter(config, new RsaEncryptAlgorithm()));
Common problem
1. How to use Spring Cloud Zuul?
The way it is used is the same as in Spring Boot, no difference.
2. What if all requests need to be encrypted and decrypted?
When RequestDecyptUriList and ResponseEncryptUriList are not configured by default, all requests are processed (requests within the scope specified by the interceptor)
3. What should Swagger do when testing the interface?
You can turn on debugging mode, instead of encrypting and decrypting requests, by configuring debug=true
4. Can RequestDecyptUriList and ResponseEncryptUriList support / user /* pattern matching?
The filter itself has this function, so the framework is completely matched equal, you can specify the interface address to be processed by registering. addUrlPatterns ("/user/", "order/") of the filter.