More than 10 days later, monkey-api-encrypt released the second version, or thanks to some friends who are using it and asked some questions.
GitHub home page: https://github.com/yinjihuan/monkey-api-encrypt
This update is as follows:
- Support Spring Boot configuration
- Supporting Annotation Opening Encryption and Decryption (in Spring Boot)
- Add Spring MVC examples
Manual Registration Filter Use
@Configuration public class FilterConfig { @Bean public FilterRegistrationBean<EncryptionFilter> filterRegistration() { EncryptionConfig config = new EncryptionConfig(); config.setKey("abcdef0123456789"); config.setRequestDecyptUriList(Arrays.asList("/save", "/decryptEntityXml")); config.setResponseEncryptUriList(Arrays.asList("/encryptStr", "/encryptEntity", "/save", "/encryptEntityXml", "/decryptEntityXml")); FilterRegistrationBean<EncryptionFilter> registration = new FilterRegistrationBean<EncryptionFilter>(); registration.setFilter(new EncryptionFilter(config)); registration.addUrlPatterns("/*"); registration.setName("EncryptionFilter"); registration.setOrder(1); return registration; } }
Spring Boot Starter
Start the class encryption @EnableEncrypt annotation, open the automatic configuration of encryption and decryption, omit the step of manual registration of Filter
@EnableEncrypt @SpringBootApplication public class App { public static void main(String[] args) { SpringApplication.run(App.class, args); } }
Configure the encrypted information in the configuration file, which is EncryptionConfig
spring.encrypt.key=abcdef0123456789 spring.encrypt.requestDecyptUriList[0]=/save spring.encrypt.requestDecyptUriList[1]=/decryptEntityXml spring.encrypt.responseEncryptUriList[0]=/encryptStr spring.encrypt.responseEncryptUriList[1]=/encryptEntity spring.encrypt.responseEncryptUriList[2]=/save spring.encrypt.responseEncryptUriList[3]=/encryptEntityXml spring.encrypt.responseEncryptUriList[4]=/decryptEntityXml
If you feel that the configuration is more cumbersome, you have many encryption and decryption interfaces, which need a lot of configuration, you can also use another way to identify encryption and decryption, that is, annotation.
The response data needs to be encrypted by adding the @Encrypt annotation to the interface method
@Encrypt @GetMapping("/encryptEntity") public UserDto encryptEntity() { UserDto dto = new UserDto(); dto.setId(1); dto.setName("Encrypted entity object"); return dto; }
The received data needs to be decrypted, and the @Decrypt annotation is added to the method of the interface.
@Decrypt @PostMapping("/save") public UserDto save(@RequestBody UserDto dto) { System.err.println(dto.getId() + "\t" + dto.getName()); return dto; }
At the same time, we need to encrypt and decrypt, so we can add both annotations.
@Encrypt @Decrypt @PostMapping("/save") public UserDto save(@RequestBody UserDto dto) { System.err.println(dto.getId() + "\t" + dto.getName()); return dto; }
Use in Spring MVC
Filter can be registered directly in web.xml in Spring MVC. It is inconvenient to transfer configuration parameters. We can configure a custom filter and then configure EncryptionFilter in this filter.
public class ApiEncryptionFilter implements Filter { EncryptionFilter filter = null; @Override public void init(FilterConfig filterConfig) throws ServletException { EncryptionConfig config = new EncryptionConfig(); config.setKey("abcdef0123456789"); config.setRequestDecyptUriList(Arrays.asList("/save")); config.setResponseEncryptUriList(Arrays.asList("/encryptEntity")); filter = new EncryptionFilter(config); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { filter.doFilter(request, response, chain); } @Override public void destroy() { } }
web.xml
<filter> <description>Custom Encryption and Decryption Filter</description> <filter-name>ApiEncryptionFilter</filter-name> <filter-class>com.cxytiandi.mvc.filter.ApiEncryptionFilter</filter-class> </filter> <filter-mapping> <filter-name>ApiEncryptionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
If you need to use annotations, you need to configure ApiEncryptDataInit in spring's xml
<bean id="apiEncryptDataInit" class="com.cxytiandi.encrypt.springboot.init.ApiEncryptDataInit"></bean>
Matters needing attention
Either the encryption and decryption function is turned on by manually registering the Filter, the Encryption Config is manually constructed and passed into the Encryption Filter, or the encryption and decryption function is turned on by @EnableEncrypt.
@ Enable Encrypt + configuration files can be used in Spring Boot,Spring Cloud Zuul
@ EnableEncrypt+@Encrypt+@Decrypt can be used in Spring Boot, Spring MVC
The same URI problem
When there are two identical URIs, such as / user for GET requests and / user for POST requests. If we only want to deal with one of them, our logic is to match according to the URI, which will affect the other, because the URI is the same.
If you use the @Encrypt+@Decrypt approach, the framework automatically processes, prefixing each URI to differentiate between different requests. Extended attribute values are also provided. value attributes are available in @Encrypt+@Decrypt and URI can be configured manually. Because some frameworks don't use Spring MVC annotations, such as CXF, the framework can't adapt all annotations, which can be configured with URI attributes.
The configuration format is: request type + URI for access
get:/user post:/user
Included in the configuration file can also be prefixed to distinguish the same URI.
Welcome to join my knowledge planet, exchange technology, and learn ape-heaven-and-earth courses for free.( http://cxytiandi.com/course)
