xiaoku
2023-04-04
目录

simple-starter-encrypt

# 简介

提供注解简化使用:数据脱敏 、接口请求参数或返回参数Rsa加密解密

# 数据脱敏

加密规则有通用模板、或自定义
服务类返回参数支持单体字段、列表、实体嵌套

# 接口请求参数或返回参数Rsa加密解密

支持开启全局所有接口加解密
支持单独注解 对接口请求参数解密 或 对接口返回参数加密
支持复合注解 对接口请求参数解密 及 对接口返回参数加密
支持对请求参数增时间戳校验功能 默认关闭 默认校验时间戳的差值为5秒
对接口请求参数解密 支持如PostMapping的@RequestBody传参解密 支持GetMapping的Url传参解密

# 引入依赖

    <dependencies>
        <dependency>
            <groupId>cn.iosd</groupId>
            <artifactId>simple-starter-encrypt</artifactId>
            <version>Version</version>
        </dependency>
    </dependencies>
1
2
3
4
5
6
7

# 配置项

simple:
  ## simple-starter-encrypt
  encrypt:
    desensitized:
      ##脱敏 缺省项为true
      enabled: true
    rsa:
      ## 接口加密
      secureParams:
        ## 接口请求参数或返回参数Rsa加密解密 缺省项为true
        enabled: true
        ## URL查询参数的请求字段 例:https://ok96.cn/api?encryptedData=xxxxxxx
        urlField: encryptedData
		## 默认关闭全局使用Mapping注解接口加解密 缺省项为false
        all-controller:
          mapping:
            enabled: false
      ## 时间戳校验
      timestampValidation:
        ## 默认关闭校验校验时间戳 缺省项为false
        enabled: true
        ## 校验时间戳的差值 毫秒 默认5秒
        expiryMillis: 60000
      ## 公钥 
      publicKey: |
        MIIBIjAN....
        wQIDAQAB
      ## 私钥 
      privateKey: |
        MIIEvgIBAD...
        s3pFfsfHFj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# 功能项-脱敏

# 方法上启用脱敏

在方法上标注注解:@Desensitized
例:

    @Desensitized
    public PersonVo getPerson() {
        return PersonVo.builder().name("张三").idCard("350061323543513135").address("离开省和你市好多天县谢谢谢谢谢奥所多").phone("15151115112").remark("我是备注奥术大师大所多").normalField("艾维奇重新阿萨德若").build();
    }
1
2
3
4

# 字段脱敏

# 已有脱敏模板

模板列表:

SensitiveRule.CHINESE_NAME
SensitiveRule.ID_CARD
SensitiveRule.FIXED_PHONE
SensitiveRule.MOBILE_PHONE
SensitiveRule.ADDRESS
SensitiveRule.EMAIL
SensitiveRule.BANK_CARD
SensitiveRule.PASSWORD
1
2
3
4
5
6
7
8

示例:

    @Schema(description = "地址")
    @SensitiveField(rule = SensitiveRule.ADDRESS)
    private String address;
1
2
3

# 自定义脱敏规则

# 两侧保留明文

注解:@SensitiveField(rule = SensitiveRule.CUSTOM_BROADSIDE_CLEAR_TEXT, prefixLen = int, suffixLen = int)
prefixLen:自定义规则-左侧几位字段进行操作
suffixLen:自定义规则-右侧几位字段进行操作
示例:

    @Schema(description = "备注-两侧保留明文")
    @SensitiveField(rule = SensitiveRule.CUSTOM_BROADSIDE_CLEAR_TEXT, prefixLen = 2, suffixLen = 2)
    private String remark;
1
2
3
# 两侧密文

注解:@SensitiveField(rule = SensitiveRule.CUSTOM_BROADSIDE_MASK_TEXT, prefixLen = int, suffixLen = int)
prefixLen:自定义规则-左侧几位字段进行操作
suffixLen:自定义规则-右侧几位字段进行操作
示例:

    @Schema(description = "普通字段-两侧密文")
    @SensitiveField(rule = SensitiveRule.CUSTOM_BROADSIDE_MASK_TEXT, prefixLen = 2, suffixLen = 2)
    private String normalField;
1
2
3

# 嵌套实体脱敏

注解:@SensitiveEntity 示例:

@Builder
@NoArgsConstructor
@AllArgsConstructor
public class SuperPersonVo {

    @SensitiveEntity
    private PersonVo personVo;

    @Schema(description = "昵称")
    @SensitiveField(rule = SensitiveRule.CHINESE_NAME)
    private String nickname;

    @Schema(description = "功能")
    private String specificFunction;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

# 功能项-接口加解密

# 接口请求参数解密

使用注解 @DecryptRequestParams

# RequestBody类型

例代码:

    @Operation(summary = "注解测试-请求参数解密-POST")
    @DecryptRequestParams
    @PostMapping(value = "/decryptRequestParams")
    public Response<PersonVo> decryptRequestParams(@RequestBody PersonVo vo) {
        return Response.ok(vo);
    }
1
2
3
4
5
6

在调用接口请求参数,直接传参为加密后的数据,例-直接传参数:

G0JIO0kZgZpJ68MV91CTgadZqpUvlKTZbiC8CB4IKcjFYUjHur8PF5N5YT7APwNzr28887h5FRjJHMP+PDkAZcXhRecdouFUcaPxTBTgIvUawKsk95c6rJdS7K6VwJAGlKTMS//kkStsGcGlyjGdo/XTeQds7SCuv9Tk2umUKoFXcbWYJbXmtV5u/6iG22aEH48LhoVF0OpABSFMemFuZ5AMNeEd0YUGhg18gqmopTw7V8bHtvI22xdASg87lsThCBY6aoUC8MkxALwOsptlllOTgZkdOoXrHoHyiYFbEI7fNmXLEvaDfBYmlzDyvE18SGCrWA9bJmByPU5xxF+dpD7ITYZmNS3JNRSMSdpcMbFmzrVkfUjKCBe2IOe4dLhfNDjWAXXtLqiq3rVuGp6L/ODMBF7y5RY4yy/6GXRHd9jN82x0kkSi9a5jRNYWB7w4xsOt4vJvYDYGWnmTcSu2UZWsJFXbgbkTuTJO/h8RJ+eaMbKC33uraYX02XtHwBKRdDMSdNF5IXEHoE7XpbYYBau9SDieiJHRT/ybzRxmwedqezw6DxbSi928GCCJQmgrrewHKwhKrSsrObuyKjzgc8RMxQev5PC3OXL3WzyD4juuGmnJnW9OSNSiB08rw3tYU0yxSrLv8nWx+mF4isRmKetmVp51854G2GrjQrc/8lg=
1

则 后端接收后将解析解密为对应 PersonVo 实体

{
    "name":"张三",
    "phone":"15151115112",
    "address":"离开省和你市好多天县谢谢谢谢谢奥所多",
    "remark":"我是备注奥术大师大所多",
    "idCard":"350061323543513135",
    "normalField":"艾维奇重新阿萨德若"
}
1
2
3
4
5
6
7
8

# URL查询参数类型

例代码:

    @Operation(summary = "注解测试-请求参数解密-GET")
    @DecryptRequestParams
    @GetMapping(value = "/decryptRequestParams")
    public Response<PersonVo> decryptRequestParamsGet(PersonVo vo) {
        return Response.ok(vo);
    }
1
2
3
4
5
6

在调用接口请求参数,接口传参示例地址为:

http://localhost:11110/rsa/decryptRequestParams?encryptedData=lxP7pSLwIuXSpDLqSZ3V.....
1

若想统一修改请求参数字段encryptedData,则修改如下配置文件

simple.encrypt.rsa.secureParams.urlField=encryptedData
1

# 接口返回参数加密

使用注解 @EncryptResponseParams
例代码:

    @Operation(summary = "注解测试-返回参数加密")
    @GetMapping(value = "/encryptResponse")
    @EncryptResponseParams
    public Response<String> encryptResponse(String reqString) {
        return Response.ok(reqString);
    }
1
2
3
4
5
6

在接口返回数据时,例 原返回数据

{"code":200,"msg":"操作成功","data":"s"}
1

则会将此数据进行加密返回

HWerZn2f5LP38JeUNUTcjTRVWbY530VvcpxtGkKZKz5pdPT5GU62xPHgcztc38eqGtk3HznDBDBFtC9Hbu/4o0XVveLXxZDyXHcD6K6pGt24bywJf0dvrZpYFVcgt39qaZ+MwNCGOnphOgK57kxoc8jzHjvylwMSeIsj+qmhMI1j9igRWq2IP/9/KaVnlBkt6Q5O/4kRztkRtnr2Bu04uwpyGFYYhu6szrVfhEVNrHnCq5hHGJIR40FHN3vN+IsiAKL6+7b7YU9RjcbH5NzGIacbJcnLveOF4zUfKpNMvspBxhEhV1lcNcbZoMqHw6NchBD6IdWAvORRQLOcmQbgRlwPDsE/miHfqp1/5x6C5+EYSnw0i/I6WxsclJ9nSCcLtTQdjiS1ERTMHENAYWrh+LR5xtK7gBV+z1N1pBkPW0VlIRO7Fo70sQRQ1pYQTBSEz+oRFFSt146V9z9TlsNUqes5k1SMsr5Of+XCYIAcXP+1pefhYHkj0u4HX5KOuxWSSUFqkkaXxWWVC0Jy9+LB+0q5qAqDWK1uHLYfH5Eij1aVbK6kgr0YzTA/hlUNG3rFxF4e5dsQqsDNtcpT4ryxeFvGge6ezzQga2irdBb4yjb+FcwqiGNFT+1MXBW9YGvFYMFj1tyM5gUqei82qk6zibcYC3yPHC5d+2K4g6YNPyo=
1

# 复合式注解

此注解集成 接口请求参数解密 和 接口返回参数加密 :@SecureParams
代码示例:

    @Operation(summary = "注解测试-请求参数解密及返回参数加密")
    @SecureParams
    @PostMapping(value = "/decryptAndEncrypt")
    public Response<PersonVo> decryptAndEncrypt(@RequestBody PersonVo vo) {
        return Response.ok(vo);
    }
1
2
3
4
5
6

# 开启全局所有接口加解密

配置参数开启

simple:
  encrypt:
    rsa:
      secureParams:
        enabled: true
        urlField: encryptedData
        #是否启用将所有使用Mapping注解的接口加解密 缺省项为false
        all-controller:
          mapping:
            enabled: true
1
2
3
4
5
6
7
8
9
10

等价于所有使用@RequestMapping、@GetMapping、@PostMapping、@PutMapping、@DeleteMapping的接口上均增加使用注解@SecureParams

# UnEncrypted注解

若需在开启全局加解密功能时,对特定接口无需加解密,在接口上使用@UnEncrypted即可

    @Operation(summary = "测试单体")
    @GetMapping(value = "/person")
    @UnEncrypted
    public Response<PersonVo> person() {
        return Response.ok(service.getPerson());
    }
1
2
3
4
5
6
上次更新: 2024/03/25, 02:28:08
simple-starter-cloud
simple-starter-dict

simple-starter-dict

Copyright © 2019-2024