一、什么是ShardingSphere?
ShardingSphere定位为轻量级 Java 框架,在 Java 的 JDBC 层提供的额外服务。 它使用客户端直连数据库,以 jar 包形式提供服务,无需额外部署和依赖,可理解为增强版的 JDBC 驱动,完全兼容 JDBC 和各种 ORM 框架。
Apache ShardingSphere 旨在构建异构数据库上层的标准和生态。 它关注如何充分合理地利用数据库的计算和存储能力,而并非实现一个全新的数据库。ShardingSphere 站在数据库的上层视角,关注他们之间的协作多于数据库自身。
连接
、增量
和 可插拔
是 Apache ShardingSphere 的核心概念。
连接
:通过对数据库协议、SQL 方言以及数据库存储的灵活适配,快速的连接应用与多模式的异构数据库;增量
:获取数据库的访问流量,并提供流量重定向(数据分片、读写分离、影子库)、流量变形(数据加密、数据脱敏)、流量鉴权(安全、审计、权限)、流量治理(熔断、限流)以及流量分析(服务质量分析、可观察性)等透明化增量功能;可插拔
:项目采用微内核 + 三层可插拔模型,使内核、功能组件以及生态对接完全能够灵活的方式进行插拔式扩展,开发者能够像使用积木一样定制属于自己的独特系统。
二、ShardingSphere实现加解密
2.1、创建用户表
脚本如下
sql
CREATE TABLE `user` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '用户ID',
`email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '邮件',
`nick_name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '昵称',
`pass_word` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '二次密码',
`reg_time` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '注册时间',
`user_name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '用户名',
`salary` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '基本工资',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci;
2.2、springboot 项目添加依赖包
Spring Boot 项目,并添加相关的依赖包:
java
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-boot-example-shardingsphere</artifactId>
<dependencies>
<!--spring boot核心-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<!--spring boot 测试-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--springmvc web-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--mysql 数据源-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!--mybatis 支持-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
<!--shardingsphere数据分片、脱敏工具-->
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>sharding-jdbc-spring-boot-starter</artifactId>
<version>4.1.0</version>
</dependency>
<dependency>
<groupId>org.apache.shardingsphere</groupId>
<artifactId>sharding-jdbc-spring-namespace</artifactId>
<version>4.1.0</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.12</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>aliyun-repos</id>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>aliyun-plugin</id>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</project>
2.3、添加properties配置
在application.properties
文件中,添加shardingsphere
相关配置,即可实现针对某张表的某个字段进行脱敏
java
spring.application.name=spring-boot-example-shardingsphere
server.port=8080
#shardingsphere数据源集成
spring.shardingsphere.datasource.name=ds
spring.shardingsphere.datasource.ds.type=com.zaxxer.hikari.HikariDataSource
spring.shardingsphere.datasource.ds.driver-class-name=com.mysql.cj.jdbc.Driver
spring.shardingsphere.datasource.ds.jdbc-url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&rewriteBatchedStatements=true&allowMultiQueries=true
spring.shardingsphere.datasource.ds.username=root
spring.shardingsphere.datasource.ds.password=123456
#加密方式、密钥配置
spring.shardingsphere.encrypt.encryptors.encryptor_aes.type=aes
spring.shardingsphere.encrypt.encryptors.encryptor_aes.props.aes.key.value=hkiqAXU6Ur5fixGHaO4Lb2V2ggausYwW
#plainColumn表示明文列,cipherColumn表示脱敏列
spring.shardingsphere.encrypt.tables.user.columns.salary.plainColumn=
spring.shardingsphere.encrypt.tables.user.columns.salary.cipherColumn=salary
#spring.shardingsphere.encrypt.tables.user.columns.pass_word.assistedQueryColumn=
spring.shardingsphere.encrypt.tables.user.columns.salary.encryptor=encryptor_aes
spring.shardingsphere.encrypt.tables.user.columns.pass_word.plainColumn=
spring.shardingsphere.encrypt.tables.user.columns.pass_word.cipherColumn=pass_word
spring.shardingsphere.encrypt.tables.user.columns.pass_word.encryptor=encryptor_aes
#sql打印
spring.shardingsphere.props.sql.show=true
spring.shardingsphere.props.query.with.cipher.column=true
#基于xml方法的配置
mybatis.mapper-locations=classpath:mapper/*.xml
其中有几个的配置信息比较重要,spring.shardingsphere.encrypt.tables是指要脱敏的表,user是表名,salary表示user表中的真实列,其中plainColumn指的是明文列,cipherColumn指的是脱敏列,如果是新工程,只需要配置脱敏列即可!
配置示例如下!这里配置user表的salary和pass_word字段未脱敏列
java
#plainColumn表示明文列,cipherColumn表示脱敏列
spring.shardingsphere.encrypt.tables.user.columns.salary.plainColumn=
spring.shardingsphere.encrypt.tables.user.columns.salary.cipherColumn=salary
#spring.shardingsphere.encrypt.tables.user.columns.pass_word.assistedQueryColumn=
spring.shardingsphere.encrypt.tables.user.columns.salary.encryptor=encryptor_aes
spring.shardingsphere.encrypt.tables.user.columns.pass_word.plainColumn=
spring.shardingsphere.encrypt.tables.user.columns.pass_word.cipherColumn=pass_word
spring.shardingsphere.encrypt.tables.user.columns.pass_word.encryptor=encryptor_aes
2.4、编写数据持久层
然后,编写一个数据持久层,用于数据的存储和查询操作。
java
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.lh.shardingsphere.mapper.UserMapperXml" >
<resultMap id="BaseResultMap" type="com.lh.shardingsphere.entity.UserEntity" >
<id column="id" property="id" jdbcType="BIGINT" />
<result column="email" property="email" jdbcType="VARCHAR" />
<result column="nick_name" property="nickName" jdbcType="VARCHAR" />
<result column="pass_word" property="passWord" jdbcType="VARCHAR" />
<result column="reg_time" property="regTime" jdbcType="VARCHAR" />
<result column="user_name" property="userName" jdbcType="VARCHAR" />
<result column="salary" property="salary" jdbcType="VARCHAR" />
</resultMap>
<select id="findAll" resultMap="BaseResultMap">
SELECT * FROM user
</select>
<insert id="insert" parameterType="com.lh.shardingsphere.entity.UserEntity">
INSERT INTO user(id,email,nick_name,pass_word,reg_time,user_name, salary)
VALUES(#{id},#{email},#{nickName},#{passWord},#{regTime},#{userName}, #{salary})
</insert>
</mapper>
java
package com.lh.shardingsphere.mapper;
import com.lh.shardingsphere.entity.UserEntity;
import java.util.List;
/**
* @author LH
*/
public interface UserMapperXml {
/**
* 查询所有的信息
* @return
*/
List<UserEntity> findAll();
/**
* 新增数据
* @param user
*/
void insert(UserEntity user);
}
java
package com.lh.shardingsphere.entity;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
* @author LH
*/
@Data
@AllArgsConstructor
@NoArgsConstructor
@Builder
public class UserEntity {
private Long id;
private String email;
private String nickName;
private String passWord;
private String regTime;
private String userName;
private String salary;
}
2.5、编写测试接口
java
package com.lh.shardingsphere.controller;
import com.lh.shardingsphere.entity.UserEntity;
import com.lh.shardingsphere.mapper.UserMapperXml;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import java.util.List;
/**
* @author LH
*/
@RestController
@RequestMapping("/user")
public class UserController {
@Resource
private UserMapperXml userMapperXml;
@PostMapping("/in")
public void insert() throws Exception {
UserEntity entity = new UserEntity();
entity.setEmail("1751569991@qq.com");
entity.setNickName("rose");
entity.setPassWord("wahaha");
entity.setRegTime("2021-10-10 00:00:00");
entity.setUserName("彩英");
entity.setSalary("9500");
userMapperXml.insert(entity);
}
@GetMapping("/get")
public List<UserEntity> query() throws Exception {
List<UserEntity> dataList = userMapperXml.findAll();
return dataList;
}
}
2.6、ApiPost接口验证
先调插入接口,再调查询接口
数据库留存数据如下,password和salary列实现的脱敏
查询结果如下,查询返回的数据,password和salary脱敏列可以正常返回真是数据
以上就是使用 ShardingSphere-JDBC实现数据库字段的加解密过程的代码示例,仅供参考。
接下来大家思考几个问题:
1、若数据库中留存了已加密和未加密两种数据,如何兼容,保证正确查询数据;
有没有好的解决方案,欢迎评论!