在实际业务场景中,往往需要在数据库中存储客户的某些关键敏感信息,例如:身份证号、银行卡号、姓名、手机号等,这些信息通常需要加密处理,按照合规要求存储以满足合规要求。痛点一:通常的解决方法是,我们在写SQL的时候,手动将对应的加密字段加密后再插入,查询的时候再手动解密再使用。这种方式当然可行,但是使用起来非常不方便和繁琐,使得日常业务开发和存储合规的细节紧密耦合。痛点二:对于一些一开始就没有实施合规脱敏的系统,为了快速上线,如何在更快的让现有业务满足合规要求的同时,尽量减少对原有系统的改造。(通常这个过程至少包括:1.添加脱敏列存储2.同步数据迁移3.业务代码兼容逻辑等)。ApacheShardingSphere下有一个数据屏蔽模块,集成了常用的数据屏蔽功能。基本原理是对用户输入的SQL进行分析拦截,根据用户的脱敏配置对SQL进行改写,从而实现对原文字段的加密和加密字段的解密。最终实现对用户不敏感的加密、解密、存储和查询。脱敏配置快速入门——Spring显示配置:下面介绍如何基于Spring快速让系统支持脱敏配置。SpringBoot学习笔记,推荐给大家学习。1.引入依赖org.apache.shardingspheresharding-jdbc-spring-namespace${sharding-sphere.版本}2.创建脱敏配置规则对象在创建数据源之前,需要准备一个EncryptRuleConfiguration,用于脱敏配置。下面是一个例子。对于同一数据源中的两个表card_info,pay_order的不同字段采用AES加密:EncryptorRuleConfigurationencryptorConfig=newEncryptorRuleConfiguration("AES",props);//自定义算法//props.setProperty("qb.finance.aes.key.value",aeskey);//EncryptorRuleConfigurationencryptorConfig=newEncryptorRuleConfiguration("QB-FINANCE-AES",props);EncryptRuleConfigurationencryptRuleConfig=newEncryptRuleConfiguration();encryptRuleConfig.getEncryptors().put("aes",encryptorConfig);//开始:删除card_info表加密设置{EncryptColumnRuleConfigurationcolumnConfig1=newEncryptColumnRuleConfiguration("","name","","aes");EncryptColumnRuleConfigurationcolumnConfig2=newEncryptColumnRuleConfiguration("","id_no","","aes");EncryptColumnRuleConfigurationcolumnConfig3=newEncryptColumnRuleConfiguration("","finshell_card_no","","aes");MapcolumnConfigMaps=newHashMap<>();columnConfigMaps.put("name",columnConfig1);columnConfigMaps.put("id_no",columnConfig2);columnConfigMaps.put("finshell_card_no",columnConfig3);EncryptTableRuleConfigurationtableConfig=newEncryptTableRuleConfiguration(columnConfigMaps);encryptRuleConfig.getTables().put("card_info",tableConfig);}//END:card_info表的脱敏配置//START:pay_order表的脱敏配置{EncryptColumnRuleConfigurationcolumnConfig1=newEncryptColumnRule配置("","card_no","","aes");MapcolumnConfigMaps=newHashMap<>();columnConfigMaps.put("card_no",columnConfig1);EncryptTableRuleConfigurationtableConfig=newEncryptTableRuleConfiguration(columnConfigMaps).getTables().put("pay_order",tableConfig);}log.info("脱敏配置完成:{}",encryptRuleConfig);returnencryptRuleConfig;}使用说明:1、创建EncryptColumnRuleConfiguration时有四个参数。两个参数子表分别称为plainColumn和cipherColumn,表示数据库存储中真正的两列(名称文本列和脱敏列)。对于新系统,只需要设置脱敏列,所以上面的例子是plainColumn2。创建EncryptTableRuleConfiguration时,需要传入一个map。此映射中存储的值是#1中描述的EncryptColumnRuleConfiguration,其键是一个逻辑列。对于新系统来说,这个逻辑栏目才是真正的脱敏List。ShardingShpere在拦截SQL重写时,会根据用户的配置,将逻辑列映射为命名文本列或脱敏列(默认)。示例3.使用ShardingSphere的数据源对原始数据源进行管理和封装一层@Bean("tradePlatformDataSource")publicDataSourcedataSource(@Qualifier("druidDataSource")DataSources)throwsSQLException{returnEncryptDataSourceFactory.createDataSource(ds,getEncryptRuleConfiguration(),newProperties());}脱敏配置快速入门——SpringBoot版本:以下步骤由SpringBoot管理,仅通过配置文件即可解决:1.引入依赖org.apache.shardingspheresharding-jdbc-spring-boot-starter<版本>${sharding-sphere.version}org.apache.shardingspheresharding-jdbc-spring-namespace${sharding-sphere.version}依赖>2。Spring配置文件spring.shardingsphere.datasource.name=dsspring.shardingsphere.datasource.ds.type=com.alibaba.druid.pool.DruidDataSourcespring.shardingsphere.datasource.ds.driver-class-name=com.mysql.jdbc.Driverspring.shardingsphere.datasource.ds.url=xxxxxxxxxxxxxspring.shardingsphere.datasource.ds.username=xxxxxxxspring.shardingsphere.datasource.ds.password=xxxxxxxxxxxx#默认的AES加密器spring.shardingsphere.encrypt.encryptors.encryptor_aes.type=aessspring.shardingsphere.encrypt.encryptors.encryptor_aes.props.aes.key.value=hkiqAXU6Ur5fixGHaO4Lb2V2ggausYwW#card_info名称AES加密spring.shardingsphere.encrypt.tables.card_info.columns.name.cipherColumn=namespring.shardingsphere.encrypt.tables.card_info.columns.name.encryptor=encryptor_aes#card_信息身AES加密spring.shardingsphere.encrypt.tables.card_info.columns.id_no.cipherColumn=id_nospring.shardingsphere.encrypt.tables.card_info.columns.id_no.encryptor=encryptor_aes#card_info银行卡号AES加密spring.shardingsphere.encrypt.tables.card_info.columns.finshell_card_no.cipherColumn=finshell_card_nospring.shardingsphere.encrypt.tables.card_info.columns.finshell_card_no.encryptor=encryptor_aes#pay_order银行卡号AES加密spring.shardingsphere.encrypt.tables.pay_order.columns.card_no.cipherColumn=card_nospring.shardingcard.aysphereenderstable。.columns.card_no.encryptor=encryptor_aes另外关注公众号Java技术栈,后台回复:面试,可以拿到我整理的Java系列面试题及答案,很全