MyBatis在SpringBoot2中的數據加密與解密

在Spring Boot 2中使用MyBatis進行數據加密和解密，你可以使用Java的加密庫（如Java Cryptography Extension, JCE）或者第三方加密庫（如Bouncy Castle）來實現。這里我將介紹如何使用Java自帶的加密庫來實現數據加密和解密。

1. 首先，你需要在pom.xml文件中添加Java加密庫的依賴：

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.68</version>
</dependency>

2. 創建一個加密工具類，用于實現數據的加密和解密：

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;

public class EncryptionUtil {

    private static final String ALGORITHM = "AES";
    private static final String TRANSFORMATION = "AES/ECB/PKCS5Padding";

    public static SecretKey generateSecretKey() throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM);
        keyGenerator.init(128);
        return keyGenerator.generateKey();
    }

    public static String encrypt(String data, SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
        byte[] encryptedBytes = cipher.doFinal(data.getBytes());
        return Base64.getEncoder().encodeToString(encryptedBytes);
    }

    public static String decrypt(String encryptedData, SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(Cipher.DECRYPT_MODE, secretKey);
        byte[] decodedBytes = Base64.getDecoder().decode(encryptedData);
        return new String(cipher.doFinal(decodedBytes));
    }
}

3. 在你的實體類中，使用@ColumnTransformer注解來實現數據加密和解密：

import javax.persistence.Column;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import org.apache.ibatis.annotations.ColumnTransformer;

public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    @Column
    @ColumnTransformer(write = "AES_ENCRYPT(?, #{secretKey})", read = "AES_DECRYPT(?, #{secretKey})")
    private String sensitiveData;

    // 省略getter和setter方法
}

4. 在你的application.properties文件中，設置加密密鑰：

mybatis.configuration.map-underscore-to-camel-case=true
mybatis.configuration.default-fetch-size=100
mybatis.configuration.default-statement-timeout=30
mybatis.configuration.default-result-set-type=org.apache.ibatis.resultset.DefaultResultSetType
mybatis.configuration.default-logging-level=INFO

# 設置加密密鑰
encryption.key=your_secret_key_here

5. 在你的UserMapper.xml文件中，編寫對應的SQL語句：

<mapper namespace="com.example.demo.mapper.UserMapper">
    <select id="getUserById" resultType="com.example.demo.entity.User">
        SELECT * FROM user WHERE id = #{id}
    </select>

    <insert id="insertUser" parameterType="com.example.demo.entity.User">
        INSERT INTO user (id, sensitive_data) VALUES (#{id}, #{sensitiveData})
    </insert>
</mapper>

現在，當你使用MyBatis插入和查詢數據時，敏感數據將會自動加密和解密。請確保將your_secret_key_here替換為你自己的密鑰。