All geek questions in one place

How to encrypt / decrypt data using custom annotation (sleep mode) in spring project

I am developing some RESTFull web services for a project. I use the Spring framework and use gradle to build. The problem is that I want to encrypt and decrypt the data table when writing and reading data. I already have an algorithm (class) for encrypting and decrypting data using AES, etc. I need how to annotate this method for a sleeping entity class, do I need to create a bean for this class?

Example: -

@Column(columnDefinition= "LONGBLOB", name = "card_no")
        @ColumnTransformer(
                read="decrypt(card_no)",
                write="encrypt(?)")
        private String cardNo;

Like me, I want to add my own java method for encryption / decryption.

+4
source share
2 answers

JPA 2.1, @Convert AttributeConverter.

An AttributeConverter , .

public class CreditCard {
  @Convert(converter = CreditCardNumberConverter.class)
  private String creditCardNumber;
}

:

public class CreditCardNumberConverter implements AttributeConverter<String, String> {
  @Override
  public String convertToDatabaseColumn(String attribute) {
    /* perform encryption here */
  }
  @Override
  public String convertToEntityAttribute(String dbData) {
    /* perform decryption here */
  }
}

JPA 2.1, EntityListener @PrePersist, @PreUpdate @PostLoad, .

, EntityListener Pre/Post, -, :

public class CreditCard {    

  // this field could have package private get/set methods  
  @Column(name = "card_number", length = 25, nullable = false)
  private String encrpytedCardNumber;

  // this is the public operated upon field
  @Transient
  private String cardNumber;

  @PostLoad
  public void decryptCardNumber() {
    // decrypts card number during DATABASE READ
    this.cardNumber = EncryptionUtils.decrypt(encryptedCardNumber);
  }

  @PrePersist
  @PreUpdate
  public void encryptCardNumber() {
    // encrypts card number during INSERT/UPDATE
    this.encryptedCardNumber = EncryptionUtils.encrypt(cardNumber);
  }
}

, , Hibernate, , .

+8

.

  • JPA

. , .

public class CustomListener{
   @Inject
   private EncryptorBean encryptor;


   @PostLoad
   @PostUpdate
   public void decrypt(Object pc) {
      if (!(pc instanceof)) {
         return;
      }

      MyObj obj = (MyObj) pc;

      if (obj.getCardNo() != null) {
         obj.setCardNo(
            encryptor.decryptString(user.getEncryptedCardNo);
      }
   }


   @PrePersist
   @PreUpdate
   public void encrypt(Object pc) {
      if (!(pc instanceof MyObj)) {
         return;
      }

      MyObj obj = (MyObj ) pc;

      if (obj.getCardNo() != null) {
         user.setEncryptedCardNo(
            encryptor.encryptString(user.getCardNo());
      }
   }
}

, cardNo. Transient , cardNo .

  • entity.

     public String getCardNo(){
     return EncrypUtil.decrypt(this.cardNo);
 }

 public void setCardNo(String cardNo){
     this.cardNo = EncrypUtil.encrypt(cardNo);
 }

  • JPA-. iee HibernateInterceptors

    public class CustomInterceptor extends EmptyInterceptor{

    public boolean onSave(Object entity,Serializable id,
         Object[] state,String[] propertyNames,Type[] types)
         throws CallbackException {

         if (entity instanceof MyObj){
             // check if already encrypted or not.
             //(A transient property could be useful)
             entity.setCardNo(EncrypUtils.encrypt(entity.getCardNo()));
         }

  • @Convert

        @Convert(converter = CCConverter.class)
    private String creditCardNumber;

    CCConverter AttributeConverter

, .

+6

Source: https://habr.com/ru/post/1619777/

More articles:


All Articles