MyBatis在SpringBoot2中的数据加密与解密

在Spring Boot 2中使用MyBatis进行数据加密和解密，你可以使用Java的加密库（如Java Cryptography Extension, JCE）或者第三方加密库（如Bouncy Castle）来实现。这里我将介绍如何使用Java自带的加密库来实现数据加密和解密。

1. 首先，你需要在pom.xml文件中添加Java加密库的依赖：

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.68</version>
</dependency>

2. 创建一个加密工具类，用于实现数据的加密和解密：

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;

public class EncryptionUtil {

    private static final String ALGORITHM = "AES";
    private static final String TRANSFORMATION = "AES/ECB/PKCS5Padding";

    public static SecretKey generateSecretKey() throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM);
        keyGenerator.init(128);
        return keyGenerator.generateKey();
    }

    public static String encrypt(String data, SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
        byte[] encryptedBytes = cipher.doFinal(data.getBytes());
        return Base64.getEncoder().encodeToString(encryptedBytes);
    }

    public static String decrypt(String encryptedData, SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(Cipher.DECRYPT_MODE, secretKey);
        byte[] decodedBytes = Base64.getDecoder().decode(encryptedData);
        return new String(cipher.doFinal(decodedBytes));
    }
}

3. 在你的实体类中，使用@ColumnTransformer注解来实现数据加密和解密：

import javax.persistence.Column;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import org.apache.ibatis.annotations.ColumnTransformer;

public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    @Column
    @ColumnTransformer(write = "AES_ENCRYPT(?, #{secretKey})", read = "AES_DECRYPT(?, #{secretKey})")
    private String sensitiveData;

    // 省略getter和setter方法
}

4. 在你的application.properties文件中，设置加密密钥：

mybatis.configuration.map-underscore-to-camel-case=true
mybatis.configuration.default-fetch-size=100
mybatis.configuration.default-statement-timeout=30
mybatis.configuration.default-result-set-type=org.apache.ibatis.resultset.DefaultResultSetType
mybatis.configuration.default-logging-level=INFO

# 设置加密密钥
encryption.key=your_secret_key_here

5. 在你的UserMapper.xml文件中，编写对应的SQL语句：

<mapper namespace="com.example.demo.mapper.UserMapper">
    <select id="getUserById" resultType="com.example.demo.entity.User">
        SELECT * FROM user WHERE id = #{id}
    </select>

    <insert id="insertUser" parameterType="com.example.demo.entity.User">
        INSERT INTO user (id, sensitive_data) VALUES (#{id}, #{sensitiveData})
    </insert>
</mapper>

现在，当你使用MyBatis插入和查询数据时，敏感数据将会自动加密和解密。请确保将your_secret_key_here替换为你自己的密钥。