Spring Boot-加密JSON数据 [英] Spring Boot - Encrypt JSON data

问题描述

在我们的应用程序中，我们必须对每个请求和响应的Json属性值(而不是属性名称)进行加密/解密. 例子，
{"userName":"encrypted value", "email":"encrypted value"}

In our application we have to encrypt/decrypt the Json property values (not the property name) for each request and response. Example,
{"userName":"encrypted value", "email":"encrypted value"}

我们使用Sprint boot 1.3，并使用 @RequestBody 和 @ResponseBody 批注将请求json与对象绑定，并将响应对象序列化为JSON.

We use Sprint boot 1.3 and we are using @RequestBody and @ResponseBody annotations to bind the request json with the object and serialise the response object as JSON.

我们不想不想在每个控制器方法中调用加密/解密方法.有什么方法可以指示sprint在与请求对象绑定之前解密json值?同样，要在将响应对象字段值转换为json之前对其进行加密?或者自定义Jackson可能对我们有帮助?

We don't want to call encrypt/decrypt method in our each controller method. Is there any way we can instruct sprint to decrypt the json values before binding with the request object? Similarly, to encrypt the response object field values before converting them to json? Or customising Jackson may help us?

谢谢！

推荐答案

您可以编写自己的http消息转换器.由于您使用的是Spring Boot，因此非常简单:只需从AbstractHttpMessageConverter扩展自定义转换器，并用@Component批注标记该类.

You can write your own http message converter. Since you are using spring boot it would be quite easy: just extend your custom converter from AbstractHttpMessageConverter and mark the class with @Component annotation.

来自春季文档:

您可以通过在Spring Boot上下文中简单地添加该类型的bean来贡献额外的转换器.如果您添加的bean的类型无论如何都是默认包含的(例如用于JSON转换的MappingJackson2HttpMessageConverter)，它将替换默认值.

You can contribute additional converters by simply adding beans of that type in a Spring Boot context. If a bean you add is of a type that would have been included by default anyway (like MappingJackson2HttpMessageConverter for JSON conversions) then it will replace the default value.

这是一个简单的示例:

@Component
public class Converter extends AbstractHttpMessageConverter<Object> {

    public static final Charset DEFAULT_CHARSET = Charset.forName("UTF-8");

    @Inject
    private ObjectMapper objectMapper;

    public Converter(){
        super(MediaType.APPLICATION_JSON_UTF8,
            new MediaType("application", "*+json", DEFAULT_CHARSET));
    }

    @Override
    protected boolean supports(Class<?> clazz) {
        return true;
    }

    @Override
    protected Object readInternal(Class<? extends Object> clazz,
                                  HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
        return objectMapper.readValue(decrypt(inputMessage.getBody()), clazz);
    }

    @Override
    protected void writeInternal(Object o, HttpOutputMessage outputMessage) throws IOException, HttpMessageNotWritableException {
        outputMessage.getBody().write(encrypt(objectMapper.writeValueAsBytes(o)));
    }

    private InputStream decrypt(InputStream inputStream){
        // do your decryption here 
        return inputStream;
    }

    private byte[] encrypt(byte[] bytesToEncrypt){
        // do your encryption here 
        return bytesToEncrypt;
    }
}

这篇关于Spring Boot-加密JSON数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！