Jasypt实现数据加解密(脱敏)

article/2025/10/9 0:20:58

场景一：对配置文件中的裸露的密码进行加密

1、添加依赖

        <dependency><groupId>com.github.ulisesbocchio</groupId><artifactId>jasypt-spring-boot-starter</artifactId><version>3.0.4</version></dependency>

2、配置文件application.yml中进行下面配置

jasypt:encryptor:property:prefix: "abc["suffix: "]"password: encrypass

说明：

Jasypt默认格式是ENC(XXX)，格式主要是为了便于识别该值是否需要解密，如果不按照格式配置，在加载配置的时候将保持原值，不进行解密。如上所示配置prefixx和suffix，则是修改默认的格式为adb[]

password是加密密钥，一般不建议直接放在项目内，可以通过启动时-D参数注入，或者放在配置中心，避免泄露

3、预先生成加密值，可以通过代码内调试API生成

4、替换加密字符

场景二：数据脱敏

部分隐私数据，入库的时候要进行数据脱敏处理，查询的时候还要进行反向解密，使用AOP切面来实现

1、定义两个注解@EncryptField、@EncryptMethod分别用在字段属性和方法上，实现思路很简单，只要方法上应用到@EncryptMethod注解，则检查入参字段是否标注@EncryptField注解，有则将对应字段内容加密

import java.lang.annotation.*;@Documented
@Target({ElementType.FIELD,ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptField {String[] value() default "";}

import java.lang.annotation.*;
import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptMethod {String type() default ENCRYPT;}

public interface EncryptConstant {// 加密String ENCRYPT = "encrypt";// 解密String DECRYPT = "decrypt";
}

2、使用AOP切面实现入参加密，出参解密

import com.one.smile.test.utils.EncryptField;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.lang.reflect.Field;
import java.util.Objects;
import static com.one.smile.test.utils.EncryptConstant.DECRYPT;
import static com.one.smile.test.utils.EncryptConstant.ENCRYPT;@Slf4j
@Aspect
@Component
public class EncryptHandler {@Autowiredprivate StringEncryptor stringEncryptor;@Pointcut("@annotation(com.one.smile.test.utils.EncryptMethod)")public void pointCut() {}@Around("pointCut()")public Object around(ProceedingJoinPoint joinPoint) {/*** 加密*/encrypt(joinPoint);/*** 解密*/Object decrypt = decrypt(joinPoint);return decrypt;}public void encrypt(ProceedingJoinPoint joinPoint) {try {Object[] objects = joinPoint.getArgs();if (objects.length != 0) {for (Object o : objects) {if (o instanceof String) {encryptValue(o);} else {handler(o, ENCRYPT);}//TODO 其余类型自己看实际情况加}}} catch (IllegalAccessException e) {e.printStackTrace();}}public Object decrypt(ProceedingJoinPoint joinPoint) {Object result = null;try {Object obj = joinPoint.proceed();if (obj != null) {if (obj instanceof String) {decryptValue(obj);} else {result = handler(obj, DECRYPT);}//TODO 其余类型自己看实际情况加}} catch (Throwable e) {e.printStackTrace();}return result;}private Object handler(Object obj, String type) throws IllegalAccessException {if (Objects.isNull(obj)) {return null;}Field[] fields = obj.getClass().getDeclaredFields();for (Field field : fields) {boolean hasSecureField = field.isAnnotationPresent(EncryptField.class);if (hasSecureField) {field.setAccessible(true);String realValue = (String) field.get(obj);String value;if (DECRYPT.equals(type)) {value = stringEncryptor.decrypt(realValue);} else {value = stringEncryptor.encrypt(realValue);}field.set(obj, value);}}return obj;}public String encryptValue(Object realValue) {String value = null;try {value = stringEncryptor.encrypt(String.valueOf(realValue));} catch (Exception ex) {return value;}return value;}public String decryptValue(Object realValue) {String value = String.valueOf(realValue);try {value = stringEncryptor.decrypt(value);} catch (Exception ex) {return value;}return value;}}

3、测试

@RestController
@RequestMapping("/encry")
public class EncryController {@EncryptMethod@PostMapping(value = "test")@ResponseBodypublic Object testEncrypt(@RequestBody UserVo userVo,@EncryptField String name){System.out.println("加密后的数据：user" + JSON.toJSONString(userVo) + name);return userVo;}}

@Data
public class UserVo implements Serializable {private Long userId;@EncryptFieldprivate String mobile;@EncryptFieldprivate String address;private String age;}