Encryption

Background

Spring Namespace’s data encryption configuration applies to the traditional Spring projects. Sharding rules and attributes are configured through the XML configuration file of the namespace. Spring creates and manages the ShardingSphereDataSource object, reducing unnecessary coding.

Parameters

Namespace: http://shardingsphere.apache.org/schema/shardingsphere/encrypt/encrypt-5.2.1.xsd

<encrypt:rule />

NameTypeDescriptionDefault Value
idAttributeSpring Bean Id
queryWithCipherColumn (?)AttributeWhether query with cipher column for data encrypt. User you can use plaintext to query if havetrue
table (+)TagEncrypt table configuration

<encrypt:table />

NameTypeDescription
nameAttributeEncrypt table name
column (+)TagEncrypt column configuration
query-with-cipher-column(?) (?)AttributeWhether the table query with cipher column for data encrypt. User you can use plaintext to query if have

<encrypt:column />

NameTypeDescription
logic-columnAttributeColumn logic name
cipher-columnAttributeCipher column name
assisted-query-column (?)AttributeAssisted query column name
plain-column (?)AttributePlain column name
encrypt-algorithm-refAttributeEncrypt algorithm name

<encrypt:encrypt-algorithm />

NameTypeDescription
idAttributeEncrypt algorithm name
typeAttributeEncrypt algorithm type
props (?)TagEncrypt algorithm properties

Please refer to Built-in Encrypt Algorithm List for more details about type of algorithm.

Procedure

  1. Configure data encryption rules in the Spring namespace configuration file, including data sources, encryption rules, and global attributes.
  2. Start the Spring program, and it will automatically load the configuration and initialize the ShardingSphereDataSource.

Sample

  1. <beans xmlns="http://www.springframework.org/schema/beans"
  2.        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3.        xmlns:shardingsphere="http://shardingsphere.apache.org/schema/shardingsphere/datasource"
  4.        xmlns:context="http://www.springframework.org/schema/context"
  5.        xmlns:tx="http://www.springframework.org/schema/tx"
  6.        xmlns:encrypt="http://shardingsphere.apache.org/schema/shardingsphere/encrypt"
  7.        xsi:schemaLocation="http://www.springframework.org/schema/beans
  8.                            http://www.springframework.org/schema/beans/spring-beans.xsd 
  9.                            http://www.springframework.org/schema/tx 
  10.                            http://www.springframework.org/schema/tx/spring-tx.xsd
  11.                            http://www.springframework.org/schema/context 
  12.                            http://www.springframework.org/schema/context/spring-context.xsd
  13.                            http://shardingsphere.apache.org/schema/shardingsphere/datasource
  14.                            http://shardingsphere.apache.org/schema/shardingsphere/datasource/datasource.xsd
  15.                            http://shardingsphere.apache.org/schema/shardingsphere/encrypt
  16.                            http://shardingsphere.apache.org/schema/shardingsphere/encrypt/encrypt.xsd 
  17.                            ">
  18.     <context:component-scan base-package="org.apache.shardingsphere.example.core.mybatis" />
  20.     <bean id="ds" class="com.zaxxer.hikari.HikariDataSource" destroy-method="close">
  21.         <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
  22.         <property name="jdbcUrl" value="jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&amp;useSSL=false&amp;useUnicode=true&amp;characterEncoding=UTF-8"/>
  23.         <property name="username" value="root"/>
  24.         <property name="password" value=""/>
  25.     </bean>
  27.     <encrypt:encrypt-algorithm id="name_encryptor" type="AES">
  28.         <props>
  29.             <prop key="aes-key-value">123456</prop>
  30.         </props>
  31.     </encrypt:encrypt-algorithm>
  32.     <encrypt:encrypt-algorithm id="pwd_encryptor" type="assistedTest" />
  34.     <encrypt:rule id="encryptRule">
  35.         <encrypt:table name="t_user">
  36.             <encrypt:column logic-column="username" cipher-column="username" plain-column="username_plain" encrypt-algorithm-ref="name_encryptor" />
  37.             <encrypt:column logic-column="pwd" cipher-column="pwd" assisted-query-column="assisted_query_pwd" encrypt-algorithm-ref="pwd_encryptor" />
  38.         </encrypt:table>
  39.     </encrypt:rule>
  41.     <shardingsphere:data-source id="encryptDataSource" data-source-names="ds" rule-refs="encryptRule" />
  43.     <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
  44.         <property name="dataSource" ref="encryptDataSource" />
  45.     </bean>
  46.     <tx:annotation-driven />
  48.     <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
  49.         <property name="dataSource" ref="encryptDataSource"/>
  50.         <property name="mapperLocations" value="classpath*:META-INF/mappers/*.xml"/>
  51.     </bean>
  53.     <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
  54.         <property name="basePackage" value="org.apache.shardingsphere.example.core.mybatis.repository"/>
  55.         <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"/>
  56.     </bean>
  57. </beans>