• notice
  • Congratulations on the launch of the Sought Tech site

spring mvc rest interface selective encryption decryption example analysis

This article mainly introduces the relevant knowledge of spring mvc rest interface selective encryption and decryption instance analysis. The content is detailed and easy to understand, the operation is simple and fast, and it has certain reference value. I believe you have read this spring mvc rest interface selective encryption and decryption instance analysis. The article will be rewarding, let's take a look at it together.

    1. Demand

    The spring mvc rest interface used to be encrypted with https, but now requires more secure encryption.
    And not all interfaces are encrypted, but some interfaces are encrypted, and the return value of the interface is decrypted.

    2. Analysis

    There are two implementations:

    • 1.Aspect + Annotation

    • 2.interceptor + requestParameter

    The first way is the most flexible: custom annotations, and then process the annotated methods in Aspect.

    The second method can also be implemented: custom interceptor plus request parameters and return parameters, that is, one parameter in the parameters controls whether to encrypt or decrypt.

    The second method is obviously redundant with parameters, the management is unchanged, and it is troublesome to use.
    The first parameter is very good, it is easy to expand, easy to use, and it is recommended to use it.

    3. Realize

    3.1 Annotation method

    3.1.1 Defining annotations
    package com. annotation ;
    
    import java.lang.annotation.*;
    
    @Target(ElementType.METHOD)
    //Use at method level
    @Retention(RetentionPolicy.RUNTIME)
    //Valid at runtime
    @Documented
    //Generate document
    public @interface Encryption {
    }
    3.1.2 Define annotation Aspect aspect
    package com .aop ;
      import org .aspectj .lang .JoinPoint ;
      import org .aspectj .lang .annotation .After ;
      import org .aspectj .lang .annotation .Aspect ;
      import org .aspectj .lang .annotation .Before ;
      import org . aspectj .lang .annotation .Pointcut ;
      import org .springframework .stereotype .Component ;
      @Aspect
    //Aspect annotation
    @Component
    //Automatic annotation of spring beans
    //aop slice
    public class EncryptionAspect {
    /**
    * closer
    */
    @Pointcut("@annotation(com.startimes.selfserviceApp.annotation.Encryption)")
    public void encryptionPointcut(){
    }
    
    /**
    * Pre-notification--decryption
    * @param joinPoint
    */
    @Before("encryptionPointcut()")
    public void doBefore(JoinPoint joinPoint){
    System .out .println (" encryptionPointcut ");
    }
    
    /**
    * Post notification--encryption
    * @param joinPoint
    */
    @After("encryptionPointcut()")
    public void doAfter(JoinPoint joinPoint){
    System .out .println (" encryptionPointcutAfter ");
    }
    }
    3.1.3 Use

    Add the annotation before the method:
    @Encryption

    Spring mvc rest interface selective encryption and decryption instance analysis

    Spring mvc rest interface selective encryption and decryption instance analysis

    3.2 Interceptors

    3.2.1 Define the interceptor
    package com.interceptor;
    
    import org.springframework.ui.ModelMap;
      import org.springframework.web.context.request.WebRequest;
      import org.springframework.web.context.request.WebRequestInterceptor;
      public class EncryptionInterceptor implements WebRequestInterceptor {
      @Override
    public void preHandle (WebRequest request) throws Exception {
      // TODO: custom code
    System.out.println( "preHandle" );
    }
    @Override
    public void postHandle (WebRequest request, ModelMap model) throws Exception {
      // TODO: custom code
    System.out.println( "postHandle" );
    }
    @Override
    public void afterCompletion (WebRequest request, Exception ex) throws Exception {
      // TODO: custom code
    System.out.println( "afterCompletion" );
    }
    }
    3.2.2 Configure the interceptor

    Spring mvc rest interface selective encryption and decryption instance analysis

    3.2.3 Use

    Spring mvc rest interface selective encryption and decryption instance analysis

    No parameters are used. If parameters are used, the parameters are judged in the interceptor, and then processed accordingly.

    4. Encryption

    4.1 Symmetric encryption

    Digital signature encryption is used for interfaces that do not require encryption, that is, https
    uses symmetric encryption with MD5 (session) as the key for interfaces that require encryption.
    Disadvantages: the server and the client need to have the same session

    4.2 Asymmetric encryption

    Asymmetric encryption is used for interfaces that do not require encryption, that is, https + two-way authentication + custom certificate
    . Asymmetric encryption is used for interfaces that require encryption.

    5. Encryption algorithm

    5.1MD5 algorithm

    MD5 uses a hash function, and its typical application is to generate a message digest for a piece of information to prevent tampering. Strictly speaking, MD5 is not an encryption algorithm but a digest algorithm. No matter how long the input is, MD5 will output a string of length 128bits (usually 32 characters in hexadecimal).

    5.2SHA1 algorithm

    SHA1 is the same popular message digest algorithm as MD5, however SHA1 is more secure than MD5. For messages less than 2^64 bits in length, SHA1 produces a 160-bit message digest. Based on the information digest characteristics of MD5 and SHA1 and irreversibility (generally speaking), it can be used in scenarios such as checking file integrity and digital signatures.

    5.3 HMAC algorithm

    HMAC is a key-related hash operation message authentication code (Hash-based Message Authentication Code). HMAC operation uses a hash algorithm (MD5, SHA1, etc.), takes a key and a message as input, and generates a message digest as output .
    The HMAC sender and receiver have the key for calculation, and the third party without the key cannot calculate the correct hash value, which can prevent data from being tampered with.

    5.4 AES/DES/3DES algorithm

    AES, DES, and 3DES are all symmetric block encryption algorithms, and the encryption and decryption process is reversible. Commonly used are AES128, AES192, AES256 (the default installed JDK does not yet support AES256, you need to install the corresponding jce patch to upgrade jce1.7, jce1.8).

    5.5DES algorithm

    The DES encryption algorithm is a block cipher that encrypts data in 64-bit groups, and its key length is 56 bits, and the same algorithm is used for encryption and decryption.
    The DES encryption algorithm keeps the key secret, while the public algorithm includes encryption and decryption algorithms. In this way, only the person who has the same key as the sender can decipher the ciphertext data encrypted by the DES encryption algorithm. Therefore, deciphering the DES encryption algorithm is actually the encoding of the search key. For a key of 56-bit length, the number of operations is 2 ^ 56 if the exhaustive method is used to search.

    5.63DES algorithm

    It is a symmetric algorithm based on DES, which encrypts a piece of data three times with three different keys, with higher strength.

    5.7AES algorithm

    The AES encryption algorithm is an advanced encryption standard in cryptography. The encryption algorithm adopts a symmetric block cipher system. The minimum supported key length is 128 bits, 192 bits, 256 bits, and the block length is 128 bits. The algorithm should be easy for various hardware and software. accomplish. This encryption algorithm is the block encryption standard adopted by the U.S. federal government.
    AES itself is designed to replace DES, AES has better security, efficiency and flexibility.

    5.8 RSA algorithm

    RSA encryption algorithm is currently the most influential public key encryption algorithm, and is generally considered to be one of the best public key schemes at present. RSA is the first algorithm that can be used for both encryption and digital signatures. It is resistant to all cryptographic attacks known so far and has been recommended by ISO as the standard for public key data encryption.
    The RSA encryption algorithm is based on a very simple fact of number theory: it is easy to multiply two large prime numbers together, but it is extremely difficult to factor the product, so the product can be made public as an encryption key.

    5.9ECC algorithm

    ECC is also an asymmetric encryption algorithm, and the main advantage is that in some cases it uses a smaller key than other methods, such as the RSA encryption algorithm, providing a comparable or higher level of security. One disadvantage, however, is that encryption and decryption operations take longer to implement than other mechanisms (compared to the RSA algorithm, which is CPU-intensive).

    6. Comparison of encryption algorithms

    6.1 Hash Algorithms

    name

    safety

    speed

    SHA-1

    high

    slow

    MD5

    middle

    quick

    6.2 Symmetric encryption algorithm

    name

    key length

    running speed

    safety

    LF

    DES

    56

    faster

    Low

    middle

    3DES

    112, 168

    slow

    middle

    high

    AES

    128, 192, 256

    quick

    high

    Low

    6.3 Comparison of Asymmetric Encryption Algorithms

    name

    maturity

    safety

    calculating speed

    LF

    RSA

    high

    high

    middle

    middle

    ECC

    high

    high

    slow

    high

    The content of the article "Analysis of Selective Encryption and Decryption of Spring MVC Rest Interface" is introduced here, thank you for reading! I believe that everyone has a certain understanding of the "spring mvc rest interface selective encryption and decryption instance analysis" knowledge. 


    Tags

    Technical otaku

    Sought technology together

    Related Topic

    0 Comments

    Leave a Reply

    +