我正在尝试通过CrudRepository或CouchbaseTemplate使用已加密的字段在沙发床中持久保存/检索文档
从devguide of couchbase中的示例开始,我在像这样的spring配置中添加了加密提供程序
@Configuration
@EnableCouchbaseRepositories(basePackages = { "com.example.demo.db" })
public class MyCouchbaseConfig extends AbstractCouchbaseConfiguration {
private static final Logger log = LoggerFactory.getLogger(MyCouchbaseConfig.class);
@Override
protected List<String> getBootstrapHosts() {
return Arrays.asList("localhost", "127.0.0.1");
}
@Override
protected String getBucketName() {
return "TEST";
}
@Override
protected String getUsername() {
return "user";
}
@Override
protected String getBucketPassword() {
return "p4$$w0rd";
}
@Override
public String typeKey() {
return MappingCouchbaseConverter.TYPEKEY_SYNCGATEWAY_COMPATIBLE;
}
@Override
protected CouchbaseEnvironment getEnvironment() {
try {
JceksKeyStoreProvider kp = new JceksKeyStoreProvider("secret");
kp.publicKeyName("mypublickey");
kp.storeKey("mypublickey", "!mysecretkey#9^5usdk39d&dlf)03sL".getBytes(Charset.forName("UTF-8")));
kp.signingKeyName("HMACsecret");
kp.storeKey("HMACsecret", "myauthpassword".getBytes(Charset.forName("UTF-8")));
AES256CryptoProvider aes256CryptoProvider = new AES256CryptoProvider(kp);
CryptoManager cryptoManager = new CryptoManager();
cryptoManager.registerProvider("MyAESProvider", aes256CryptoProvider);
return DefaultCouchbaseEnvironment.builder().cryptoManager(cryptoManager).build();
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
return null;
}
}
这是要保留的文档
@Document
public class Person {
@Id
public String id;
@EncryptedField(provider = "MyAESProvider")
public String password;
//The rest will be transported and stored unencrypted
public String firstName;
public String lastName;
public String userName;
public int age;
}
这是存储库
public interface PersonRepository extends CrudRepository<Person, String> {
}
呼叫(自动连线)
personRepository.save(person);
或
couchbaseTemplate.insert(person);
将对象清晰存储
{
"firstName": "John",
"lastName": "Doe",
"password": "password",
"javaClass": "com.example.demo.db.Person",
"userName": "jdoe",
"age": 20
}
这段代码中(来自示例,但带有我的spring配置)
Bucket bucket = couchConfig.couchbaseClient();
EntityDocument<Person> document = EntityDocument.create(person);
bucket.repository().upsert(document);
EntityDocument<Person> stored = bucket.repository().get(person.id, Person.class);
System.out.println("Password: " + stored.content().password);
存储此对象
{
"firstName": "John",
"lastName": "Doe",
"__crypt_password": {
"sig": "h1QS9JacNxTBrep4TEkZj/N7EsV3zJQ6vXmYtzADdG8=",
"ciphertext": "G3rAivta7NOnLP5Qb1nEfw==",
"alg": "AES-256-HMAC-SHA256",
"iv": "cGjOOgA4M+wg4WcM0pHAFw==",
"kid": "mypublickey"
},
"userName": "jdoe",
"age": 20
}
在我看来,Spring Data Couchbase似乎使用Bucket接口(忽略文档中的注释)而不是Bucket.repository()(考虑FLE)。
所以最后一个问题是:“我如何使用Spring Spring Data Couchbase Repository或CouchbaseTemplate存储具有Couchbase FLE功能的@EncryptedField的{{1}}? “
答案 0 :(得分:0)
我现在有完全相同的问题,但是不幸的是,我发现SpringDataCouchbase团队的Jira开发板是未来的改进。
https://jira.spring.io/projects/DATACOUCH/issues/DATACOUCH-455?filter=allopenissuess。
因此,目前无事可做。您找到比使用bucket.repository().upsert(document); @Domenico U.更好的方法了吗?