Hibernate 无法使用jasypt加密列上的命名查询获取实体
我有一个雇员实体,其ssn字段使用jasypt加密。以下是模拟定义:Hibernate 无法使用jasypt加密列上的命名查询获取实体,hibernate,jasypt,Hibernate,Jasypt,我有一个雇员实体,其ssn字段使用jasypt加密。以下是模拟定义: @TypeDef(name = "encryptedString", typeClass = EncryptedStringType.class, parameters = {@Parameter(name = "encryptorRegisteredName",value = "strongHibernateStringEncryptor")}) @Entity @Table(name="employee") @NamedQ
@TypeDef(name = "encryptedString", typeClass = EncryptedStringType.class, parameters = {@Parameter(name = "encryptorRegisteredName",value = "strongHibernateStringEncryptor")})
@Entity
@Table(name="employee")
@NamedQueries(value = {
@NamedQuery(name = "employee.getEmployeeBySSN", query = "SELECT employee from Employee employee WHERE employee.ssn=:ssn"),
@NamedQuery(name = "employee.getEmployeeByName", query = "SELECT employee from Employee employee WHERE employee.name=:name")
})
public class Employee {
@Id @GeneratedValue
private Long id;
private String name;
@Type(type = "encryptedString")
private String ssn;
}
此实体包含两个用于获取员工的命名查询,一个为name,另一个为ssn。SSN字段使用jasypt加密。该代码是一个模拟实现,因此我使用了以下基本配置:
public static void main(String[] args) throws SerialException, SQLException {
//Configure jasypt encryptor
PooledPBEStringEncryptor strongEncryptor = new PooledPBEStringEncryptor();
strongEncryptor.setAlgorithm("PBEWITHMD5ANDDES");
strongEncryptor.setPassword("jasypt");
strongEncryptor.setPoolSize(2);
//Register it with hibernate
HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor("strongHibernateStringEncryptor", strongEncryptor);
//Get an entity manager factory
EntityManagerFactory emf = Persistence.createEntityManagerFactory("helloworld");
//Get an entity manager
EntityManager em = emf.createEntityManager();
EntityTransaction tx = em.getTransaction();
tx.begin();
//Create an employee
Employee employee = new Employee();
employee.setName("Vaibhav");
employee.setSsn("1234567");
em.persist(employee);
tx.commit();
EntityTransaction newtx = em.getTransaction();
newtx.begin();
//Search an employee with ssn
Query queryObject1 = em.createNamedQuery("employee.getEmployeeBySSN");
queryObject1.setParameter("ssn", "1234567");
//No results here
List employees1 = queryObject1.getResultList();
newtx.commit();
em.close();
}
我在员工1
列表中没有得到任何结果。但是,当我运行以下命名查询时,我能够在employee对象中看到解密的ssn
Query queryObject = em.createNamedQuery("employee.getEmployeeByName");
queryObject.setParameter("name", "Vaibhav");
List employees = queryObject.getResultList();
Employee employee1 = (Employee)employees.get(0);
我无法理解我的代码中是否有bug,或者这是hibernate应该如何工作的。
文件中写道:
但是加密对Hibernate的使用设置了一个限制:安全性
标准规定,在服务器上执行两种不同的加密操作
相同的数据不应返回相同的值(由于使用了随机变量
盐)。因此,所有设置为
持久化时加密可以是文件中WHERE子句的一部分
在查询中搜索它们所属的实体
因此,这意味着不能对加密字段执行搜索操作。我使用的是随机盐生成器。在添加零盐发生器后,我能够解决以下问题:
strongEncryptor.setSaltGenerator(new ZeroSaltGenerator());
我用的是随机盐发生器。在添加零盐发生器后,我能够解决以下问题:
strongEncryptor.setSaltGenerator(new ZeroSaltGenerator());