PortalUser 암호화 적용
This commit is contained in:
+5
-5
@@ -99,11 +99,11 @@ local.properties
|
||||
# When using Gradle or Maven with auto-import, you should exclude module files,
|
||||
# since they will be recreated, and may cause churn. Uncomment if using
|
||||
# auto-import.
|
||||
# .idea/modules.xml
|
||||
# .idea/*.iml
|
||||
# .idea/modules
|
||||
# *.iml
|
||||
# *.ipr
|
||||
.idea/modules.xml
|
||||
.idea/*.iml
|
||||
.idea/modules
|
||||
*.iml
|
||||
*.ipr
|
||||
|
||||
# CMake
|
||||
cmake-build-*/
|
||||
|
||||
@@ -79,6 +79,7 @@ tasks.withType(JavaCompile) {
|
||||
}
|
||||
|
||||
dependencies {
|
||||
api project(':kjb-safedb')
|
||||
|
||||
api "com.querydsl:querydsl-jpa:${queryDslVersion}"
|
||||
api "com.querydsl:querydsl-apt:${queryDslVersion}"
|
||||
|
||||
@@ -6,6 +6,8 @@ import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.ApprovalStatus;
|
||||
import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.RoleCode;
|
||||
import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.UserStatus;
|
||||
import java.io.Serializable;
|
||||
|
||||
import kjb.safedb.KjbNotRnnoJpaAttributeConverter;
|
||||
import lombok.Data;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import org.hibernate.annotations.Comment;
|
||||
@@ -28,8 +30,9 @@ public class PortalUser extends Auditable implements Serializable, com.eactive.e
|
||||
@GeneratedValue(generator = "uuid-gen", strategy = GenerationType.IDENTITY)
|
||||
private String id;
|
||||
|
||||
@Column(name = "login_id", length = 32, nullable = false)
|
||||
@Column(name = "login_id", length = 200, nullable = false)
|
||||
@Comment("로그인ID")
|
||||
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
|
||||
private String loginId;
|
||||
|
||||
@Column(name = "password_hash", length = 60)
|
||||
@@ -40,16 +43,19 @@ public class PortalUser extends Auditable implements Serializable, com.eactive.e
|
||||
@Comment("사용자이름")
|
||||
private String userName;
|
||||
|
||||
@Column(name = "phone_number", length = 12)
|
||||
@Column(name = "phone_number", length = 50)
|
||||
@Comment("전화번호")
|
||||
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
|
||||
private String phoneNumber;
|
||||
|
||||
@Column(name = "mobile_number", length = 20)
|
||||
@Column(name = "mobile_number", length = 50)
|
||||
@Comment("휴대폰 번호")
|
||||
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
|
||||
private String mobileNumber;
|
||||
|
||||
@Column(name = "email_addr", length = 30)
|
||||
@Column(name = "email_addr", length = 200)
|
||||
@Comment("이메일주소")
|
||||
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
|
||||
private String emailAddr;
|
||||
|
||||
@ManyToOne(fetch = FetchType.EAGER)
|
||||
|
||||
@@ -0,0 +1,85 @@
|
||||
package kjb.safedb;
|
||||
|
||||
import com.eactive.ext.kjb.safedb.KjbSafedbMode;
|
||||
import com.eactive.ext.kjb.safedb.KjbSafedbWrapper;
|
||||
import com.eactive.ext.kjb.safedb.SafeDBColumns;
|
||||
import com.eactive.ext.kjb.safedb.Utils;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import javax.persistence.AttributeConverter;
|
||||
import javax.persistence.Converter;
|
||||
|
||||
@Converter
|
||||
@Slf4j
|
||||
public class KjbNotRnnoJpaAttributeConverter implements AttributeConverter<String, String> {
|
||||
/**
|
||||
* 암호화
|
||||
* @param attribute the entity attribute value to be converted
|
||||
* @return
|
||||
*/
|
||||
@Override
|
||||
public String convertToDatabaseColumn(String attribute) {
|
||||
log.debug("DB 암호화 #1 - {} / {}", attribute, SafeDBColumns.NOT_RNNO);
|
||||
|
||||
String originalAttribute = attribute;
|
||||
if (StringUtils.isNotEmpty(attribute)) {
|
||||
KjbSafedbWrapper wrapper = KjbSafedbWrapper.getInstance(KjbSafedbMode.REAL);
|
||||
attribute = wrapper.encryptNotRnnoString(attribute);
|
||||
}
|
||||
|
||||
log.debug("DB 암호화 #2 : {} -> {}", originalAttribute, attribute);
|
||||
|
||||
return attribute;
|
||||
}
|
||||
|
||||
/**
|
||||
* 복호화
|
||||
* @param dbData the data from the database column to be
|
||||
* converted
|
||||
* @return
|
||||
*/
|
||||
@Override
|
||||
public String convertToEntityAttribute(String dbData) {
|
||||
log.debug("DB 복호화 #1 - {} / {}", dbData, SafeDBColumns.NOT_RNNO);
|
||||
|
||||
String dbDataOriginal = dbData;
|
||||
if (StringUtils.isNotEmpty(dbData)) {
|
||||
if (this.isEncrypted(dbData)) {
|
||||
KjbSafedbWrapper safeDBWrapper = KjbSafedbWrapper.getInstance();
|
||||
dbData = safeDBWrapper.decryptNotRnno(dbData);
|
||||
} else {
|
||||
log.debug("DB 복호화 경고: Base64 형식이 아님. 복호화하지 않고 원본 반환. dbData={}", dbData);
|
||||
}
|
||||
}
|
||||
|
||||
log.debug("DB 복호화 #2 : {} -> {}", dbDataOriginal, dbData);
|
||||
|
||||
return dbData;
|
||||
}
|
||||
|
||||
/**
|
||||
* 암호화 여부 확인(base64 인코딩 여부로 판단, 또는 0-9, - 로 구성된 경우 암호화 되지 않은 걸로 판단(연락처))
|
||||
* @param data
|
||||
* @return
|
||||
*/
|
||||
private boolean isEncrypted(String data) {
|
||||
if (StringUtils.isEmpty(data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// 숫자, - 로만 구성된 경우 암호화 되지 않은 걸로 판단 (ex: 연락처)
|
||||
if (data.matches("^[0-9-]+$")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
data = data.trim();
|
||||
|
||||
// Base64 형식 체크
|
||||
if (Utils.isBase64(data)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user