PortalUser 암호화 적용

This commit is contained in:
Rinjae
2025-09-26 21:19:14 +09:00
parent 202261d1e6
commit 6c2398673a
4 changed files with 101 additions and 9 deletions
+5 -5
View File
@@ -99,11 +99,11 @@ local.properties
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
.idea/modules.xml
.idea/*.iml
.idea/modules
*.iml
*.ipr
# CMake
cmake-build-*/
+1
View File
@@ -79,6 +79,7 @@ tasks.withType(JavaCompile) {
}
dependencies {
api project(':kjb-safedb')
api "com.querydsl:querydsl-jpa:${queryDslVersion}"
api "com.querydsl:querydsl-apt:${queryDslVersion}"
@@ -6,6 +6,8 @@ import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.ApprovalStatus;
import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.RoleCode;
import com.eactive.apim.portal.portaluser.entity.PortalUserEnums.UserStatus;
import java.io.Serializable;
import kjb.safedb.KjbNotRnnoJpaAttributeConverter;
import lombok.Data;
import lombok.EqualsAndHashCode;
import org.hibernate.annotations.Comment;
@@ -28,8 +30,9 @@ public class PortalUser extends Auditable implements Serializable, com.eactive.e
@GeneratedValue(generator = "uuid-gen", strategy = GenerationType.IDENTITY)
private String id;
@Column(name = "login_id", length = 32, nullable = false)
@Column(name = "login_id", length = 200, nullable = false)
@Comment("로그인ID")
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
private String loginId;
@Column(name = "password_hash", length = 60)
@@ -40,16 +43,19 @@ public class PortalUser extends Auditable implements Serializable, com.eactive.e
@Comment("사용자이름")
private String userName;
@Column(name = "phone_number", length = 12)
@Column(name = "phone_number", length = 50)
@Comment("전화번호")
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
private String phoneNumber;
@Column(name = "mobile_number", length = 20)
@Column(name = "mobile_number", length = 50)
@Comment("휴대폰 번호")
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
private String mobileNumber;
@Column(name = "email_addr", length = 30)
@Column(name = "email_addr", length = 200)
@Comment("이메일주소")
@Convert(converter = KjbNotRnnoJpaAttributeConverter.class)
private String emailAddr;
@ManyToOne(fetch = FetchType.EAGER)
@@ -0,0 +1,85 @@
package kjb.safedb;
import com.eactive.ext.kjb.safedb.KjbSafedbMode;
import com.eactive.ext.kjb.safedb.KjbSafedbWrapper;
import com.eactive.ext.kjb.safedb.SafeDBColumns;
import com.eactive.ext.kjb.safedb.Utils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
@Converter
@Slf4j
public class KjbNotRnnoJpaAttributeConverter implements AttributeConverter<String, String> {
/**
* 암호화
* @param attribute the entity attribute value to be converted
* @return
*/
@Override
public String convertToDatabaseColumn(String attribute) {
log.debug("DB 암호화 #1 - {} / {}", attribute, SafeDBColumns.NOT_RNNO);
String originalAttribute = attribute;
if (StringUtils.isNotEmpty(attribute)) {
KjbSafedbWrapper wrapper = KjbSafedbWrapper.getInstance(KjbSafedbMode.REAL);
attribute = wrapper.encryptNotRnnoString(attribute);
}
log.debug("DB 암호화 #2 : {} -> {}", originalAttribute, attribute);
return attribute;
}
/**
* 복호화
* @param dbData the data from the database column to be
* converted
* @return
*/
@Override
public String convertToEntityAttribute(String dbData) {
log.debug("DB 복호화 #1 - {} / {}", dbData, SafeDBColumns.NOT_RNNO);
String dbDataOriginal = dbData;
if (StringUtils.isNotEmpty(dbData)) {
if (this.isEncrypted(dbData)) {
KjbSafedbWrapper safeDBWrapper = KjbSafedbWrapper.getInstance();
dbData = safeDBWrapper.decryptNotRnno(dbData);
} else {
log.debug("DB 복호화 경고: Base64 형식이 아님. 복호화하지 않고 원본 반환. dbData={}", dbData);
}
}
log.debug("DB 복호화 #2 : {} -> {}", dbDataOriginal, dbData);
return dbData;
}
/**
* 암호화 여부 확인(base64 인코딩 여부로 판단, 또는 0-9, - 로 구성된 경우 암호화 되지 않은 걸로 판단(연락처))
* @param data
* @return
*/
private boolean isEncrypted(String data) {
if (StringUtils.isEmpty(data)) {
return false;
}
// 숫자, - 로만 구성된 경우 암호화 되지 않은 걸로 판단 (ex: 연락처)
if (data.matches("^[0-9-]+$")) {
return false;
}
data = data.trim();
// Base64 형식 체크
if (Utils.isBase64(data)) {
return true;
}
return false;
}
}