{"id":43223810,"url":"https://github.com/rpamis/rpamis-security","last_synced_at":"2026-02-01T09:17:54.186Z","repository":{"id":199047402,"uuid":"693204174","full_name":"rpamis/rpamis-security","owner":"rpamis","description":"rpamis-security, a mybatis encryption, decryption and desensitization component","archived":false,"fork":false,"pushed_at":"2026-01-31T12:29:12.000Z","size":1131,"stargazers_count":63,"open_issues_count":27,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-02-01T00:25:48.959Z","etag":null,"topics":["mybatis","mybatis-plus","security","spring-boot"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rpamis.png","metadata":{"files":{"readme":"README-zh.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-18T14:55:19.000Z","updated_at":"2026-01-31T12:29:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"79fb21cd-2424-42bb-a270-d18543747959","html_url":"https://github.com/rpamis/rpamis-security","commit_stats":null,"previous_names":["benym/rpamis-security","rpamis/rpamis-security"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/rpamis/rpamis-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rpamis%2Frpamis-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rpamis%2Frpamis-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rpamis%2Frpamis-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rpamis%2Frpamis-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rpamis","download_url":"https://codeload.github.com/rpamis/rpamis-security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rpamis%2Frpamis-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28974590,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T08:16:14.655Z","status":"ssl_error","status_checked_at":"2026-02-01T08:06:51.373Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mybatis","mybatis-plus","security","spring-boot"],"created_at":"2026-02-01T09:17:54.123Z","updated_at":"2026-02-01T09:17:54.181Z","avatar_url":"https://github.com/rpamis.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg\n src=\"img/logo.png\"\n alt=\"Logo\"\n width=\"200\"\n /\u003e\n\u003c/p\u003e\n\n\u003ch3 align=\"center\"\u003eA mybatis encryption, decryption and desensitization component\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"README-zh.md\"\u003e中文\u003c/a\u003e\n \u0026nbsp;|\u0026nbsp;\n \u003ca href=\"README.md\"\u003eEnglish\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://central.sonatype.com/artifact/com.rpamis/rpamis-security-spring-boot-starter/1.1.0\"\u003e\n \u003cimg alt=\"maven\" src=\"https://img.shields.io/maven-central/v/com.rpamis/rpamis-security-spring-boot-starter?style=flat-square\"\u003e\n \u003c/a\u003e\n\n\n \u003ca href=\"https://www.apache.org/licenses/LICENSE-2.0\"\u003e\n \u003cimg alt=\"code style\" src=\"https://img.shields.io/badge/license-Apache%202-4EB1BA.svg?style=flat-square\"\u003e\n \u003c/a\u003e\n\n \u003ca href=\"\"\u003e\n \u003cimg alt=\"code style\" src=\"https://img.shields.io/badge/JDK-8%2B-orange.svg?style=flat-square\"\u003e\n \u003c/a\u003e\n\n \u003ca href=\"https://app.codecov.io/github/rpamis/rpamis-security\" \u003e \n \u003cimg alt=\"codecov\" src=\"https://img.shields.io/codecov/c/gh/rpamis/rpamis-security?color=%23\u0026style=flat-square\"/\u003e \n \u003c/a\u003e\n\n \u003ca href=\"https://deepwiki.com/rpamis/rpamis-security\"\u003e\n \u003cimg alt=\"code style\" src=\"https://deepwiki.com/badge.svg\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n🎄Rpamis-security项目是一个基于Mybatis插件开发的安全组件,旨在提供更优于市面上组件的脱敏、加解密落库等企业数据安全解决方案。组件提供注解式编程方式,开发者只需要对需要处理的字段或方法加上对应注解,无需关心安全相关需求,由组件全自动完成脱敏、加解密等功能\n\n## 原理解析\n[Rpamis-security技术背景](https://benym.cn/notes/08-open-source-project/01-rpamis/03-security/02-rpamis-security-technical-background)\n\n[Rpamis-security原理解析](https://benym.cn/notes/08-open-source-project/01-rpamis/03-security/03-rpamis-security-principle-analysis)\n\n### 快速开始\n\nSpringBoot项目接入方式\n\nJDK17及以上\n```xml\n\u003cdependency\u003e\n \u003cgroupId\u003ecom.rpamis\u003c/groupId\u003e\n \u003cartifactId\u003erpamis-security-spring-boot-starter\u003c/artifactId\u003e\n \u003cversion\u003e1.1.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nJDK8-JDK17\n```xml\n\u003cdependency\u003e\n \u003cgroupId\u003ecom.rpamis\u003c/groupId\u003e\n \u003cartifactId\u003erpamis-security-spring-boot-starter\u003c/artifactId\u003e\n \u003cversion\u003e1.0.3\u003c/version\u003e\n\u003c/dependency\u003e\n```\nyml配置\n\n```yaml\nrpamis:\n # rpamis-security配置\n security:\n # 是否开启安全组件,落库加密,出库脱密,如果不指定加密算法,则默认返回原值\n # 当此开关为false时,无论脱敏切面是否开启,均不生效\n enable: true\n # 忽略解密失败,如果解密失败则返回原值,否则抛出异常,如果不填写默认true\n ignore-decrypt-failed: true\n # 是否开启脱敏切面\n desensitization-enable: true\n # 自定义切点,比如增加RestController切点\n custom-pointcut: '@within(org.springframework.web.bind.annotation.RestController)'\n # 加解密算法\n algorithm:\n # 激活的加密算法\n active: sm4\n sm4:\n # 加密算法key,需要自己生成,满足16位即可,下面只是样例\n key: 2U43wVWjLgToKBzG\n # 加解密唯一识别前缀\n prefix: Your_CUSTOM_PREFIX_\n```\n\n组件特点\n\n| rpamis-security | 组件优势 | 同类项目 |\n| -------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |\n| 支持任意实体类型脱敏 | ✅自定义实体、List、Map,无论是否具有实体泛型,**只要返回值中含有脱敏注解,均支持脱敏**,**非JackSon序列化式方案,不影响全局JackSon输出行为** | **❌仅支持单一实体脱敏,当不指定泛型时无法脱敏**,**Jackson序列化式方案,可能影响JackSon输出行为** |\n| 支持任意实体类型嵌套脱敏 | ✅对于标注有嵌套脱敏注解的实体,其内部自定义实体、List、Map,无论是否具有实体泛型,**只要返回值中含有脱敏注解,均支持脱敏** | **❌不支持嵌套脱敏** |\n| 支持任意实体类型落库数据自动加解密 | ✅对于**任意标注有加密字段的实体**,在进入Mybatis/MybatisPlus落库时自动进行加密,**在数据出库时自动进行解密,支持动态SQL加解密** | ❌仅支持单一实体自动加解密,**无法支持List、Map内含多实体自动加解密**,**无法支持动态SQL加解密** |\n| 支持国家标准加密算法Sm4 | 支持国密Sm4对称加密算法,支持扩展 | sm2/sm3/sm4/md5等多种算法 |\n| 脱敏、加解密多项选择可配置 | ✅**支持脱敏、加解密开关、支持加解密失败0影响** | **❌不支持** |\n| 新增入库后不改变源对象引用 | ✅**支持,加解密过程为深拷贝,支持save操作后继续操作对象,且对象引用不被加密** | **❌不支持** |\n| 新增后,如果修改同一个对象引用,再进行更新,能够正常加密 | **支持** | **支持** |\n| 可拓展式加密算法、加解密类型处理器、脱敏类型处理器 | **✅支持** | **❌不支持** |\n| 自定义脱敏标识,起始位置,结束位置 | ✅**支持** | ❌**不支持** |\n| 完整的单测用例 | ✅**完整的单测用例** | ❌**无** |\n\n## 使用方法\n\n### 内置脱敏规则\n\n组件内置了9种脱敏规则\n\n- `MaskType.NO_MASK`-不脱敏\n- `MaskType.NAME_MASK`-姓名脱敏\n- `MaskType.PHONE_MASK`-电话脱敏\n- `MaskType.IDCARD_MASK`-身份证脱敏\n- `MaskType.EMAIL_MASK`-邮箱脱敏\n- `MaskType.BANKCARD_MASK`-银行卡脱敏\n- `MaskType.ADDRESS_MASK`-地址脱敏\n- `MaskType.ALL_MASK`-全脱敏\n- `MaskType.CUSTOM_MASK`-自定义脱敏\n\n所有脱敏规则均支持自定义脱敏标识符,默认为*,其中自定义脱敏支持用户选择脱敏字段的开始位置和结束位置\n\n### 脱敏使用-单一脱敏\n\n对于需要脱敏的字段,使用`@Masked`进行标识\n\n如以下实体\n\n```java\n@Data\npublic class TestVO implements Serializable {\n\n private static final long serialVersionUID = 1142843493987112387L;\n\n /**\n * 主键id\n */\n private Long id;\n\n /**\n * 姓名\n */\n @Masked(type = MaskType.NAME_MASK)\n private String name;\n\n /**\n * 身份证号\n */\n @Masked(type = MaskType.IDCARD_MASK)\n private String idCard;\n\n /**\n * 手机号\n */\n @Masked(type = MaskType.PHONE_MASK)\n private String phone;\n\n /**\n * 自定义标识字段\n */\n @Masked(type = MaskType.CUSTOM_MASK, start = 2, end = 5, symbol = \"#\")\n private String customFiled;\n}\n```\n\n在`Controller`层标注`@Desensitizationed`注解,标识方法级的脱敏\n\n如不包含该注解即使实体类中含有脱敏注解,在返回前端时将不会自动脱敏,用于更细粒度的脱敏控制\n\n如下\n\n```java\n/**\n * 获取脱敏数据-base类型\n *\n * @return TestVO\n */\n@PostMapping(\"/baseType\")\n@Desensitizationed\npublic TestVO testBase() {\n TestVersionDO result = testVersionDOService.testDesensite();\n return RpamisBeanUtil.copy(result, TestVO.class);\n}\n```\n\n### 脱敏使用-嵌套脱敏\n\n嵌套脱敏用于脱敏实体字段中同样含有脱敏实体的情况,对于需要嵌套脱敏的字段,用`@NestedMasked`注解进行标注\n\n样例实体类如下\n\n```java\n@Data\npublic class TestNestVO implements Serializable {\n\n private static final long serialVersionUID = -5559148350211559748L;\n\n /**\n * 主键id\n */\n private Long id;\n\n /**\n * 姓名\n */\n @Masked(type = MaskType.NAME_MASK)\n private String name;\n\n /**\n * 嵌套校验-直接返回实体\n */\n @NestedMasked\n private TestVO testVO;\n\n /**\n * 嵌套校验-返回List\n */\n @NestedMasked\n private List\u003cTestVO\u003e testVOList;\n\n /**\n * 嵌套校验-返回Map\n */\n @NestedMasked\n private Map\u003cString, TestVO\u003e testVOMap;\n}\n```\n\n上述实体将脱敏name,以及testVO、testVOList、testVOMap实体中所有被`@NestedMasked`标注的字段\n\n外层使用方式和单一脱敏保持一致\n\n如下\n\n```java\n/**\n * 获取脱敏数据-嵌套脱敏-base\n *\n * @return TestNestVO\n */\n@PostMapping(\"/nest/baseType\")\n@Desensitizationed\npublic TestNestVO testNestVO() {\n TestVersionDO testVersionDO = testVersionDOService.testDesensite();\n TestVO test = RpamisBeanUtil.copy(testVersionDO, TestVO.class);\n TestNestVO testNestVO = new TestNestVO();\n testNestVO.setId(1L);\n testNestVO.setName(\"张三\");\n testNestVO.setTestVO(test);\n return testNestVO;\n}\n```\n\n### 加解密使用\n\n对于传递给`Mybatis Mapper`的实体或`Mybatis Plus`内置`Insert/update/Wrapper`等操作,字段将在落库时自动加密\n\n对于`Mybatis/Mybatis Plus`的查询操作,加密字段出库时将自动脱密\n\n加解密字段通过`@SecurityField`注解进行标注即可,当yml配置开启加解密后,无需结合其余注解,过程全自动化\n\n实体如下\n\n```java\n@TableName(value =\"test_version\")\n@Data\npublic class TestVersionDO implements Serializable {\n\n private static final long serialVersionUID = 1L;\n\n /**\n * 主键id\n */\n @TableId(value = \"id\", type = IdType.AUTO)\n private Long id;\n\n /**\n * 姓名\n */\n @TableField(value = \"name\")\n @SecurityField\n private String name;\n\n /**\n * 身份证号\n */\n @TableField(value = \"id_card\")\n @SecurityField\n private String idCard;\n\n /**\n * 电话\n */\n @TableField(value = \"phone\")\n @SecurityField\n private String phone;\n\n /**\n * 版本号\n */\n @TableField(value = \"version\")\n private Integer version;\n\n}\n```\n\n注意:加密后字段较长,使用时请注意加密字段数据库长度,如身份证18位,加密后可达64位\n\n### 单测用例\n\n[点击这里](https://github.com/benym/rpamis-security/blob/master/rpamis-security-test/src/test/java/com/rpamis/security/test)找到对应的单测用例,全部单测用例78个\n\n核心单测用例如下\n\n| 测试用例 | 测试结果 |\n| ------------------------------------------------------------ | -------- |\n| Mybatis-plus insert接口,新增数据后查询,同时校验加解密结果 | ✅通过 |\n| Mybatis-plus saveBatch接口,新增数据后查询,同时校验加解密结果 | ✅通过 |\n| Mybatis-plus update接口,新增数据后查询,再更新数据,同时校验加解密结果 | ✅通过 |\n| Mybatis-plus updateWrapper,新增数据后查询,再更新数据,同时校验加解密结果 | ✅通过 |\n| Mybatis-plus delete接口,新增数据后删除,同时校验加解密结果 | ✅通过 |\n| Mybatis自定义insert接口,新增数据后查询,同时校验加解密结果 | ✅通过 |\n| Mybatis自定义insertBatch接口(foreach动态SQL拼接),新增数据后查询,同时校验加解密结果 | ✅通过 |\n| Mybatis自定义update接口,新增数据后查询,再更新数据,同时校验加解密结果 | ✅通过 |\n| Mybatis自定义delete接口,新增数据后删除,同时校验加解密结果 | ✅通过 |\n| 获取脱敏数据-单一自定义实体 | ✅通过 |\n| 获取脱敏数据-List类型 | ✅通过 |\n| 获取脱敏数据-Map类型 | ✅通过 |\n| 获取脱敏数据-统一返回体(泛型自定义实体) | ✅通过 |\n| 获取脱敏数据-统一返回体(无泛型) | ✅通过 |\n| 获取脱敏数据-嵌套脱敏-单一自定义实体 | ✅通过 |\n| 获取脱敏数据-嵌套脱敏-List类型 | ✅通过 |\n| 获取脱敏数据-嵌套脱敏-Map类型 | ✅通过 |\n| 获取解密数据-Mybatis-plus-selectOne | ✅通过 |\n| 获取解密数据-Mybatis-plus-selectList | ✅通过 |\n| 获取解密数据-Mybatis-selectOne | ✅通过 |\n| 获取解密数据-Mybatis-selectList | ✅通过 |\n| 获取解密数据-Mybatis-selectMap | ✅通过 |\n| 新增入库后不改变源对象引用-深拷贝 | ✅通过 |\n| 新增后,如果修改同一个对象引用,再进行更新,能够正常加密 | ✅通过 |\n| 存量未加密数据进行解密,支持原值返回 | ✅通过 |\n| 避免重复加密 | ✅通过 |\n| 兼容1.0.3以下旧版本加解密 | ✅通过 |\n| 嵌套解密 | ✅通过 |\n| 加解密缓存隔离 | ✅通过 |\n| 查询数据返回null正常处理 | ✅通过 |\n| 默认安全算法-插入数据返回原值 | ✅通过 |\n| SM4密钥为空-抛出提示 | ✅通过 |\n| SM4密钥长度不足16位-抛出提示 | ✅通过 |\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frpamis%2Frpamis-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frpamis%2Frpamis-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frpamis%2Frpamis-security/lists"}