Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
9
Help us understand the problem. What is going on with this article?
@sink66

Play2.5 + mariadb + EbeanでDB暗号化

More than 3 years have passed since last update.

DB暗号化の種類

  • カラム暗号化
    カラムごとに暗号化
    Ebeanではこちらしかできない様子

  • テーブル暗号化
    テーブルごとに暗号化
    この機能はmariadbに標準で付いているが、恐らくPlayやEbeanからは操作できない

  • DBのあるHDDそのものを暗号化
    !?

全コード

事前の設定

conf/application.conf

一部抜粋

application.conf
db {
  # You can declare as many datasources as you want.
  # By convention, the default datasource is named `default`

  # https://www.playframework.com/documentation/latest/Developing-with-the-H2-Database
  default.driver = org.mariadb.jdbc.Driver
  default.url = "jdbc:mariadb://localhost:3306/playdb"
  default.username = play
  default.password = "play"

  # You can turn on SQL logging for any datasource
  # https://www.playframework.com/documentation/latest/Highlights25#Logging-SQL-statements
  #default.logSql=true
}

ebean {
  default = ["models.entity.*"]
}

build.sbt

build.sbt
name := """encryptdb"""

version := "1.0-SNAPSHOT"

lazy val root = (project in file(".")).enablePlugins(PlayJava, PlayEbean)

scalaVersion := "2.11.7"

libraryDependencies ++= Seq(
  javaJdbc,
  cache,
  javaWs,
  "org.mariadb.jdbc" % "mariadb-java-client" % "1.4.4"
)

project/plugins.sbt

以下を追記

addSbtPlugin("com.typesafe.sbt" % "sbt-play-ebean" % "3.0.0")

conf/ebean.properties

新規作成して以下を書き、後述のBasicEncryptKeyManagerの場所を指定する

encryptKeyManager = models.security.BasicEncryptKeyManager

encryptKeyManager = "models.security.BasicEncryptKeyManager"
とダブルクォートで囲うと動かないので注意

暗号化の準備

models.entity

@Encryptedをつけたカラムが暗号化される

User.java
package models.entity;

import com.avaje.ebean.annotation.Encrypted;

import javax.persistence.Entity;

/**
 * ユーザー情報
 *
 * @author
 *
 */
@Entity
public class User extends BaseEntity {

    /* ユーザー名 */
    @Encrypted
    public String name;

    /* メールアドレス */
    @Encrypted
    public String mail;

    /* パスワード */
    @Encrypted
    public String password;

    public static Finder<Long, User> finder = new Finder<Long, User>(User.class);

}

models.security

BasicEncryptKeyManager

BasicEncryptKeyManager
package models.security;


import com.avaje.ebean.config.EncryptKey;
import com.avaje.ebean.config.EncryptKeyManager;

public class BasicEncryptKeyManager implements EncryptKeyManager {

    @Override
    public EncryptKey getEncryptKey(String tableName, String columnName) {
        return new CustomEncryptKey(tableName, columnName);
    }

    @Override
    public void initialise() {
        // Do nothing (yet)
    }

}

CustomEncryptKey

CustomEncryptKey
package models.security;

import com.avaje.ebean.config.EncryptKey;

public class CustomEncryptKey implements EncryptKey {

    private String tableName;

    private String columnName;

    public CustomEncryptKey(String tableName, String columnName) {
        this.tableName = tableName;
        this.columnName = columnName;
    }

    @Override
    public String getStringValue() {
        return play.Configuration.root().getString("application.secret") + "::" + this.tableName
                + "::" + this.columnName;
    }
}

確認

上記までで準備は終了

mariadbに付いてきたHeidiSQLで確認してみる

HeidiSQL

db.gif

見えない!

参考

https://www.playframework.com/documentation/2.5.x/JavaEbean
https://archive-avaje-org.github.io/ebean/encryption.html
http://stackoverflow.com/questions/15800453/play-framework-2-1-java-ebean-encrypted-annotation-errors

9
Help us understand the problem. What is going on with this article?
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
sink66
admin-guild
「Webサービスの運営に必要なあらゆる知見」を共有できる場として作られた、運営者のためのコミュニティです。

Comments

No comments
Sign up for free and join this conversation.
Sign Up
If you already have a Qiita account Login
9
Help us understand the problem. What is going on with this article?