文檔地址
2.項(xiàng)目需求:對(duì)dubbo調(diào)用的數(shù)據(jù)進(jìn)行加密傳輸, 因?yàn)檎{(diào)用過(guò)程需要通過(guò)公網(wǎng)傳輸數(shù)據(jù),數(shù)據(jù)不安全,需要對(duì)數(shù)據(jù)加密,沒(méi)有發(fā)現(xiàn)dubbo有對(duì)數(shù)據(jù)加密的操作,如果有大佬發(fā)現(xiàn)請(qǐng)告知,畢竟自己實(shí)現(xiàn)不如用官方的本文使用的是spi拓展, 對(duì)serialization序列化進(jìn)行拓展,實(shí)現(xiàn)對(duì)數(shù)據(jù)的加密,在使用時(shí), 使用了Hessian2序列化, 但是過(guò)程中對(duì)數(shù)據(jù)進(jìn)行加密
思路: 由于dubbo存在provider和consumer, 數(shù)據(jù)加密和解密需要在provider寫(xiě)出數(shù)據(jù)時(shí)對(duì)數(shù)據(jù)進(jìn)行加密,而consumer需要在接收數(shù)據(jù)時(shí)進(jìn)行解密
可以研究一下dubbo的provider和consumer調(diào)用過(guò)程
項(xiàng)目結(jié)構(gòu):
image.png
5.上代碼:
//服務(wù)提供者
public class ProviderCustomSerialization implements Serialization {
public static final byte ID = 2;
@Override
public byte getContentTypeId() {
return ID;
}
@Override
public String getContentType() {
return "x-application/hessian2";
}
@Override
public ObjectOutput serialize(URL url, OutputStream out) throws IOException {
return new Hessian2ObjectOutput(out);
}
@Override
public ObjectInput deserialize(URL url, InputStream is) throws IOException {
return new CustomObjectInput(is);
}
}
//服務(wù)消費(fèi)者
public class ConsumerCustomSerialization implements Serialization {
public static final byte ID = 2;
@Override
public byte getContentTypeId() {
return ID;
}
@Override
public String getContentType() {
return "x-application/hessian2";
}
@Override
public ObjectOutput serialize(URL url, OutputStream out) throws IOException {
return new CustomObjectOutput(out);
}
@Override
public ObjectInput deserialize(URL url, InputStream is) throws IOException {
return new Hessian2ObjectInput(is);
}
}
服務(wù)消費(fèi)者:
public class CustomObjectInput implements ObjectInput {
private final Hessian2Input mH2i;
public CustomObjectInput(InputStream is) {
mH2i = new Hessian2Input(is);
mH2i.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
}
@Override
public boolean readBool() throws IOException {
return mH2i.readBoolean();
}
@Override
public byte readByte() throws IOException {
return (byte) mH2i.readInt();
}
@Override
public short readShort() throws IOException {
return (short) mH2i.readInt();
}
@Override
public int readInt() throws IOException {
return mH2i.readInt();
}
@Override
public long readLong() throws IOException {
return mH2i.readLong();
}
@Override
public float readFloat() throws IOException {
return (float) mH2i.readDouble();
}
@Override
public double readDouble() throws IOException {
return mH2i.readDouble();
}
@Override
public byte[] readBytes() throws IOException {
return mH2i.readBytes();
}
@Override
public String readUTF() throws IOException {
return mH2i.readString();
}
@Override
public Object readObject() throws IOException {
return mH2i.readObject();
}
@Override
@SuppressWarnings("unchecked")
public <T> T readObject(Class<T> cls) throws IOException,
ClassNotFoundException {
EncryptionUtils instance = EncryptionUtils.getInstance();
String s = instance.DESdecode(mH2i.readObject().toString(), EncryptionUtils.secret);
return JSON.parseObject(s, cls);
}
@Override
public <T> T readObject(Class<T> cls, Type type) throws IOException, ClassNotFoundException {
return readObject(cls);
}
}
服務(wù)提供者
public class CustomObjectOutput implements ObjectOutput {
private final Hessian2Output mH2o;
public CustomObjectOutput(OutputStream os) {
mH2o = new Hessian2Output(os);
mH2o.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
}
@Override
public void writeBool(boolean v) throws IOException {
mH2o.writeBoolean(v);
}
@Override
public void writeByte(byte v) throws IOException {
mH2o.writeInt(v);
}
@Override
public void writeShort(short v) throws IOException {
mH2o.writeInt(v);
}
@Override
public void writeInt(int v) throws IOException {
mH2o.writeInt(v);
}
@Override
public void writeLong(long v) throws IOException {
mH2o.writeLong(v);
}
@Override
public void writeFloat(float v) throws IOException {
mH2o.writeDouble(v);
}
@Override
public void writeDouble(double v) throws IOException {
mH2o.writeDouble(v);
}
@Override
public void writeBytes(byte[] b) throws IOException {
mH2o.writeBytes(b);
}
@Override
public void writeBytes(byte[] b, int off, int len) throws IOException {
mH2o.writeBytes(b, off, len);
}
@Override
public void writeUTF(String v) throws IOException {
mH2o.writeString(v);
}
@Override
public void writeObject(Object obj) throws IOException {
EncryptionUtils instance = EncryptionUtils.getInstance();
String s = instance.DESencode(JSON.toJSONStringWithDateFormat(obj, "yyyy-MM-dd HH:mm:ss"), EncryptionUtils.secret);
mH2o.writeObject(s);
}
@Override
public void flushBuffer() throws IOException {
mH2o.flushBuffer();
}
}
- 配置 provider和consumer都需要配置serialization這項(xiàng)
#dubbo相關(guān)配置
dubbo:
application:
#配置當(dāng)前服務(wù)的名稱(chēng)
name: master
protocol:
#服務(wù)提供者提供服務(wù)所暴露的端口
port: 20880
#配置自定義的序列化方式生效
serialization: CustomSerialization
consumer:
check: false
src
|-main
|-java
|-com
|-xxx
|-XxxSerialization.java (實(shí)現(xiàn)Serialization接口)
|-XxxObjectInput.java (實(shí)現(xiàn)ObjectInput接口)
|-XxxObjectOutput.java (實(shí)現(xiàn)ObjectOutput接口)
|-resources
|-META-INF
|-dubbo
|-com.alibaba.dubbo.common.serialize.Serialization (純文本文件静秆,內(nèi)容為:xxx=com.xxx.XxxSerialization)
創(chuàng)建以上的項(xiàng)目結(jié)構(gòu)
注意:這里和官方文檔不一致,包名用的是com.alibaba,而不是org.apache,因?yàn)榇藭r(shí)dubbo版本還沒(méi)將包掃描的路徑修改,已經(jīng)向官方反映
spring-boot-starter-dubbo:1.1.2
