MyBatis how to solve database data encryption and decryption

Preface: introduce a simple MyBatis encryption and decryption method. This method is rarely mentioned in daily study and work, so let's talk about it. If you already know this method, ignore this article

1, Background

Sometimes in our database, some sensitive information of users, such as mobile phone number, bank card and other information, will be saved. If these information is saved in clear text, it is not safe. If: hackers hack into the database, or resigned personnel export data, it may lead to the leakage of these sensitive data. Therefore, we need to find a way to solve this problem.

2, Solution

Since Mybatis is used as the database persistence layer in our system, we decided to use Mybatis's TypeHandler or Plugin to solve it.

typeHandler: we need to manually specify typeHandler on some columns to choose which typeHandler to use, or infer by ourselves according to @ MappedJdbcTypes} and @ MappedTypes annotations.

<result column="phone" property="phone" 

Plugin: it can intercept select, insert, update, delete and other statements in the system, as well as obtain parameters before and data after sql execution.

After consideration, we decided to use TypeHandler to encrypt and decrypt data.

3, Demand

We have a customer table customer, which contains fields such as customer phone number and customer address. The customer phone number needs to be encrypted and saved in the database.

1. When adding customer information, the customer's mobile phone number is automatically encrypted and saved in the data.

2. When querying customer information, automatically decrypt the customer's mobile phone number.

4, Realization idea

1. Write an entity class. All the data of this entity class represents the data that needs to be encrypted and decrypted

public class Encrypt {
    private String value;

    public Encrypt() {

    public Encrypt(String value) {
        this.value = value;

    public String getValue() {
        return value;

    public void setValue(String value) {
        this.value = value;

2. Write an encryption and decryption TypeHandler

  • When setting parameters, encrypt data.

  • Decrypt the data when getting records from the database.

package com.mybatis.typehandler;

import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.symmetric.AES;
import org.apache.ibatis.type.BaseTypeHandler;
import org.apache.ibatis.type.JdbcType;
import org.apache.ibatis.type.MappedJdbcTypes;
import org.apache.ibatis.type.MappedTypes;

import java.nio.charset.StandardCharsets;
import java.sql.CallableStatement;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

 * Encryption and decryption TypeHandler
public class EncryptTypeHandler extends BaseTypeHandler<Encrypt> {

    private static final byte[] KEYS = "12345678abcdefgh".getBytes(StandardCharsets.UTF_8);

     * Set parameters
    public void setNonNullParameter(PreparedStatement ps, int i, Encrypt parameter, JdbcType jdbcType) throws SQLException {
        if (parameter == null || parameter.getValue() == null) {
            ps.setString(i, null);
        AES aes = SecureUtil.aes(KEYS);
        String encrypt = aes.encryptHex(parameter.getValue());
        ps.setString(i, encrypt);

     * Get value
    public Encrypt getNullableResult(ResultSet rs, String columnName) throws SQLException {
        return decrypt(rs.getString(columnName));

     * Get value
    public Encrypt getNullableResult(ResultSet rs, int columnIndex) throws SQLException {
        return decrypt(rs.getString(columnIndex));

     * Get value
    public Encrypt getNullableResult(CallableStatement cs, int columnIndex) throws SQLException {
        return decrypt(cs.getString(columnIndex));

    public Encrypt decrypt(String value) {
        if (null == value) {
            return null;
        return new Encrypt(SecureUtil.aes(KEYS).decryptStr(value));

be careful:

  • @MappedTypes: indicates what java types the processor handles.

  • @MappedJdbcTypes: indicates the type of Jdbc processed by the processor.

3. Writing method in sql statement

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-// Mapper 3.0//EN" "">
<mapper namespace="">

    <resultMap id="BaseResultMapper" type="">
        <id column="id" property="id"/>
        <result column="phone" property="phone"/>
        <result column="address" property="address"/>

    <insert id="addCustomer">
        insert into customer(phone,address) values (#{phone},#{address})

    <select id="findCustomer" resultMap="BaseResultMapper">
        select * from customer where phone = #{phone}


There is no special way to write in SQL.

4. Specify the package path of Typehandler in the configuration file

5. Write background code

  • Provides an add method

  • Provide a method to query according to the mobile phone number

Post a screenshot of the mapper layer.

6. Test results

It can be seen from the test results that when adding data, the data (phone) to be encrypted has been encrypted in the database, and the encrypted data has been automatically decrypted when querying.

Keywords: Java Database Mybatis

Added by gordong1968 on Wed, 02 Mar 2022 15:31:46 +0200