|
| Undisclose IDs with Obfuscated-IDs |
Obfuscated-IDs is a java open-source library that allows you to easily avoid to expose the internal IDs of your database at web level.
Obfuscated-IDs is based on:
With a Spring Framework and Obfuscated-IDs i's possible to write a @Controller
that automatically allows the code to use the real numeric ID while it is always
shown in its disguised form at the outside.
For instance, look at this @RestController.
@RestController
public class EchoController {
@RequestMapping("/user/{obfuscatedUserId}/{message}")
public String getCode(@PathVariable AutoObfuscatedId obfuscatedUserId, @PathVariable String message) {
long id = obfuscatedId.id();
// ...access the database with the numeric id
User user = userRepo.findOne(id);
return "User " + obfuscatedId + " says '" + message + "'";
}
}
It exposes a service that can be invoked like that...
/user/2BHah7n8ziI/HelloWorld
But obfuscatedId.id() will return the corresponding numeric ID.
Add the following Maven dependency
<dependency>
<groupId>com.danidemi.obfuscatedids</groupId>
<artifactId>obfuscatedids-spring</artifactId>
<version>0.0.1</version>
</dependency>
[!] Please, check on Maven Central the latest version.
Configure an IdObfuscator.
@Bean
public static IdObfuscator idObfuscator() {
return new HashIdObfuscator();
}
Add a @RestControllerAdvice that enables the conversion of parameters
of type AutoObfuscatedId.
@RestControllerAdvice
public static class Advice {
@Autowired IdObfuscator obfuscator;
@InitBinder
public void addSupportForObfuscatedId(WebDataBinder binder) {
binder.registerCustomEditor(AutoObfuscatedId.class, new AutoObfuscatedIdSupport(obfuscator));
}
}
Write your controller.
@Autowired @Autowired IdObfuscator obfuscator;
@RequestMapping("/users")
public List<String> getUsers() {
return asList(
obfuscator.disguise( user1.getId() ),
obfuscator.disguise( user2.getId() )
);
}
@RequestMapping("/user/{obfuscatedDbId}")
public String getUser(@PathVariable AutoObfuscatedId obfuscatedDbId) {
...
}
Make sure GPG is correctly set up executing the following commnad.
mvn gpg:sign
If that returns this error...
gpg: no default secret key: unusable secret key
gpg: signing failed: unusable secret key
...then A GPG key is needed. If one is available you can import it with...
gpg --import ~/mygpgkey_pub.gpg
gpg --allow-secret-key-import --import ~/mygpgkey_sec.gpg
Rerun again mvn gpg:sign to check all is in place.
Make sure the Sonatype OSS Repository Hosting is properly set up
checking that the Maven's settings.xml contains a reference to it.
cat ${user.home}/.m2/settings.xml
You should see something like that...
<server>
<id>ossrh</id>
<username>YOUR-OSSRH-USERNAME-HERE</username>
<password>YOUR-OSSRH-PASSWORD-HERE</password>
</server>
To deploy it should be enough to issue the following commands.
mvn clean release:clean
mvn release:prepare
mvn release:perform
Projects
Manuals
Posts
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent