文档地址
2.项目需求:对dubbo调用的数据进行加密传输, 因为调用过程需要通过公网传输数据,数据不安全,需要对数据加密,没有发现dubbo有对数据加密的操作,如果有大佬发现请告知,毕竟自己实现不如用官方的本文使用的是spi拓展, 对serialization序列化进行拓展,实现对数据的加密,在使用时, 使用了Hessian2序列化, 但是过程中对数据进行加密
思路: 由于dubbo存在provider和consumer, 数据加密和解密需要在provider写出数据时对数据进行加密,而consumer需要在接收数据时进行解密
可以研究一下dubbo的provider和consumer调用过程
项目结构:
image.png
5.上代码:
//服务提供者
public class ProviderCustomSerialization implements Serialization {
public static final byte ID = 2;
@Override
public byte getContentTypeId() {
return ID;
}
@Override
public String getContentType() {
return "x-application/hessian2";
}
@Override
public ObjectOutput serialize(URL url, OutputStream out) throws IOException {
return new Hessian2ObjectOutput(out);
}
@Override
public ObjectInput deserialize(URL url, InputStream is) throws IOException {
return new CustomObjectInput(is);
}
}
//服务消费者
public class ConsumerCustomSerialization implements Serialization {
public static final byte ID = 2;
@Override
public byte getContentTypeId() {
return ID;
}
@Override
public String getContentType() {
return "x-application/hessian2";
}
@Override
public ObjectOutput serialize(URL url, OutputStream out) throws IOException {
return new CustomObjectOutput(out);
}
@Override
public ObjectInput deserialize(URL url, InputStream is) throws IOException {
return new Hessian2ObjectInput(is);
}
}
服务消费者:
public class CustomObjectInput implements ObjectInput {
private final Hessian2Input mH2i;
public CustomObjectInput(InputStream is) {
mH2i = new Hessian2Input(is);
mH2i.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
}
@Override
public boolean readBool() throws IOException {
return mH2i.readBoolean();
}
@Override
public byte readByte() throws IOException {
return (byte) mH2i.readInt();
}
@Override
public short readShort() throws IOException {
return (short) mH2i.readInt();
}
@Override
public int readInt() throws IOException {
return mH2i.readInt();
}
@Override
public long readLong() throws IOException {
return mH2i.readLong();
}
@Override
public float readFloat() throws IOException {
return (float) mH2i.readDouble();
}
@Override
public double readDouble() throws IOException {
return mH2i.readDouble();
}
@Override
public byte[] readBytes() throws IOException {
return mH2i.readBytes();
}
@Override
public String readUTF() throws IOException {
return mH2i.readString();
}
@Override
public Object readObject() throws IOException {
return mH2i.readObject();
}
@Override
@SuppressWarnings("unchecked")
public <T> T readObject(Class<T> cls) throws IOException,
ClassNotFoundException {
EncryptionUtils instance = EncryptionUtils.getInstance();
String s = instance.DESdecode(mH2i.readObject().toString(), EncryptionUtils.secret);
return JSON.parseObject(s, cls);
}
@Override
public <T> T readObject(Class<T> cls, Type type) throws IOException, ClassNotFoundException {
return readObject(cls);
}
}
服务提供者
public class CustomObjectOutput implements ObjectOutput {
private final Hessian2Output mH2o;
public CustomObjectOutput(OutputStream os) {
mH2o = new Hessian2Output(os);
mH2o.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
}
@Override
public void writeBool(boolean v) throws IOException {
mH2o.writeBoolean(v);
}
@Override
public void writeByte(byte v) throws IOException {
mH2o.writeInt(v);
}
@Override
public void writeShort(short v) throws IOException {
mH2o.writeInt(v);
}
@Override
public void writeInt(int v) throws IOException {
mH2o.writeInt(v);
}
@Override
public void writeLong(long v) throws IOException {
mH2o.writeLong(v);
}
@Override
public void writeFloat(float v) throws IOException {
mH2o.writeDouble(v);
}
@Override
public void writeDouble(double v) throws IOException {
mH2o.writeDouble(v);
}
@Override
public void writeBytes(byte[] b) throws IOException {
mH2o.writeBytes(b);
}
@Override
public void writeBytes(byte[] b, int off, int len) throws IOException {
mH2o.writeBytes(b, off, len);
}
@Override
public void writeUTF(String v) throws IOException {
mH2o.writeString(v);
}
@Override
public void writeObject(Object obj) throws IOException {
EncryptionUtils instance = EncryptionUtils.getInstance();
String s = instance.DESencode(JSON.toJSONStringWithDateFormat(obj, "yyyy-MM-dd HH:mm:ss"), EncryptionUtils.secret);
mH2o.writeObject(s);
}
@Override
public void flushBuffer() throws IOException {
mH2o.flushBuffer();
}
}
- 配置 provider和consumer都需要配置serialization这项
#dubbo相关配置
dubbo:
application:
#配置当前服务的名称
name: master
protocol:
#服务提供者提供服务所暴露的端口
port: 20880
#配置自定义的序列化方式生效
serialization: CustomSerialization
consumer:
check: false
src
|-main
|-java
|-com
|-xxx
|-XxxSerialization.java (实现Serialization接口)
|-XxxObjectInput.java (实现ObjectInput接口)
|-XxxObjectOutput.java (实现ObjectOutput接口)
|-resources
|-META-INF
|-dubbo
|-com.alibaba.dubbo.common.serialize.Serialization (纯文本文件,内容为:xxx=com.xxx.XxxSerialization)
创建以上的项目结构
注意:这里和官方文档不一致,包名用的是com.alibaba,而不是org.apache,因为此时dubbo版本还没将包扫描的路径修改,已经向官方反映
spring-boot-starter-dubbo:1.1.2
