Sharding-Proxy library and table and data encryption usage scenario analysis

Updated: April 13, 2022 09:34:01 Author: Persistence is an attitude

This article mainly introduces Sharding-Proxy library sub-table and data encryption experience sharing. It is introduced to you in detail through scene simulation analysis and sample code. Friends who need it can refer to it.

Sharding-Proxy library sub-table and data encryption

We will mainly summarize and share the experience of using shardingshpere-proxy in actual projects.

Use scenarios

The company plans to develop two SaaS platforms for new government affairs media and digital villages as new profit growth points. Taking into account the number of users and data in the future, it is decided to divide the database and table according to the tenant (contracted customers). For some sensitive data, such as ID number, mobile phone number, etc., use database-level encryption and decryption, and do not store plain text data.
After examining some existing database middleware and database splitting solutions on the Internet, the company decided to use itSharding-ProxyAs a database middleware for sub-repository and data encryption. The main reason is that it is very invasive to code and developers don't need to pay attention to it, reducing learning costs and DBA-friendly. On the other hand, ShardingSphere has entered the Apache Incubator, which is completely open source and free, the community is also very active, and the version iteration is also very fast.
ShardingSphere-5.0 used this time

Configuration file explanation

resources folder, under the conf folder
Mainly include registration center configuration, login connection configuration and basic configuration

mode:
  type: Cluster  # Cluster  repository:
    type: ZooKeeper  # Use zookeeper    props:
      namespace: governance_ds  
      server-lists: 192.168.1.100:2181
      retryIntervalMilliseconds: 50000
      timeToLiveSeconds: 60
      maxRetries: 3
      operationTimeoutMilliseconds: 50000
  overwrite: true

: ClusterUsing cluster configuration, a single deployment can also be set toCluster, no effect
Configure storage method, you can choose to use itZooKeeper
, configure the loading method, whether the local configuration covers the configuration center configuration. true is overridable, the local configuration shall be synced to zookeeper; false, the zookeeper shall be zookeeper shall be
There are some basic configurations below, whether to print SQL, etc., which are temporarily defaulted

resources folder, under the conf folder
schemaName Database connection, database name
dataSources Data Sources
rules
!SHARDING library and table rules
tables table
actualDataNodes is actually for the library table
databaseStrategy library partition strategy none no library partition
defaultDatabaseStrategy
defaultTableStrategy default table strategy
defaultKeyGenerateStrategy
shardingAlgorithms custom sharding algorithm
keyGenerators primary key generation strategy

resources folder, under the conf folder
schemaName Database connection, database name
dataSources Data Sources
rules
!ENCRYPT Data encryption
encryptors encryption policy, you can choose AES or MD5, and the encryption policy can be selected in the specific fields below.
aes_encryptor, aes can be configured with salt
tables table
columns field s
id_number logical field
plainColumn Original field
cipherColumn Encryption Field
encryptorName encryption policy
queryWithCipherColumn Whether to use encrypted fields when querying

other

You can download the source code or download the program to see. The functions inside have configuration file cases, which are commented out, a PostgreSQL, and a MySQL
These two functions are currently used. Other functions have not been studied for the time being, so I won't say much
When actually using it, the partition database and data encryption are used together, so only one configuration file is used, all of which are placed under the rules.
I'll post my configuration file later

Usage

The government new media SaaS platform is temporarily using only the library and table
Digital rural SaaS platform uses database and tables and data encryption
The database is divided into different tables, mainly based on tenants, and some tables are divided into different tables, and some business fields are divided into different tables.
Table sub-table strategy, default 8 table writing method algorithm-expression: monitor_record_${media_id % 8}
We divide the database based on the hash of the tenant, but for some tenants, we want to specify the database, which requires custom library division and table division strategy.
It requires that the library supports hashing and specification. I wrote a custom library policy class and there is a static map. When parsing and executing SQL, I first get it from the map. If I cannot get it, I will get it based on the hash.
Data encryption is mainly about adding encrypted fields and processing historical data.
You can write a static method to process existing data

Summarize

sharding-proxy is fully supported for database and tables according to tenants and data encryption, which is sufficient for us to use.
It's very easy to use, just download the latest stable version to install
If there is no custom library and table policy requirement and only use the existing policy, you only need to modify the configuration file deployment
If you need to customize the library and table division strategy, it is not complicated. Write the class and package it well, and put it in ext-lib
Example of configuration file

schemaName: digital_village
dataSources:
  ds:
    url: jdbc:postgresql://192.168.:5432/digital_village?currentSchema=public&amp;serverTimezone=UTC&amp;useSSL=false
    username: postgres
    password: xxxxxx
    connectionTimeoutMilliseconds: 30000
    idleTimeoutMilliseconds: 60000
    maxLifetimeMilliseconds: 1800000
    maxPoolSize: 120
    minPoolSize: 1
  ds_0:
    url: jdbc:postgresql://192.168.:5432/digital_village_0?currentSchema=public&amp;serverTimezone=UTC&amp;useSSL=false
  ds_1:
    url: jdbc:postgresql://192.168.:5432/digital_village_1?currentSchema=public&amp;serverTimezone=UTC&amp;useSSL=false
    password: xxxxx
rules:
  - !SHARDING
    tables:
      # The table that needs to be divided into the library, and the library is divided into the library according to the tenant id      cms_basic_info:
        actualDataNodes: ds_${0..3}.cms_basic_info
      cms_column:
        actualDataNodes: ds_${0..3}.cms_column
      cms_content:
        actualDataNodes: ds_${0..3}.cms_content
      cms_content_text:
        actualDataNodes: ds_${0..3}.cms_content_text
      cms_menu_column_bind:
        actualDataNodes: ds_${0..3}.cms_menu_column_bind
      cms_message_board:
        actualDataNodes: ds_${0..3}.cms_message_board
      # Tables that do not require library and table division, all stored in the ds data source      auth_cfg_catalog_data_permission:
        actualDataNodes: ds.auth_cfg_catalog_data_permission
        databaseStrategy: 
          none:
      auth_cfg_column_data_permission:
        actualDataNodes: ds.auth_cfg_column_data_permission
        databaseStrategy:
      
    # Default library policy    defaultDatabaseStrategy:
      standard:
        shardingColumn: customer_id  #Separation Field        shardingAlgorithmName:  customer_id_inline #Distribution rules:    defaultTableStrategy:
      none:
    # Default primary key policy    defaultKeyGenerateStrategy:
      column: id
      keyGeneratorName: snowflake
    # Custom sharding algorithm    shardingAlgorithms:
      customer_id_inline:
        type: CLASS_BASED
        props:
          strategy: standard
          algorithmClassName: 
    # Primary key generation strategy    keyGenerators:
      snowflake:
        type: SNOWFLAKE
          worker-id: 123
  - !ENCRYPT
    encryptors:
      aes_encryptor:
        type: AES
          aes-key-value: xxxwwaS213123SAD
      md5_encryptor:
        type: MD5
      party_position:
        columns:
          mobile:
            plainColumn: mobile
            cipherColumn: mobile_cipher
            encryptorName: aes_encryptor
      village_population:
          id_number:
            plainColumn: id_number
            cipherColumn: id_number_cipher
    queryWithCipherColumn: true

This is the article about Sharding-Proxy library sub-table and data encryption. For more related Sharding-Proxy library sub-table content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!

Sharding-Proxy
Library and table
Data encryption

Make Java code more efficient

This article mainly introduces how to make your Java code more efficient and make Java run faster. Interested friends can refer to it.
2015-09-09
Interpretation of DelayQueue of Java's Delay Queue

This article mainly introduces the DelayQueue interpretation of Java's delay queue. The underlying storage of DelayQueue is a PriorityQueue. PriorityQueue is a sortable Queue. The elements in it must implement the Comparable interface's compareTo method. Friends who need it can refer to it.
2023-12-12
About the reading efficiency of BufferedReader

This article mainly introduces the reading efficiency of BufferedReader, which is of good reference value and hopes to be helpful to everyone. If there are any mistakes or no complete considerations, I hope you will be very grateful for your advice
2021-12-12
Analysis of four common ways and usage methods for Java to implement Map collection traversal

This article mainly introduces four common ways and usages of Java to implement Map collection traversal. Combined with the example form, it analyzes the common usage techniques and related operation precautions of Java for Map collection key-value traversal. Friends who need it can refer to it.
2018-01-01
Spring source code reading--Explanation of the principle of aop implementation

This article mainly introduces the explanation of the principle of spring source code reading-aop implementation, which has good reference value and hopes to be helpful to everyone. If there are any mistakes or no complete considerations, I hope you will be very grateful for your advice
2021-09-09
Detailed explanation of the use of if statements and switches in java

This article mainly introduces the use of if statements and switches in Java. This article introduces you very detailedly and has certain reference value for your study or work. Friends who need it can refer to it.
2020-11-11
A brief discussion on the introduction to spring security

This article mainly introduces a brief discussion on the introduction to spring security. The example code is introduced in this article in detail, which has certain reference learning value for everyone's study or work. Friends who need it, please learn with the editor below.
2020-07-07
Summary of the development of Java WeChat official account

As a mainstream self-media platform, many people use the official account. This time, using text replies as a case to explain the development of Java-related WeChat public accounts
2021-05-05
Implementation of Java semaphore Semaphore

This article mainly introduces the implementation of Java semaphore Semaphore. The example code is introduced in this article in detail, which has certain reference learning value for everyone's study or work. Friends who need it, please learn with the editor below.
2019-09-09
Token storage front-end back-end obtain token code instance (Spring Boot)

Token is actually a credential for accessing resources. Generally, after the user successfully logs in through the user name and password, the server will use the login credentials as digital signatures, and the string obtained after encryption is used as a token. This article mainly introduces to you the relevant information about the front-end storage token and Spring Boot back-end acquisition of tokens. Friends who need it can refer to it.
2024-07-07