在Spring中如何加密文档或限制其对具有特定角色的用户的访问
[英]How to encrypt documents or restrict their access to users with specific roles in Spring
问题描述
I am working on a business platform which allows users of different roles to interact with each other based on their roles. 
我正在一个业务平台上工作,该平台允许不同角色的用户根据自己的角色进行交互。 the application is built using Spring + WebSecurityConfig based RBAC. 该应用程序是使用基于Spring + WebSecurityConfig的RBAC构建的。
I need to allow users, when uploading documents to the system, to control who is able to open those documents, even if they were downloaded by some one who has access, only people with specific credentials should be able to open those document. 我需要允许用户在将文档上传到系统时控制谁可以打开那些文档,即使这些文档是由有权访问的人下载的,也只有具有特定凭据的人才能打开那些文档。 Knowing that the documents are Physically saved in the files system. 知道文档已物理保存在文件系统中。
Is there for example scripts that I can use to encrypt documents with a password, that I can save in my DB and show only to the privileged users? 例如,是否存在可用于使用密码加密文档,可以保存在数据库中并仅显示给特权用户的脚本? or there are better approaches. 或有更好的方法。
1 个解决方案
解决方案1
1 2017-07-21 11:15:38
A solution would be create a service to get a shared secret from DB and allow only privileged users to invoke this service. 一种解决方案是创建一个服务,以从数据库获取共享机密,并仅允许特权用户调用该服务。 It would be a good idea encrypt the DB field where you store the secret. 最好将存储密码的DB字段加密。
With that you could encrypt and decrypt files using any symmetric key algorithm. 这样,您可以使用任何对称密钥算法对文件进行加密和解密。 For example here is a example using AES that only requires javax.crypto API: https://www.mkyong.com/java/java-symmetric-key-cryptography-example/ 例如,下面是一个使用AES的示例,该示例仅需要javax.crypto API: https : //www.mkyong.com/java/java-symmetric-key-cryptography-example/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.