优化数据加密异常处理逻辑

framework-security/src/main/java/com/chelvc/framework/security/config/SecurityConfigurer.java

@@ -6,9 +6,9 @@ import javax.servlet.Filter;
 
 import com.chelvc.framework.base.interceptor.StandardUnifiedResponseWrapper;
 import com.chelvc.framework.base.interceptor.UnifiedResponseWrapper;
+import com.chelvc.framework.base.util.StringUtils;
 import com.chelvc.framework.security.annotation.Encrypt;
 import com.chelvc.framework.security.context.SecurityContextHolder;
-import lombok.extern.slf4j.Slf4j;
 import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -35,7 +35,6 @@ import org.springframework.web.filter.CorsFilter;
  * @author Woody
  * @date 2023/4/5
  */
-@Slf4j
 @Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfigurer extends GlobalMethodSecurityConfiguration {
@@ -70,13 +69,9 @@ public class SecurityConfigurer extends GlobalMethodSecurityConfiguration {
             public Object wrap(NativeWebRequest request, MethodParameter method, Object value) {
                 // 判断方法返回值是否需要加密
                 Method target = Objects.requireNonNull(method.getMethod());
-                if (target.getReturnType() == String.class && target.isAnnotationPresent(Encrypt.class)) {
-                    try {
-                        value = SecurityContextHolder.encrypt((String) value);
-                    } catch (Exception e) {
-                        // 如果加密失败则回退到明文传输
-                        log.error("Data encrypt failed: {}", e.getMessage());
-                    }
+                if (target.getReturnType() == String.class && target.isAnnotationPresent(Encrypt.class)
+                        && StringUtils.nonEmpty(value)) {
+                    value = SecurityContextHolder.encrypt((String) value, true);
                 }
                 return super.wrap(request, method, value);
             }

framework-security/src/main/java/com/chelvc/framework/security/context/SecurityContextHolder.java

@@ -73,6 +73,29 @@ public class SecurityContextHolder {
         return CODEC_CHARACTERISTIC_PREFIX + ciphertext + CODEC_CHARACTERISTIC_SUFFIX;
     }
 
+    /**
+     * 数据加密
+     *
+     * @param plaintext 数据明文
+     * @param safety    是否使用安全模式（如果加密失败则返回明文）
+     * @return 数据密文
+     */
+    public static String encrypt(String plaintext, boolean safety) {
+        // 非安全模式
+        if (!safety) {
+            return encrypt(plaintext);
+        }
+
+        // 安全模式
+        try {
+            return encrypt(plaintext);
+        } catch (Exception e) {
+            // 如果加密失败则返回明文
+            log.error("Data encrypt failed: {}", e.getMessage());
+            return plaintext;
+        }
+    }
+
     /**
      * 数据解密
      *

framework-security/src/main/java/com/chelvc/framework/security/interceptor/JacksonEncryptSerializer.java

@@ -11,7 +11,6 @@ import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.ContextualSerializer;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
-import lombok.extern.slf4j.Slf4j;
 
 /**
  * 敏感数据加密序列化处理器
@@ -19,7 +18,6 @@ import lombok.extern.slf4j.Slf4j;
  * @author Woody
  * @date 2023/7/28
  */
-@Slf4j
 public class JacksonEncryptSerializer extends StdSerializer<String> implements ContextualSerializer {
     /**
      * 敏感字段加密注解实例
@@ -40,13 +38,7 @@ public class JacksonEncryptSerializer extends StdSerializer<String> implements C
         if (this.encrypt == null || StringUtils.isEmpty(plaintext)) {
             generator.writeString(plaintext);
         } else {
-            try {
-                generator.writeString(SecurityContextHolder.encrypt(plaintext));
-            } catch (Exception e) {
-                // 如果加密失败则回退到明文传输
-                log.error("Data encrypt failed: {}", e.getMessage());
-                generator.writeString(plaintext);
-            }
+            generator.writeString(SecurityContextHolder.encrypt(plaintext, true));
         }
     }