2026/7/13

rclone

rclone

rclone 等同雲端版 rsync,可以同步 / 備份資料到雲端,在不同雲端之間拷資料,把雲端 掛載成資料夾mount。支援 Google Drive、OneDrive、Dropbox、S3、Backblaze B2、FTP、SFTP、WebDAV。

ftp

rclone config

NOTICE: Config file "/root/.config/rclone/rclone.conf" not found - using defaults
No remotes found, make a new one?
n) New remote
s) Set configuration password
q) Quit config

設定過程

n/s/q> n

Enter name for new remote.
name> ftp1

Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
 1 / 1Fichier
   \ (fichier)
 2 / Akamai NetStorage
   \ (netstorage)
 3 / Alias for an existing remote
   \ (alias)
 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, Cubbit, DigitalOcean, Dreamhost, Exaba, FileLu, FlashBlade, GCS, Hetzner, HuaweiOBS, IBMCOS, IDrive, Intercolo, IONOS, Leviia, Liara, Linode, LyveCloud, Magalu, Mega, Minio, Netease, Outscale, OVHcloud, Petabox, Qiniu, Rabata, RackCorp, Rclone, Scaleway, SeaweedFS, Selectel, Servercore, SpectraLogic, StackPath, Storj, Synology, TencentCOS, Wasabi, Zata, Other
   \ (s3)
 5 / Backblaze B2
   \ (b2)
 6 / Better checksums for other remotes
   \ (hasher)
 7 / Box
   \ (box)
 8 / Cache a remote
   \ (cache)
 9 / Citrix Sharefile
   \ (sharefile)
10 / Cloudinary
   \ (cloudinary)
11 / Combine several remotes into one
   \ (combine)
12 / Compress a remote
   \ (compress)
13 / DOI datasets
   \ (doi)
14 / Dropbox
   \ (dropbox)
15 / Encrypt/Decrypt a remote
   \ (crypt)
16 / Enterprise File Fabric
   \ (filefabric)
17 / FTP
   \ (ftp)
18 / FileLu Cloud Storage
   \ (filelu)
19 / Files.com
   \ (filescom)
20 / Gofile
   \ (gofile)
21 / Google Cloud Storage (this is not Google Drive)
   \ (google cloud storage)
22 / Google Drive
   \ (drive)
23 / Google Photos
   \ (google photos)
24 / HTTP
   \ (http)
25 / Hadoop distributed file system
   \ (hdfs)
26 / HiDrive
   \ (hidrive)
27 / ImageKit.io
   \ (imagekit)
28 / In memory object storage system.
   \ (memory)
29 / Internet Archive
   \ (internetarchive)
30 / Jottacloud
   \ (jottacloud)
31 / Koofr, Digi Storage and other Koofr-compatible storage providers
   \ (koofr)
32 / Linkbox
   \ (linkbox)
33 / Local Disk
   \ (local)
34 / Mail.ru Cloud
   \ (mailru)
35 / Mega
   \ (mega)
36 / Microsoft Azure Blob Storage
   \ (azureblob)
37 / Microsoft Azure Files
   \ (azurefiles)
38 / Microsoft OneDrive
   \ (onedrive)
39 / OpenDrive
   \ (opendrive)
40 / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)
   \ (swift)
41 / Oracle Cloud Infrastructure Object Storage
   \ (oracleobjectstorage)
42 / Pcloud
   \ (pcloud)
43 / PikPak
   \ (pikpak)
44 / Pixeldrain Filesystem
   \ (pixeldrain)
45 / Proton Drive
   \ (protondrive)
46 / Put.io
   \ (putio)
47 / QingCloud Object Storage
   \ (qingstor)
48 / Quatrix by Maytech
   \ (quatrix)
49 / Read archives
   \ (archive)
50 / SMB / CIFS
   \ (smb)
51 / SSH/SFTP
   \ (sftp)
52 / Sia Decentralized Cloud
   \ (sia)
53 / Storj Decentralized Cloud Storage
   \ (storj)
54 / Sugarsync
   \ (sugarsync)
55 / Transparently chunk/split large files
   \ (chunker)
56 / Uloz.to
   \ (ulozto)
57 / Union merges the contents of several upstream fs
   \ (union)
58 / Uptobox
   \ (uptobox)
59 / WebDAV
   \ (webdav)
60 / Yandex Disk
   \ (yandex)
61 / Zoho
   \ (zoho)
62 / iCloud Drive
   \ (iclouddrive)
63 / premiumize.me
   \ (premiumizeme)
64 / seafile
   \ (seafile)
Storage> ftp

Option host.
FTP host to connect to.
E.g. "ftp.example.com".
Enter a value.
host> 192.168.1.3

Option user.
FTP username.
Enter a value of type string. Press Enter for the default (root).
user> maxkit

Option port.
FTP port number.
Enter a signed integer. Press Enter for the default (21).
port> 21

Option pass.
FTP password.
Choose an alternative below. Press Enter for the default (n).
y) Yes, type in my own password
g) Generate random password
n) No, leave this optional password blank (default)
y/g/n> y
Enter the password:
password:
Confirm the password:
password:

Option tls.
Use Implicit FTPS (FTP over TLS).
When using implicit FTP over TLS the client connects using TLS
right from the start which breaks compatibility with
non-TLS-aware servers. This is usually served over port 990 rather
than port 21. Cannot be used in combination with explicit FTPS.
Enter a boolean value (true or false). Press Enter for the default (false).
tls> false

Option explicit_tls.
Use Explicit FTPS (FTP over TLS).
When using explicit FTP over TLS the client explicitly requests
security from the server in order to upgrade a plain text connection
to an encrypted one. Cannot be used in combination with implicit FTPS.
Enter a boolean value (true or false). Press Enter for the default (false).
explicit_tls>

Edit advanced config?
y) Yes
n) No (default)
y/n> y

Option concurrency.
Maximum number of FTP simultaneous connections, 0 for unlimited.
Note that setting this is very likely to cause deadlocks so it should
be used with care.
If you are doing a sync or copy then make sure concurrency is one more
than the sum of `--transfers` and `--checkers`.
If you use `--check-first` then it just needs to be one more than the
maximum of `--checkers` and `--transfers`.
So for `concurrency 3` you'd use `--checkers 2 --transfers 2
--check-first` or `--checkers 1 --transfers 1`.
Enter a signed integer. Press Enter for the default (0).
concurrency> 3

Option no_check_certificate.
Do not verify the TLS certificate of the server.
Enter a boolean value (true or false). Press Enter for the default (false).
no_check_certificate>

Option disable_epsv.
Disable using EPSV even if server advertises support.
Enter a boolean value (true or false). Press Enter for the default (false).
disable_epsv>

Option disable_mlsd.
Disable using MLSD even if server advertises support.
Enter a boolean value (true or false). Press Enter for the default (false).
disable_mlsd>

Option disable_utf8.
Disable using UTF-8 even if server advertises support.
Enter a boolean value (true or false). Press Enter for the default (false).
disable_utf8>

Option writing_mdtm.
Use MDTM to set modification time (VsFtpd quirk)
Enter a boolean value (true or false). Press Enter for the default (false).
writing_mdtm>

Option force_list_hidden.
Use LIST -a to force listing of hidden files and folders. This will disable the use of MLSD.
Enter a boolean value (true or false). Press Enter for the default (false).
force_list_hidden>

Option idle_timeout.
Max time before closing idle connections.
If no connections have been returned to the connection pool in the time
given, rclone will empty the connection pool.
Set to 0 to keep connections indefinitely.
Enter a duration s,m,h,d,w,M,y. Press Enter for the default (1m0s).
idle_timeout>

Option close_timeout.
Maximum time to wait for a response to close.
Enter a duration s,m,h,d,w,M,y. Press Enter for the default (1m0s).
close_timeout>

Option tls_cache_size.
Size of TLS session cache for all control and data connections.
TLS cache allows to resume TLS sessions and reuse PSK between connections.
Increase if default size is not enough resulting in TLS resumption errors.
Enabled by default. Use 0 to disable.
Enter a signed integer. Press Enter for the default (32).
tls_cache_size>

Option disable_tls13.
Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
Enter a boolean value (true or false). Press Enter for the default (false).
disable_tls13>

Option allow_insecure_tls_ciphers.
Allow insecure TLS ciphers
Setting this flag will allow the usage of the following TLS ciphers in addition to the secure defaults:
- TLS_RSA_WITH_AES_128_GCM_SHA256
Enter a boolean value (true or false). Press Enter for the default (false).
allow_insecure_tls_ciphers>

Option shut_timeout.
Maximum time to wait for data connection closing status.
Enter a duration s,m,h,d,w,M,y. Press Enter for the default (1m0s).
shut_timeout>

Option ask_password.
Allow asking for FTP password when needed.
If this is set and no password is supplied then rclone will ask for a password
Enter a boolean value (true or false). Press Enter for the default (false).
ask_password>

Option socks_proxy.
Socks 5 proxy host.

Supports the format user:pass@host:port, user@host:port, host:port.

Example:

    myUser:myPass@localhost:9005
Enter a value. Press Enter to leave empty.
socks_proxy>

Option http_proxy.
URL for HTTP CONNECT proxy
Set this to a URL for an HTTP proxy which supports the HTTP CONNECT verb.
Enter a value. Press Enter to leave empty.
http_proxy>

Option no_check_upload.
Don't check the upload is OK
Normally rclone will try to check the upload exists after it has
uploaded a file to make sure the size and modification time are as
expected.
This flag stops rclone doing these checks. This enables uploading to
folders which are write only.
You will likely need to use the --inplace flag also if uploading to
a write only folder.
Enter a boolean value (true or false). Press Enter for the default (false).
no_check_upload>

Option encoding.
The encoding for the backend.
See the [encoding section in the overview](/overview/#encoding) for more info.
Choose a number from below, or type in your own value of type Encoding.
Press Enter for the default (Slash,Del,Ctl,RightSpace,Dot).
 1 / ProFTPd can't handle '*' in file names
   \ (Asterisk,Ctl,Dot,Slash)
 2 / PureFTPd can't handle '[]' or '*' in file names
   \ (BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket)
 3 / VsFTPd can't handle file names starting with dot
   \ (Ctl,LeftPeriod,Slash)
encoding>

Option description.
Description of the remote.
Enter a value. Press Enter to leave empty.
description>

Edit advanced config?
y) Yes
n) No (default)
y/n>

Configuration complete.
Options:
- type: ftp
- host: 192.168.1.3
- user: maxkit
- pass: *** ENCRYPTED ***
- concurrency: 3
Keep this "ftp1" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y

Current remotes:

Name                 Type
====                 ====
ftp1                 ftp

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q

測試,注意 ls 會遞迴進入所有目錄 list 所有檔案

# list directory
rclone lsd ftp1:
# list file
rclone ls ftp1:

看到清單就代表連線 OK


mount 目錄

# 建立目錄
mkdir -p /mnt/ftp1

# mount --daemon 會 fork 到前景,測試時可不需要用
rclone mount ftp1: /mnt/ftp1 \
  --vfs-cache-mode full \
  --vfs-cache-max-size 5G \
  --vfs-cache-max-age 24h \
  --allow-other \
  --daemon

ls /mnt/ftp1

# unmount
fusermount3 -u /mnt/ftp1
#rclone unmount /mnt/ftp1

systemd service

vi /etc/systemd/system/rclone-ftp1.service

[Unit]
Description=Rclone FTP Mount
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/rclone mount ftp1: /mnt/ftp1 \
  --vfs-cache-mode full \
  --vfs-cache-max-size 5G \
  --vfs-cache-max-age 24h \
  --allow-other
ExecStop=/bin/fusermount3 -u /mnt/ftp1
Restart=always
User=root

[Install]
WantedBy=multi-user.target

啟用

systemctl daemon-reload
systemctl enable --now rclone-ftp1

sftp

設定

e/n/d/r/c/s/q> n

Enter name for new remote.
name> sftp1

Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
 1 / 1Fichier
   \ (fichier)
 2 / Akamai NetStorage
   \ (netstorage)
 3 / Alias for an existing remote
   \ (alias)
 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, Cubbit, DigitalOcean, Dreamhost, Exaba, FileLu, FlashBlade, GCS, Hetzner, HuaweiOBS, IBMCOS, IDrive, Intercolo, IONOS, Leviia, Liara, Linode, LyveCloud, Magalu, Mega, Minio, Netease, Outscale, OVHcloud, Petabox, Qiniu, Rabata, RackCorp, Rclone, Scaleway, SeaweedFS, Selectel, Servercore, SpectraLogic, StackPath, Storj, Synology, TencentCOS, Wasabi, Zata, Other
   \ (s3)
 5 / Backblaze B2
   \ (b2)
 6 / Better checksums for other remotes
   \ (hasher)
 7 / Box
   \ (box)
 8 / Cache a remote
   \ (cache)
 9 / Citrix Sharefile
   \ (sharefile)
10 / Cloudinary
   \ (cloudinary)
11 / Combine several remotes into one
   \ (combine)
12 / Compress a remote
   \ (compress)
13 / DOI datasets
   \ (doi)
14 / Dropbox
   \ (dropbox)
15 / Encrypt/Decrypt a remote
   \ (crypt)
16 / Enterprise File Fabric
   \ (filefabric)
17 / FTP
   \ (ftp)
18 / FileLu Cloud Storage
   \ (filelu)
19 / Files.com
   \ (filescom)
20 / Gofile
   \ (gofile)
21 / Google Cloud Storage (this is not Google Drive)
   \ (google cloud storage)
22 / Google Drive
   \ (drive)
23 / Google Photos
   \ (google photos)
24 / HTTP
   \ (http)
25 / Hadoop distributed file system
   \ (hdfs)
26 / HiDrive
   \ (hidrive)
27 / ImageKit.io
   \ (imagekit)
28 / In memory object storage system.
   \ (memory)
29 / Internet Archive
   \ (internetarchive)
30 / Jottacloud
   \ (jottacloud)
31 / Koofr, Digi Storage and other Koofr-compatible storage providers
   \ (koofr)
32 / Linkbox
   \ (linkbox)
33 / Local Disk
   \ (local)
34 / Mail.ru Cloud
   \ (mailru)
35 / Mega
   \ (mega)
36 / Microsoft Azure Blob Storage
   \ (azureblob)
37 / Microsoft Azure Files
   \ (azurefiles)
38 / Microsoft OneDrive
   \ (onedrive)
39 / OpenDrive
   \ (opendrive)
40 / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)
   \ (swift)
41 / Oracle Cloud Infrastructure Object Storage
   \ (oracleobjectstorage)
42 / Pcloud
   \ (pcloud)
43 / PikPak
   \ (pikpak)
44 / Pixeldrain Filesystem
   \ (pixeldrain)
45 / Proton Drive
   \ (protondrive)
46 / Put.io
   \ (putio)
47 / QingCloud Object Storage
   \ (qingstor)
48 / Quatrix by Maytech
   \ (quatrix)
49 / Read archives
   \ (archive)
50 / SMB / CIFS
   \ (smb)
51 / SSH/SFTP
   \ (sftp)
52 / Sia Decentralized Cloud
   \ (sia)
53 / Storj Decentralized Cloud Storage
   \ (storj)
54 / Sugarsync
   \ (sugarsync)
55 / Transparently chunk/split large files
   \ (chunker)
56 / Uloz.to
   \ (ulozto)
57 / Union merges the contents of several upstream fs
   \ (union)
58 / Uptobox
   \ (uptobox)
59 / WebDAV
   \ (webdav)
60 / Yandex Disk
   \ (yandex)
61 / Zoho
   \ (zoho)
62 / iCloud Drive
   \ (iclouddrive)
63 / premiumize.me
   \ (premiumizeme)
64 / seafile
   \ (seafile)
Storage> sftp

Option host.
SSH host to connect to.
E.g. "example.com".
Enter a value.
host> 192.168.1.3

Option user.
SSH username.
Enter a value of type string. Press Enter for the default (root).
user> maxkit

Option port.
SSH port number.
Enter a signed integer. Press Enter for the default (22).
port>

Option pass.
SSH password, leave blank to use ssh-agent.
Choose an alternative below. Press Enter for the default (n).
y) Yes, type in my own password
g) Generate random password
n) No, leave this optional password blank (default)
y/g/n> y
Enter the password:
password:
Confirm the password:
password:

Option key_pem.
Raw PEM-encoded private key.
Note that this should be on a single line with line endings replaced with '\n', eg
    key_pem = -----BEGIN RSA PRIVATE KEY-----\nMaMbaIXtE\n0gAMbMbaSsd\nMbaass\n-----END RSA PRIVATE KEY-----
This will generate the single line correctly:
    awk '{printf "%s\\n", $0}' < ~/.ssh/id_rsa
If specified, it will override the key_file parameter.
Enter a value. Press Enter to leave empty.
key_pem>

Option key_file.
Path to PEM-encoded private key file.
Leave blank or set key-use-agent to use ssh-agent.
Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
Enter a value. Press Enter to leave empty.
key_file>

Option key_file_pass.
The passphrase to decrypt the PEM-encoded private key file.
Only PEM encrypted key files (old OpenSSH format) are supported. Encrypted keys
in the new OpenSSH format can't be used.
Choose an alternative below. Press Enter for the default (n).
y) Yes, type in my own password
g) Generate random password
n) No, leave this optional password blank (default)
y/g/n> y
Enter the password:
password:
Confirm the password:
password:

Option pubkey.
SSH public certificate for public certificate based authentication.
Set this if you have a signed certificate you want to use for authentication.
If specified will override pubkey_file.
Enter a value. Press Enter to leave empty.
pubkey>

Option pubkey_file.
Optional path to public key file.
Set this if you have a signed certificate you want to use for authentication.
Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
Enter a value. Press Enter to leave empty.
pubkey_file>

Option key_use_agent.
When set forces the usage of the ssh-agent.
When key-file is also set, the ".pub" file of the specified key-file is read and only the associated key is
requested from the ssh-agent. This allows to avoid `Too many authentication failures for *username*` errors
when the ssh-agent contains many keys.
Enter a boolean value (true or false). Press Enter for the default (false).
key_use_agent>

Option use_insecure_cipher.
Enable the use of insecure ciphers and key exchange methods.
This enables the use of the following insecure ciphers and key exchange methods:
- aes128-cbc
- aes192-cbc
- aes256-cbc
- 3des-cbc
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group-exchange-sha1
Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.
This must be false if you use either ciphers or key_exchange advanced options.
Choose a number from below, or type in your own boolean value (true or false).
Press Enter for the default (false).
 1 / Use default Cipher list.
   \ (false)
 2 / Enables the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange.
   \ (true)
use_insecure_cipher>

Option disable_hashcheck.
Disable the execution of SSH commands to determine if remote file hashing is available.
Leave blank or set to false to enable hashing (recommended), set to true to disable hashing.
Enter a boolean value (true or false). Press Enter for the default (false).
disable_hashcheck>

Option ssh.
Path and arguments to external ssh binary.
Normally rclone will use its internal ssh library to connect to the
SFTP server. However it does not implement all possible ssh options so
it may be desirable to use an external ssh binary.
Rclone ignores all the internal config if you use this option and
expects you to configure the ssh binary with the user/host/port and
any other options you need.
**Important** The ssh command must log in without asking for a
password so needs to be configured with keys or certificates.
Rclone will run the command supplied either with the additional
arguments "-s sftp" to access the SFTP subsystem or with commands such
as "md5sum /path/to/file" appended to read checksums.
Any arguments with spaces in should be surrounded by "double quotes".
An example setting might be:
    ssh -o ServerAliveInterval=20 user@example.com
Note that when using an external ssh binary rclone makes a new ssh
connection for every hash it calculates.
Enter a value of type SpaceSepList. Press Enter to leave empty.
ssh>

Edit advanced config?
y) Yes
n) No (default)
y/n> n

Configuration complete.
Options:
- type: sftp
- host: 192.168.1.3
- user: maxkit
- pass: *** ENCRYPTED ***
- key_file_pass: *** ENCRYPTED ***
Keep this "sftp1" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y

Current remotes:

Name                 Type
====                 ====
ftp1                 ftp
sftp1                sftp

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q

mount

mkdir -p /mnt/sftp1

測試

rclone lsd sftp1:

rclone mount sftp1:/ /mnt/sftp1 \
  --allow-other \
  --vfs-cache-mode full \
  --buffer-size 64M \
  --daemon

ls -al /mnt/sftp1/
/bin/fusermount3 -u /mnt/sftp1

service

vi /etc/systemd/system/rclone-sftp1.service

[Unit]
Description=Rclone SFTP Mount
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/rclone mount sftp1: /mnt/sftp1 \
  --vfs-cache-mode full \
  --buffer-size 64M \
  --allow-other
ExecStop=/bin/fusermount3 -u /mnt/sftp1
Restart=always
User=root

[Install]
WantedBy=multi-user.target

啟動

systemctl daemon-reload
systemctl enable --now rclone-sftp1

直接編輯設定檔

# pwd 手動用 rclone 自帶工具加密
rclone obscure "yourpassword"
# 把結果放到 pass = <OBSCURED_PASSWORD>

設定檔

~/.config/rclone/rclone.conf

[ftp1]
type = ftp
host = 192.168.1.3
user = maxkit
pass = TwE1qxopK3QB87j3QOEn9-WH0HrZhhsC
concurrency = 3

[sftp1]
type = sftp
host = 192.168.1.3
user = maxkit
pass = EhKh5h2NNeX0W0FIej8M8xoP1o5rJeER
key_file_pass = TW5-tYJMrtLeF6ys1E2wIhM5Amm8PG5K
shell_type = unix
md5sum_command = md5sum
sha1sum_command = sha1sum
chmod 600 ~/.config/rclone/rclone.conf

2026/7/6

Spring AOP

AOP 概念

Aspect-Oriented-Programming 就是在 java business service method 上加工,製造 method 呼叫前後的切面斷點,用以提供一些通用的商務邏輯,最常見的就是 business method 加上 database transaction 的機制。

博客來-深入淺出Spring Boot 3.x 裡面有一個部分,嘗試用程式的方式,透過 spring 使用的 cglib 套件實作 AOP 的概念。

spring boot 有兩種 proxy bean 的方法:JDK 或 CGLIB,預設是用 cglib,以下是用 cglib 的 Enhancer 產生動態 proxy bean。

  • 產生 service 跟 impl

HelloService.java

package com.test.interceptor.service;

public interface HelloService {
    public void sayHello(String name);
}

HelloServiceImpl.java

package com.test.interceptor.service.impl;

import com.test.interceptor.service.HelloService;

public class HelloServiceImpl implements HelloService {

    @Override
    public void sayHello(String name) {
        if (name == null || "".equals(name.trim())) {
            throw new RuntimeException("parameter is null!!");
        }
        System.out.println("hello " + name);
    }

}
  • interceptor

Interceptor.java

package com.test.interceptor.interceptor;

import com.test.interceptor.Invocation;

public interface Interceptor {
    // before method invoke
    public void before();

    // after method invoke
    public void after();

    /**
     * wrap method to add around actions
     *
     * @param invocation
     * @return
     * @throws Throwable
     */
    public Object around(Invocation invocation) throws Throwable;

    // after return if no exception
    public void afterReturning();

    // after return if throws exception
    public void afterThrowing();

    // use around to wrap method
    public default boolean useAround() {
        return false;
    }
}

InterceptorImpl.java

package com.test.interceptor.interceptor;

import com.test.interceptor.Invocation;

public class InterceptorImpl implements Interceptor {

    @Override
    public void before() {
        System.out.println("before ......");
    }

    @Override
    public boolean useAround() {
        return true;
    }

    @Override
    public void after() {
        System.out.println("after ......");
    }

    @Override
    public Object around(Invocation invocation) throws Throwable {
        System.out.println("around before ......");
        Object obj = invocation.proceed();
        System.out.println("around after ......");
        return obj;
    }

    @Override
    public void afterReturning() {
        System.out.println("afterReturning......");
    }

    @Override
    public void afterThrowing() {
        System.out.println("afterThrowing......");
    }
}

透過 Invocation 製作這個流程

  1. 呼叫 interceptor 的 before()

  2. 呼叫 target object method

  3. 當 method throw exception,呼叫 afterThrowing()

  4. 當 method 正常執行完成,呼叫 afterReturning()

  5. 呼叫 after()

  6. 如果 interceptor 的 useAround() 回傳 true,會用 around() 取代上面的流程

Invocation.java

package com.test.interceptor;

import com.test.interceptor.interceptor.Interceptor;
import lombok.Data;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;

@Data
public class Invocation {
    private Object[] params;
    private Method method;
    private Object target;
    private Interceptor interceptor;

    public Invocation(Object target, Method method, Object[] params, Interceptor interceptor) {
        this.target = target;
        this.method = method;
        this.params = params;
        this.interceptor = interceptor;
    }

    // reflection
    public Object proceed() throws InvocationTargetException, IllegalAccessException {
        Object retObj = null; // return object
        boolean exceptionFlag = false; // exception flag
        // invoke before()
        this.interceptor.before();
        try {
            // use reflection to call method
            retObj = method.invoke(target, params);
        } catch (Exception ex) {
            // exception flag
            exceptionFlag = true;
        }
        if (exceptionFlag) {
            this.interceptor.afterThrowing();
        } else {
            this.interceptor.afterReturning();
        }
        this.interceptor.after();
        return retObj;
    }

}
  • 將 target object 跟 interceptor 合併為流程

ProxyBean.java

package com.test.interceptor;

import com.test.interceptor.interceptor.Interceptor;
import org.springframework.cglib.proxy.Enhancer;
import org.springframework.cglib.proxy.MethodInterceptor;
import org.springframework.cglib.proxy.MethodProxy;

import java.lang.reflect.Method;

public class ProxyBean implements MethodInterceptor {
    private Interceptor interceptor = null;
    private Object target = null;

    /**
     * create proxy bean
     * @param target
     * @param interceptor
     * @return
     */
    public static Object getProxy(Object target, Interceptor interceptor) {
        var proxyBean = new ProxyBean();
        // create cglib Enhancer
        var enhancer = new Enhancer();
        // set proxy bean class
        enhancer.setSuperclass(target.getClass());
        // set proxy bean interfaces
        enhancer.setInterfaces(target.getClass().getInterfaces());
        // target object
        proxyBean.target = target;
        // interceptor
        proxyBean.interceptor = interceptor;
        // call proxyBean intercept()
        enhancer.setCallback(proxyBean);
        // create proxy bean
        var proxy = enhancer.create();
        return proxy;
    }

    /**
     * @param proxy  proxy bean
     * @param method interceptor method
     * @param args   method args
     * @param mproxy method proxy
     * @return return object
     */
    @Override
    public Object intercept(Object proxy, Method method, Object[] args, MethodProxy mproxy) throws Throwable {
        // invoke proxy bean
        var invocation = new Invocation(this.target, method, args, this.interceptor);
        Object result = null;
        if (this.interceptor.useAround()) { // enable around
            result = this.interceptor.around(invocation);
        } else {
            result = invocation.proceed();
        }
        return result;
    }
}
  • 測試

InterceptorTest.java

package com.test.interceptor;

import com.test.interceptor.interceptor.InterceptorImpl;
import com.test.interceptor.service.HelloService;
import com.test.interceptor.service.impl.HelloServiceImpl;

public class InterceptorTest {

    public static void main(String[] args) {
        testProxy();
    }

    public static void testProxy() {
        // target object
        var helloService = new HelloServiceImpl();
        // create proxy bean & interceptor
        var proxy = (HelloService) ProxyBean.getProxy(helloService, new InterceptorImpl());
        // call proxy bean method
        proxy.sayHello("Hello World");
        System.out.println("###############Testing Exception###############");
        proxy.sayHello(null);
    }

}
  • 執行結果
around before ......
before ......
hello Hello World
afterReturning......
after ......
around after ......
###############Testing Exception###############
around before ......
before ......
afterThrowing......
after ......
around after ......

AOP 術語

  • join point 連接點

    連接點就是告訴 AOP 在哪裡需要做 AOP,因為 AOP 只支援 method,被攔截的一定只能是 method

  • point cut 切點

    有時候需要啟動 AOP 的不是單一個 method,而是多個類別的不同 method。這邊可透過 regular expressoin 與指示器的規則定義 point cut,讓 AOP 根據定義匹配多個 methods。

  • advice 通知

    分為 before advice, after advice, around advice, afterReturning advice, afterThrowing advice

  • target 目標對象

    代理的物件對象,例如上面例子的 HelloServiceImpl

  • introduction 引用

    引用新的類別及 method,可增強現有bean的功能

  • weaving

    透過動態代理的技術,為目標物件生成代理物件。利用切點 join cut 的定義匹配的 join point 決定各類 advice 通知加入流程的過程

  • aspect 切面

    一個類別,透過它定義 AOP 的 point cut, advice

flowchart TB
    a1["target: HelloServiceImpl.sayHello()"]-->b2
    subgraph one [service]
    a1-->a2["cglib: weaving InterceptorImpl"]
    end
    subgraph two [InterceptorImpl, around advice]
    b1["before advice"]-->b2
    b2["method reflection"]-->b3{exception?}
    b3--yes-->b4
    b3--no-->b5
    b4["afterThrowing advice"]-->b6["after advice"]
    b5["afterReturning advice"]-->b6
    end

開發

pom.xml

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-aop</artifactId>
        </dependency>

確認 target

假設有一個 UserService, UserServiceImpl,裡面有 printUser method,printUser 就是 target

UserService.java

package com.test.aspect.service;

import com.test.aspect.pojo.User;

public interface UserService {
    public void printUser(User user);

    public void multiAspects();
}

UserServiceImpl.java

package com.test.aspect.service.impl;

import com.test.aspect.service.UserService;
import com.test.aspect.pojo.User;
import org.springframework.stereotype.Service;

@Service
public class UserServiceImpl implements UserService {
    @Override
    public void printUser(User user) {
        if (user == null) {
            throw new RuntimeException("user is null!");
        }
        System.out.println("user=" + user);
    }

    @Override
    public void multiAspects() {
        System.out.println("testing multiAspects");
    }
}

開發切面 @Aspect

內容主要是各種 Apsect advice

@Before, @After, @AfterReturning, @AfterThrowing 分別用一個相同的 regular expression 定義哪個地方要啟用 AOP,匹配 target 的 join point 連結點(method)

MyAspectTemp.java

package com.test.aspect;

import com.test.aspect.pojo.User;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.*;

// 宣告為 Aspect,要加上 Component 註冊到 IoC
@Aspect
@Component
public class MyAspectTemp {
    // 以 regular expression,指定 join point (包含 class, method)
    // execution  代表在執行時,要攔截匹配的 regluar expression
    // * 代表不在意 method 回傳任何資料型別
    // com.test.aspect.service.impl.UserServiceImpl  指定 target object
    // printUser  指定 method
    // (..) 代表匹配任意參數
    private static final String aopExp = "execution(* " + "com.test.aspect.service.impl.UserServiceImpl.printUser(..))";

    @Before(aopExp)
    public void before() {
        System.out.println("before ......");
    }

    @Before(aopExp)
    public void beforeParam(JoinPoint jp, User user) {
        System.out.println("beforeParam ......");
    }

    @After(aopExp)
    public void after() {
        System.out.println("after ......");
    }

    @AfterReturning(aopExp)
    public void afterReturning() {
        System.out.println("afterReturning ......");
    }

    @AfterThrowing(aopExp)
    public void afterThrowing() {
        System.out.println("afterThrowing ......");
    }

}

定義切點 Point cut

剛剛的 Aspect0.java 每個註解都有相同的 regular expression,這邊改用一個 method 定義切點 point cut @Pointcut(aopExp),再用該 point cut 定義 AOP advices

MyAspect.java

package com.test.aspect;

import com.test.aspect.validator.UserValidator;
import com.test.aspect.validator.impl.UserValidatorImpl;
import com.test.aspect.pojo.User;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.springframework.stereotype.Component;

// 宣告為 Aspect,要加上 Component 註冊到 IoC
@Aspect
@Component
public class MyAspect {
    // 以 regular expression,指定 join point (包含 class, method)
    // execution  代表在執行時,要攔截匹配的 regluar expression
    // * 代表不在意 method 回傳任何資料型別
    // com.test.aspect.service.impl.UserServiceImpl  指定 target object
    // printUser  指定 method
    // (..) 代表匹配任意參數
    private static final String aopExp = "execution(* " + "com.test.aspect.service.impl.UserServiceImpl.printUser(..))";

//    // 定義 Enhancer bean 與 class
//    @DeclareParents(
//            // 需要引入增强的Bean
//            value = "com.test.aspect.service.impl.UserServiceImpl",
//            // 用這個類別增強
//            defaultImpl = UserValidatorImpl.class)
//    // Enhancer interface
//    public UserValidator userValidator;

    // 用 @Pointcut 定義切點,後面的 advice 可用這個 method 指定 join point
    @Pointcut(aopExp)
    public void pointCut() {
    }

    @Before("pointCut()") // 用 point cut 定義
    public void before() {
        System.out.println("before ......");
    }

    // args(user) 代表要傳遞的參數
    @Before("pointCut() && args(user)")
    public void beforeParam(JoinPoint jp, User user) {
        System.out.println("beforeParam ......");
    }

    @After("pointCut()") // 用 point cut 定義
    public void after() {
        System.out.println("after ......");
    }

    @AfterReturning("pointCut()") // 用 point cut 定義
    public void afterReturning() {
        System.out.println("afterReturning ......");
    }

    @AfterThrowing("pointCut()") // 用 point cut 定義
    public void afterThrowing() {
        System.out.println("afterThrowing ......");
    }

//    @Around("pointCut()")
//    public void around(ProceedingJoinPoint jp) throws Throwable {
//        System.out.println("around before......");
//        // call back target object method
//        jp.proceed();
//        System.out.println("around after......");
//    }
}

@AspectJ關於@Pointcut 的指示器

類型 desc
arg() 限制 join point method 的參數
@args() 以 join point method 參數的註解進行限制
execution() 匹配 join point 的執行 method
this() 匹配當前 AOP 代理物件類別的方法
target target object
@target() 匹配當前 target object 類別的方法,target object 必須標注指定的註解
within 限制 join point 匹配指定的類別
@within() 限制 join point 帶有匹配註解的類別
@annotation 限制帶有指定註解的join point

測試AOP

加上 AopConfig.java

package com.test.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;

@Configuration
@ComponentScan("com.test.*")
@EnableAspectJAutoProxy // 啟動 AOP
public class AopConfig {

}

AopTest1Service.java

package com.test.main;

import com.test.aspect.pojo.User;
import com.test.aspect.service.UserService;
import com.test.aspect.validator.UserValidator;
import com.test.config.AopConfig;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

public class AopTest1Service {

    public static void main(String[] args) {
        testAop();
    }

    public static void testAop() {
        var ctx = new AnnotationConfigApplicationContext(AopConfig.class);
        try {
            var userService = ctx.getBean(UserService.class);
            var user = new User();
            user.setId(1L);
            user.setUserName("username1");
            user.setNote("note1");
            userService.printUser(user);
            System.out.println("########## exception test #####");
            userService.printUser(null);
        } finally {
            ctx.close();
        }
    }

}

執行結果

before ......
user=User(id=1, userName=username1, note=note1)
afterReturning ......
after ......
########## exception test #####
before ......
afterThrowing ......
after ......
Exception in thread "main" java.lang.RuntimeException: user is null!

around advice

只有在需要大幅度修改原本 target object 的商業邏輯時,才需要使用 around,一般狀況下,不要使用 around

修改 MyAspect.java 加上 around

    @Around("pointCut()")
    public void around(ProceedingJoinPoint jp) throws Throwable {
        System.out.println("around before......");
        // call back target object method
        jp.proceed();
        System.out.println("around after......");
    }

AopTest1Service.java 執行結果

around before......
before ......
beforeParam ......
user=User(id=1, userName=username1, note=note1)
afterReturning ......
after ......
around after......
########## exception test #####
around before......
before ......
beforeParam ......
afterThrowing ......
after ......

Introduction

在使用 UserService 時,會因為 null 發生 exception,可利用 introduction 功能增強,而不需要修改原本的 UserServiceImpl

UserValidator.java

package com.test.aspect.validator;

import com.test.aspect.pojo.User;

public interface UserValidator {
    // testing user object is null or not
    public boolean validate(User user);
}

UserValidatorImpl.java

package com.test.aspect.validator.impl;

import com.test.aspect.validator.UserValidator;
import com.test.aspect.pojo.User;

public class UserValidatorImpl implements UserValidator {
    @Override
    public boolean validate(User user) {
        System.out.println("validate user with class: " + UserValidator.class.getSimpleName());
        return user != null;
    }
}

修改剛剛的 MyAspect.java

    // 定義 Enhancer bean 與 class
    @DeclareParents(
            // 需要 introduction 增强的Bean
            value = "com.test.aspect.service.impl.UserServiceImpl",
            // 用這個類別增強
            defaultImpl = UserValidatorImpl.class)
    // Enhancer interface
    public UserValidator userValidator;

測試

將 userService 轉換為 UserValidator 後使用 validate()

AopTest2Introduction.java

package com.test.main;

import com.test.aspect.pojo.User;
import com.test.aspect.service.UserService;
import com.test.aspect.validator.UserValidator;
import com.test.config.AopConfig;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

public class AopTest2Introduction {

    public static void main(String[] args) {
        testIntroduction();
    }

    public static void testIntroduction() {
        var ctx = new AnnotationConfigApplicationContext(AopConfig.class);
        try {
            var userService = ctx.getBean(UserService.class);
            var user = new User();
            user.setId(1L);
            user.setUserName("username1");
            user.setNote("note1");
            // convert to UserValidator interface
            var userValidator = (UserValidator) userService;
            // 检查user is null ot not
            if (userValidator.validate(user)) {
                // 檢查通過,列印user 資訊
                userService.printUser(user);
            }

        } finally {
            ctx.close();
        }
    }

}

執行結果,就不會發生 exception

validate user with class: UserValidator
before ......
beforeParam ......
user=User(id=1, userName=username1, note=note1)
afterReturning ......
after ......

advice parameter

要給 advice 通知加上參數,只需要修改 regular expression 與指示器

    // args(user) 代表要傳遞的參數
    @Before("pointCut() && args(user)")
    public void beforeParam(JoinPoint jp, User user) {
        System.out.println("beforeParam ......");
    }

weaving

先用一個 interface 再加上實作,是 spring 推薦的方式,但 AOP 並不一定只能用在 interface。

動態代理有 JDK, cglib 及 JDK, javaassist。JDK 動態代理是要求代理對象必須要是 interface,但 cglib 沒有限制。預設狀況,如果有 interface,spring 會使用 JDK 動態代理,如果沒有,就用 cglib。

spring boot 預設就是使用 cglib。上面的 AopConfig.java 如果加上 @SpringBootApplication 就代表這是 spring boot

# false: 採用原本 spring 的方法
# true: 預設值,使用 spring boot 的方法,永遠使用 cglib
spring.aop.proxy-target-class=false

多個切面

AOP 可同時對一個 method 支援多個 aspects。

首先定義三個 Aspects

MyAspect1.java

package com.test.aspect.multi;

import org.aspectj.lang.annotation.*;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Aspect
@Component
//@Order(3)
public class MyAspect1 implements Ordered {

    // 順序
    @Override
    public int getOrder() {
        return 3;
    }

    private static final String exp = "execution(* " + "com.test.aspect.service.impl.UserServiceImpl.multiAspects(..))";

    @Pointcut(exp)
    public void multiAspects() {
    }

    @Before("multiAspects()")
    public void before() {
        System.out.println("MyAspect1 before ......");
    }

    @After("multiAspects()")
    public void after() {
        System.out.println("MyAspect1 after ......");
    }

    @AfterReturning("multiAspects()")
    public void afterReturning() {
        System.out.println("MyAspect1 afterReturning ......");
    }

}

MyApsect2.java

package com.test.aspect.multi;

import org.aspectj.lang.annotation.*;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Aspect
@Component
//@Order(2)
public class MyAspect2 implements Ordered {

    // 順序
    @Override
    public int getOrder() {
        return 2;
    }

    private static final String exp = "execution(* " + "com.test.aspect.service.impl.UserServiceImpl.multiAspects(..))";

    @Pointcut(exp)
    public void multiAspects() {
    }

    @Before("multiAspects()")
    public void before() {
        System.out.println("MyAspect2 before ......");
    }

    @After("multiAspects()")
    public void after() {
        System.out.println("MyAspect2 after ......");
    }

    @AfterReturning("multiAspects()")
    public void afterReturning() {
        System.out.println("MyAspect2 afterReturning ......");
    }

}

MyAspect3.java

package com.test.aspect.multi;

import org.aspectj.lang.annotation.*;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Aspect
@Component
@Order(1)
public class MyAspect3 {

//    // 順序
//    @Override
//    public int getOrder() {
//        return 1;
//    }

    private static final String exp = "execution(* " + "com.test.aspect.service.impl.UserServiceImpl.multiAspects(..))";

    @Pointcut(exp)
    public void multiAspects() {
    }

    @Before("multiAspects()")
    public void before() {
        System.out.println("MyAspect3 before ......");
    }

    @After("multiAspects()")
    public void after() {
        System.out.println("MyAspect3 after ......");
    }

    @AfterReturning("multiAspects()")
    public void afterReturning() {
        System.out.println("MyAspect3 afterReturning ......");
    }

}

Aspects 的執行先後順序是用 @Order 或是 override Order interface 的 public int getOrder(),上面設定執行順序為 MyAspect3, MyAspect2, MyAspect1

AopTest3MultiAspect.java

package com.test.main;

import com.test.aspect.pojo.User;
import com.test.aspect.service.UserService;
import com.test.aspect.validator.UserValidator;
import com.test.config.AopConfig;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

public class AopTest3MultiAspect {

    public static void main(String[] args) {
        testMultiAspects();
    }

    public static void testMultiAspects() {
        var ctx = new AnnotationConfigApplicationContext(AopConfig.class);
        try {
            var userService = ctx.getBean(UserService.class);
            // 測試 multiple aspects
            userService.multiAspects();
        } finally {
            ctx.close();
        }
    }
}

測試結果

MyAspect3 before ......
MyAspect2 before ......
MyAspect1 before ......
testing multiAspects
MyAspect1 afterReturning ......
MyAspect1 after ......
MyAspect2 afterReturning ......
MyAspect2 after ......
MyAspect3 afterReturning ......
MyAspect3 after ......

2026/6/29

Spring IoC

需要管理的物件對象稱為 Spring Bean,Bean 的管理器稱為 Spring IoC Container。IoC container 有兩個功能

  • 管理 bean 的定義、發布、設定、銷毀

  • 描述 bean 之間的依賴關係

所有 IoC Container 都需要實作 BeanFactory Interface,主要的 method:

  • getBean

    依照名稱/類別,取得 bean

    Object getBean(String name) throws BeansException;
    <T> T getBean(String name, Class<T> requiredType) throws BeansException;
    <T> T getBean(Class<T> requiredType) throws BeansException;
    Object getBean(String name, Object... args) throws BeansException;
    <T> T getBean(Class<T> requiredType, Object... args) throws BeansException;
  • getBeanProvider

    <T> ObjectProvider<T> getBeanProvider(Class<T> requiredType);
    <T> ObjectProvider<T> getBeanProvider(ResolvableType requiredType);
  • containsBean

    boolean containsBean(String name);
  • isSingleton

    IoC 裡面,bean 預設都是 singleton,getBean 預設都會回傳同一個 bean

    boolean isSingleton(String name) throws NoSuchBeanDefinitionException;
  • isPrototype

    getBean 會透過 IoC 產生新的 bean 回傳

    boolean isPrototype(String name) throws NoSuchBeanDefinitionException;
  • isTypeMatch

    boolean isTypeMatch(String name, ResolvableType typeToMatch) throws NoSuchBeanDefinitionException;
    boolean isTypeMatch(String name, Class<?> typeToMatch) throws NoSuchBeanDefinitionException;
  • getType

    Class<?> getType(String name) throws NoSuchBeanDefinitionException;
    Class<?> getType(String name, boolean allowFactoryBeanInit) throws NoSuchBeanDefinitionException;
  • getAliases

    String[] getAliases(String name);

spring 在 BeanFactory 基礎上,加上 ApplicationContext,實際的 application 大部分都是使用 ApplicationContext 的 interface


@Component vs @Bean

ref: 注解中@Component和@Bean的区别 - JAVA 牛牛

  • @Component(@Controller、@Service、@Repository)是透過 ComponentScan 掃描來做自動偵測,並自動設定到IoC。@Component 只是一個類別的定義,告知 IoC 要產生這個類別的 bean

  • 在 @Compoent 類別的屬性裡面,加上 @Value,可直接設定該欄位的值

  • @Bean 是使用在 method,在有該 annotation 的 method 會回傳一個 bean 的物件。該 method 裡面是產生 bean 的邏輯。

import lombok.Data;
import org.springframework.stereotype.Component;

@Data
@Component("user")
//@Scope("prototype")
public class User {
    private Long id;
    private String userName;
    private String note;
}
import lombok.Data;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Data
@Component("admin")
public class Admin {

    @Value("1")
    private Long id;
    @Value("user_name_1")
    private String userName;
    @Value("note_1")
    private String note;
}

AppConfig.java

@Configuration
@ComponentScan(basePackages = "com.test.ioc.*"
//        excludeFilters = @ComponentScan.Filter(type= FilterType.ANNOTATION, classes = Service.class)
)
public class AppConfig {
    // name 代表 Bean名稱
    @Bean(name = "user2")
    public User initUser() {
        var user = new User();
        user.setId(2L);
        user.setUserName("user_name_2");
        user.setNote("note_2");
        return user;
    }
}

測試

public class IoCTest {

    public static void main(String[] args) {
        var ctx = new AnnotationConfigApplicationContext(AppConfig.class);
        try {
            var admimbean1 = ctx.getBean(Admin.class);
            var admimbean2 = ctx.getBean(Admin.class);
            var admimbean3 = ctx.getBean("admin");
            System.out.println("Admin: admimbean1, name=" + admimbean1.getUserName());
            System.out.println("Admin 2==3:" + (admimbean1 == admimbean2)+", name="+admimbean2.getUserName());
            System.out.println("Admin 1==3:" + (admimbean1 == admimbean3)+", name="+((Admin)admimbean3).getUserName());

            var userbaen1 = ctx.getBean("user");
            var userbaen2 = ctx.getBean("user2");
//            var userbaen3 = ctx.getBean(User.class);
            System.out.println("User: userbaen1, name=" + ((User)userbaen1).getUserName());
            System.out.println("User: userbaen2, name=" + ((User)userbaen2).getUserName());
//            System.out.println("User: userbaen3, name=" + ((User)userbaen3).getUserName());
            System.out.println("User 1==2:" + (userbaen1 == userbaen2)+", name="+((User)userbaen1).getUserName());
//            System.out.println("User 2==3:" + (userbaen2 == userbaen3)+", name="+((User)userbaen3).getUserName());
        } finally {
            ctx.close();
        }
    }
}

結果

Admin: admimbean1, name=user_name_1
Admin 2==3:true, name=user_name_1
Admin 1==3:true, name=user_name_1
User: userbaen1, name=null
User: userbaen2, name=user_name_2
User 1==2:false, name=null

@ComponentScan 可使用的參數

  • basePackages

  • basePackageClasses

  • includeFilters

  • excludeFilters

  • lazyInit

includeFilters, excludeFilters 都需要有 @ComponentScan.Filter 定義

  • type: 選擇 filter type: ANNOTATION/ASSIGNABLE_TYPE/ASPECTJ/REGEX/CUSTOM

  • classes

  • pattern

ex:

@ComponentScan(basePackages = "com.test.ioc.*",
        excludeFilters = @ComponentScan.Filter(type= FilterType.ANNOTATION, classes = Service.class)
)
@ComponentScan(basePackages = {"com.test.ioc.*"})

@ComponentScan("com.test.ioc.*")

@ComponentScan(basePackageClasses = {"User.class"})

library bean

使用第三方函式庫的物件時,可透過 @Bean 產生 bean 放到 IoC container 管理

pom.xml 使用 mysql jdbc driver

        <dependency>
            <groupId>com.mysql</groupId>
            <artifactId>mysql-connector-j</artifactId>
        </dependency>

在剛剛的 AppConfig.java 加上 dataSource 定義

    // @Bean 產生物件,name為 名稱
    @Bean(name = "dataSource")
    public DataSource getDataSource() {
        var dataSource = new MysqlDataSource();
        try {
            dataSource.setUrl("jdbc:mysql://localhost:3306/testweb");
            dataSource.setUser("root");
            dataSource.setPassword("password");
        } catch (Exception e) {
            e.printStackTrace();
        }
        return dataSource;
    }

回到 IoCTest.java

    public static void main(String[] args) {
        var ctx = new AnnotationConfigApplicationContext(AppConfig.class);
        try {
            testDatasource( (DataSource)ctx.getBean("dataSource") );
        } finally {
            ctx.close();
        }
    }

    public static void testDatasource(DataSource ds) {
        System.out.println("testDatasource");
        try (Connection con = ds.getConnection();
             PreparedStatement ps = createPreparedStatement(con, 1);
             ResultSet rs = ps.executeQuery()) {
            // process the resultset here, all resources will be cleaned up
            while (rs.next()) {
                System.out.print("id:" + rs.getInt(1));
                System.out.print(",username:" + rs.getString(2));
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
    private static PreparedStatement createPreparedStatement(Connection con, int userId) throws SQLException {
        String sql = "SELECT id, username FROM user WHERE id = ?";
        PreparedStatement ps = con.prepareStatement(sql);
        ps.setInt(1, userId);
        return ps;
    }

執行結果

testDatasource
id:1,username:Lily

Dependency Injection

先定義 兩個 interface

Animal.java

package com.test.ioc.dependency.pojo;

public interface Animal {
    public void use();
}

Person.java

package com.test.ioc.dependency.pojo;

public interface Person {
    public void service();
    public void setAnimal(Animal animal);

}

AnimalDog.java implements Animal

package com.test.ioc.dependency.pojo.impl;

import com.test.ioc.dependency.pojo.Animal;
import org.springframework.stereotype.Component;

@Component
public class AnimalDog implements Animal {

    @Override
    public void use() {
        System.out.println("Dog " + AnimalDog.class.getSimpleName() + " for help.");
    }
}

PersonSales.java

使用 @Autowired 自動綁定一個 animal 物件

package com.test.ioc.dependency.pojo.impl;

import com.test.ioc.dependency.pojo.Animal;
import com.test.ioc.dependency.pojo.Person;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class PersonSales implements Person {
    @Autowired
    private Animal animal = null;

    @Override
    public void service() {
        this.animal.use();
    }

    @Override
    public void setAnimal(Animal animal) {
        this.animal = animal;
    }
}

AppConfig2.java

package com.test.ioc.dependency;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;

@Configuration
@ComponentScan(basePackages = "com.test.ioc.dependency.*")
public class AppConfig2 {
}

IoCTest2.java

package com.test.ioc.dependency;

import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import com.test.ioc.dependency.pojo.impl.PersonSales;

public class IoCTest2 {

    public static void main(String[] args) {
        var ctx = new AnnotationConfigApplicationContext(AppConfig2.class);
        try {
            var person = ctx.getBean(PersonSales.class);
            person.service();
        } finally {
            ctx.close();
        }
    }

}

執行結果

Dog AnimalDog for help.

如果再增加一個 AnimalCat

package com.test.ioc.dependency.pojo.impl;

import com.test.ioc.dependency.pojo.Animal;
import org.springframework.stereotype.Component;

@Component
public class AnimalCat implements Animal {
    @Override
    public void use() {
        System.out.println("Cat " + AnimalCat.class.getSimpleName() + " for rats");
    }
}

執行後會發生 Exception

Exception in thread "main" org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'personSales':
Unsatisfied dependency expressed through field 'animal':
No qualifying bean of type 'com.test.ioc.dependency.pojo.Animal' available:
expected single matching bean but found 2: animalCat,animalDog

因為在 @AutoWired 時,只使用了 animal 屬性,但 container 不確定要使用 Cat 還是 Dog

如果將 animal 改成 animalDog,就很明確。因為 @Autowired 會先根據類別產生 bean,然後再根據屬性名稱匹配。

@Component
public class PersonSales implements Person {
    @Autowired
    private Animal animalDog = null;

    @Override
    public void service() {
        this.animalDog.use();
    }

    @Override
    public void setAnimal(Animal animal) {
        this.animalDog = animal;
    }
}

@Autowired 也可以寫在 method 上面

    @Override
    @Autowired
    public void setAnimal(Animal animal) {
        this.animal = animal;
    }

@Primary@Qualifier

在 AnimalCat 加上 @Primary 就看可以確定先使用這個類別

@Component
@Primary
public class AnimalCat implements Animal {
    @Override
    public void use() {
        System.out.println("Cat " + AnimalCat.class.getSimpleName() + " for rats");
    }
}

但如果又在 AnimalDog 加上 @Primary,還是會發生問題。

所以應該在使用 bean 的地方,用 @Qualifier 限制應該要用哪一個 bean

    @Override
    @Autowired
    @Qualifier("animalDog")
    public void setAnimal(Animal animal) {
        this.animal = animal;
    }

在 class constructor 的參數,也可使用 @Autowired

@Component
public class PersonSales implements Person {

    private Animal animal = null;

    public PersonSales(@Autowired @Qualifier("animalDog") Animal animal) {
        this.animal = animal;
    }

    @Override
    public void service() {
        this.animal.use();
    }

    @Override
//    @Autowired
//    @Qualifier("animalDog")
    public void setAnimal(Animal animal) {
        this.animal = animal;
    }
}

Bean 的生命週期

bean 的初始化流程

flowchart TB
    A["資源定位\n使用 @ComponentScan"] --> B["Bean 的定義\n存到 BeanDefinition"]
    B --> C["發布 bean 的定義\nIoC Container 載入定義"]
    C --> D["實例化\n產生 bean object"]
    D --> E["DI\n使用 @Autowired 注入資源"]

@ComponentScan 裡面有個 lazyInit 參數,預設為 false,預設不會延遲 bean 初始化,而是在 getBean 時,才會初始化

修改 AppConfig2.java 加上 lazyInit = true

@Configuration
@ComponentScan(basePackages = "com.test.ioc.dependency.*", lazyInit = true)
public class AppConfig2 {
}

Spring 在完成 DI 以後,會依照此流程管理 bean 的 life cycle

flowchart TB
A["初始化"] --> B["DI"]
B --> C["setBeanName()\n介面 BeanNameAware"]
C --> D["setBeanFactory()\n介面 BeanFactoryAware"]
D --> E["setAppicationContext()\n介面 ApplicationContextAware\n容器要實作ApplicationContext才會被呼叫"]
E --> F["postProcessBeforeInitialization()\n BeanPostProcessor method"]
F --> G["自訂初始化 method\n@PostConstruct method"]
G --> H["afterPropertiesSet()\n介面 InitializingBean"]
H --> I["postProcessAfterInitialization()\nBeanPostProcessor method"]
I --> J["bean 的使用期間"]
J --> K["自訂銷毀 method\n@PreDestory method"]
K --> L["destory method\n介面 DisposableBean"]

IoC container 基本是需要實作 BeanFactory 介面,不一定要實作 ApplicationContext

修改 PersonBussiness.java

package com.test.ioc.dependency.pojo.impl;

import com.test.ioc.dependency.pojo.Animal;
import com.test.ioc.dependency.pojo.Person;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;

@Component
public class PersonBussiness implements Person, BeanNameAware, BeanFactoryAware, ApplicationContextAware, InitializingBean, DisposableBean {

    private Animal animal = null;

    @Override
    public void service() {
        this.animal.use();
    }

    @Override
    @Autowired
    @Qualifier("animalDog")
    public void setAnimal(Animal animal) {
        System.out.println("lazyInit");
        this.animal = animal;
    }

    @Override
    public void setBeanName(String beanName) {
        System.out.println("【" + this.getClass().getSimpleName() + "】invoke BeanNameAware.setBeanName");
    }

    @Override
    public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
        System.out.println("【" + this.getClass().getSimpleName() + "】invoke BeanFactoryAware.setBeanFactory");
    }

    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        System.out.println("【" + this.getClass().getSimpleName() + "】invoke ApplicationContextAware.setApplicationContext");

    }

    @Override
    public void afterPropertiesSet() throws Exception {
        System.out.println("【" + this.getClass().getSimpleName() + "】invoke InitializingBean.afterPropertiesSet");
    }

    @PostConstruct
    public void init() {
        System.out.println("【" + this.getClass().getSimpleName() + "】@PostConstruct 定義的自訂初始化方法");
    }

    @PreDestroy
    public void destroy1() {
        System.out.println("【" + this.getClass().getSimpleName() + "】@PreDestroy 定義的自訂銷毀方法");
    }

    @Override
    public void destroy() throws Exception {
        System.out.println("【" + this.getClass().getSimpleName() + "】 DisposableBean");
    }
}

IoCTest2.java

public class IoCTest2 {

    public static void main(String[] args) {
        var ctx = new AnnotationConfigApplicationContext(AppConfig2.class);
        try {
            var person = ctx.getBean(PersonBussiness.class);
            person.service();
        } finally {
            ctx.close();
        }
    }

}

執行結果

lazyInit
【PersonBussiness】invoke BeanNameAware.setBeanName
【PersonBussiness】invoke BeanFactoryAware.setBeanFactory
【PersonBussiness】invoke ApplicationContextAware.setApplicationContext
【PersonBussiness】@PostConstruct 定義的自訂初始化方法
【PersonBussiness】invoke InitializingBean.afterPropertiesSet
Dog AnimalDog for help.
【PersonBussiness】@PreDestroy 定義的自訂銷毀方法
【PersonBussiness】 DisposableBean

增加 BeanPostProcessorExample.java

package com.test.ioc.dependency.life;

import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.stereotype.Component;

@Component
public class BeanPostProcessorExample implements BeanPostProcessor {

    @Override
    public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
        System.out.println("BeanPostProcessor invoke " + "postProcessBeforeInitialization method  參數【" + bean.getClass().getSimpleName() + "】【" + beanName + "】 ");
        return bean;
    }

    @Override
    public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
        System.out.println("BeanPostProcessor invoke " + "postProcessAfterInitialization method  參數【" + bean.getClass().getSimpleName() + "】【" + beanName + "】 ");
        return bean;
    }
}

執行結果

BeanPostProcessor invoke postProcessBeforeInitialization method  參數【AppConfig2$$SpringCGLIB$$0】【appConfig2】 
BeanPostProcessor invoke postProcessAfterInitialization method  參數【AppConfig2$$SpringCGLIB$$0】【appConfig2】 
BeanPostProcessor invoke postProcessBeforeInitialization method  參數【AnimalDog】【animalDog】 
BeanPostProcessor invoke postProcessAfterInitialization method  參數【AnimalDog】【animalDog】 
lazyInit
【PersonBussiness】invoke BeanNameAware.setBeanName
【PersonBussiness】invoke BeanFactoryAware.setBeanFactory
【PersonBussiness】invoke ApplicationContextAware.setApplicationContext
BeanPostProcessor invoke postProcessBeforeInitialization method  參數【PersonBussiness】【personBussiness】 
【PersonBussiness】@PostConstruct 定義的自訂初始化方法
【PersonBussiness】invoke InitializingBean.afterPropertiesSet
BeanPostProcessor invoke postProcessAfterInitialization method  參數【PersonBussiness】【personBussiness】 
Dog AnimalDog for help.
【PersonBussiness】@PreDestroy 定義的自訂銷毀方法
【PersonBussiness】 DisposableBean

Properties file

spring boot 通常使用一個 application.properties 檔案處理設定

先在 pom.xml 加上 spring-boot-configuration-processor,就可以直接使用

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-configuration-processor</artifactId>
  <optional>true</optional>
</dependency>

用 SpEL 語法,可參考到 database.properties 設定

DataBaseProperties.java

package com.test.ioc.prop.props;

import lombok.Data;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
@Data
public class DataBaseProperties {
    @Value("${database.driverName}")
    private String driverName = null;
    @Value("${database.url}")
    private String url = null;
    @Value("${database.username}")
    private String username = null;
    @Value("${database.password}")
    private String password = null;

}

也可以直接用 @ConfigurationProperties("database")

package com.test.ioc.prop.props;

import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

@Component
@ConfigurationProperties("database")
@Data
public class DataBaseProperties2 {
    private String driverName = null;
    private String url = null;
    private String username = null;
    private String password = null;

}

IoCTest3.java

package com.test.ioc.prop;

import com.test.ioc.prop.props.DataBaseProperties;
import com.test.ioc.prop.props.DataBaseProperties2;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

public class IoCTest3 {

    public static void main(String[] args) {
        var ctx = new AnnotationConfigApplicationContext(AppConfig3.class);
        try {
            var prop1 = ctx.getBean(DataBaseProperties.class);
            System.out.println("prop1 url="+prop1.getUrl());
            var prop2 = ctx.getBean(DataBaseProperties2.class);
            System.out.println("prop2 url="+prop2.getUrl());
        } finally {
            ctx.close();
        }
    }

}

執行結果

prop1 url=jdbc:mysql://localhost:3306/testweb
prop2 url=jdbc:mysql://localhost:3306/testweb

@Conditional

有時候會遇到缺少一些參數,讓 bean 無法初始化,可透過 @Conditional 限制 bean 的條件

DatabaseConditional.java

package com.test.ioc.prop.conditional;

import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.core.type.AnnotatedTypeMetadata;

public class DatabaseConditional implements Condition {

    /**
     * data source condition
     * @param context
     * @param metadata
     * @return true -> init bean
     */
    @Override
    public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
        // 取得 env
        var env = context.getEnvironment();
        // 判断 .properties 內容,是否有相關參數
        return env.containsProperty("database.url")
                && env.containsProperty("database.username")
                && env.containsProperty("database.password");
    }
}

PropApplication.java

@SpringBootApplication(scanBasePackages = "com.test.ioc.prop")
@PropertySource(value = "classpath:jdbc.properties", ignoreResourceNotFound = true)
@EnableConfigurationProperties
public class PropApplication {

    public static void main(String[] args) {
        SpringApplication.run(PropApplication.class, args);
    }

    @Bean(name = "dataSource2")
    // 透過 DatabaseConditional 限制 bean 的條件
    @Conditional(DatabaseConditional.class)
    public DataSource getDataSource(
            @Value("${database.url}") String url,
            @Value("${database.username}") String username,
            @Value("${database.password}") String password
    ) {
        System.out.println("init datasource");
        var dataSource = new MysqlDataSource();
        dataSource.setUrl(url);
        dataSource.setUser(username);
        dataSource.setPassword(password);
        return dataSource;
    }
}

如果 database.properties 缺少了一些參數,也不會讓 PropApplication 無法啟動


Bean Scope

一般來說,bean 有 singleton, prototype 兩種,在 Jakarta EE 的 web container 裡面,還增加了 page, reqeust, session, application 四種 scope

page scope 作用範圍是 JSP,Spring 沒有支援

scope 使用範圍 desc
singleton spring application 預設值
prototype spring application 從 IoC container 取得一個 bean 都是產生新的
session spring web application HTTP session
application spring web application web application life cycle
request spring web application web application http request
globalSession spring web application global http session,一個 bean 對應一個 object,不常使用

ScopBean.java

package com.test.ioc.scope;

import org.springframework.beans.factory.config.ConfigurableBeanFactory;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;

@Component
@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
public class ScopeBean {
}

@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE) 是定義為 prototype

如果是 spring web application 還可以使用

  • WebApplicationContext.SCOPE_REQUEST

  • WebApplicationContext.SCOPE_SESSION

  • WebApplicationContext.SCOPE_APPLICATION


@Profile

專案開發時,可能會有開發、測試、正式測試、正式環境這些不同的運作環境,不同的環境有不同的設定。

假設有 dev, test 兩種資料庫,可使用 @Profile 切換

ScopeApplication.java

package com.test.ioc.scope;

import com.mysql.cj.jdbc.MysqlDataSource;
import com.test.ioc.prop.conditional.DatabaseConditional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Profile;
import org.springframework.context.annotation.PropertySource;

import javax.sql.DataSource;

@SpringBootApplication(scanBasePackages = "com.test.ioc.scope")
@PropertySource(value = "classpath:jdbc.properties", ignoreResourceNotFound = true)
@EnableConfigurationProperties
public class ScopeApplication {
    public static void main(String[] args) {
        SpringApplication.run(ScopeApplication.class, args);
    }

    @Bean(name = "dataSource")
    @Profile("dev")
    public DataSource getDevDataSource() {
        System.out.println("getDevDataSource");
        var dataSource = new MysqlDataSource();
        dataSource.setUrl("jdbc:mysql://localhost:3306/dev_testweb");
        dataSource.setUser("root");
        dataSource.setPassword("password");
        return dataSource;
    }

    @Bean(name = "dataSource")
    @Profile("test")
    public DataSource getTestDataSource() {
        System.out.println("getTestDataSource");
        var dataSource = new MysqlDataSource();
        dataSource.setUrl("jdbc:mysql://localhost:3306/test_testweb");
        dataSource.setUser("root");
        dataSource.setPassword("password");
        return dataSource;
    }

}

在啟動時切換

JAVA_OPTS="-Dspring.profiles.active=dev"

spring 會自動使用 application-{profile}.properties


SpEL

讀取 properties 的值

@Value("${database.driverName}")
String driver;

記錄 bean 的初始化時間

@Value("#{T(System).currentTimeMillis()}")
private Long initTime = null;

直接設定屬性

    @Value("#{'teststring'}")
    private String str=null;

    @Value("#{3.1E2}")
    private double d;

    @Value("#{3.14}")
    private double e;

取得其他 bean 的屬性

?. 是 null 判斷

    @Value("#{bean2.str}")
    private String otherStr=null;

    @Value("#{bean2.str?.toUpperCase()}")
    private String otherStrUpperCase=null;

運算

@Value("#{1+2}")
private int run;

// 浮點數比較運算
@Value("#{beanName.pi == 3.14f}")
private boolean piFlag;

// 字串比較運算
@Value("#{beanName.str eq 'Spring Boot'}")
private boolean strFlag;

// 字串連接
@Value("#{beanName.str + ' 連接字串'}")
private String strApp = null;

// 三元運算
@Value("#{beanName.d > 1000 ? '大於' : '小於'}")
private String resultDesc = null;

2026/6/22

密碼 hash 演算法比較

比較密碼加密演算法

演算法 可調整參數 記憶體強度 抗 GPU/ASIC 密碼儲存
UnixCrypt 不適合
MD5 不適合
PBKDF2 iterations 一般安全性
bcrypt cost factor 部分 一般網站,推薦使用
scrypt N, r, p 高安全性,錢包,加密金鑰
Argon2 time, mem, parallelism 最高 最高安全性,密碼系統

java profiler

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.maxkit.test</groupId>
    <artifactId>test</artifactId>
    <version>1.0</version>

    <properties>
        <maven.compiler.source>17</maven.compiler.source>
        <maven.compiler.target>17</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.mindrot</groupId>
            <artifactId>jbcrypt</artifactId>
            <version>0.4</version>
        </dependency>

        <dependency>
            <groupId>at.favre.lib</groupId>
            <artifactId>bcrypt</artifactId>
            <version>0.10.2</version>
        </dependency>

        <!-- scrypt, Argon2 -->
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk18on</artifactId>
            <version>1.82</version>
        </dependency>
    </dependencies>
</project>
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.generators.SCrypt;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.mindrot.jbcrypt.BCrypt;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;

public class PasswordHashBenchmarkWithVerify {
    private static final String PASSWORD = "MyPassword123!";
    private static final SecureRandom RANDOM = new SecureRandom();

    public static void main(String[] args) throws Exception {
        System.out.println("=== Hash + Verify Benchmark ===");
        System.out.println("Password: " + PASSWORD + "\n");

        // 先做一次 warm-up (JVM/JIT)
        warmUp();

        System.out.println("---- PBKDF2 (HmacSHA256) ----");
        pbkdf2HashAndVerify();

        System.out.println("---- bcrypt (jBCrypt) ----");
        bcryptHashAndVerify();

        System.out.println("---- scrypt (BouncyCastle) ----");
        scryptHashAndVerify();

        System.out.println("---- Argon2id (BouncyCastle) ----");
        argon2HashAndVerify();
    }

    private static void warmUp() {
        // 簡單 warmup 幾次,讓 JIT 編譯熱起來
        for (int i = 0; i < 3; i++) {
            try {
                pbkdf2Once();
                bcryptOnce();
                scryptOnce();
                argon2Once();
            } catch (Exception ignored) {}
        }
    }

    // ---------- PBKDF2 ----------
    private static void pbkdf2HashAndVerify() throws Exception {
        byte[] salt = new byte[16];
        RANDOM.nextBytes(salt);
        int iterations = 65536;
        int keyLen = 256; // bits

        long t0 = System.nanoTime();
        PBEKeySpec spec = new PBEKeySpec(PASSWORD.toCharArray(), salt, iterations, keyLen);
        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        byte[] hash = skf.generateSecret(spec).getEncoded();
        long t1 = System.nanoTime();

        String stored = String.format("PBKDF2$%d$%s$%s",
                iterations,
                Base64.getEncoder().encodeToString(salt),
                Base64.getEncoder().encodeToString(hash));

        System.out.println("Stored: " + stored);
        System.out.println("Hash time: " + ((t1 - t0) / 1_000_000) + " ms");

        // verify
        long v0 = System.nanoTime();
        boolean ok = verifyPBKDF2(PASSWORD, stored);
        long v1 = System.nanoTime();
        System.out.println("Verify: " + ok + " (time: " + ((v1 - v0) / 1_000_000) + " ms)\n");
    }

    private static boolean verifyPBKDF2(String password, String stored) throws Exception {
        // stored format: PBKDF2$iterations$base64salt$base64hash
        String[] parts = stored.split("\\$");
        int iterations = Integer.parseInt(parts[1]);
        byte[] salt = Base64.getDecoder().decode(parts[2]);
        byte[] expected = Base64.getDecoder().decode(parts[3]);

        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, expected.length * 8);
        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        byte[] computed = skf.generateSecret(spec).getEncoded();

        return MessageDigest.isEqual(computed, expected);
    }

    private static void pbkdf2Once() throws Exception {
        byte[] salt = new byte[8];
        RANDOM.nextBytes(salt);
        PBEKeySpec spec = new PBEKeySpec(PASSWORD.toCharArray(), salt, 1000, 128);
        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        skf.generateSecret(spec).getEncoded();
    }

    // ---------- bcrypt ----------
    private static void bcryptHashAndVerify() {
        int cost = 12; // cost factor
        long t0 = System.nanoTime();
        String hash = BCrypt.hashpw(PASSWORD, BCrypt.gensalt(cost));
        long t1 = System.nanoTime();

        System.out.println("Stored: " + hash);
        System.out.println("Hash time: " + ((t1 - t0) / 1_000_000) + " ms");

        long v0 = System.nanoTime();
        boolean ok = BCrypt.checkpw(PASSWORD, hash);
        long v1 = System.nanoTime();
        System.out.println("Verify: " + ok + " (time: " + ((v1 - v0) / 1_000_000) + " ms)\n");
    }

    private static void bcryptOnce() {
        BCrypt.hashpw(PASSWORD, BCrypt.gensalt(8));
    }

    // ---------- scrypt ----------
    private static void scryptHashAndVerify() {
        byte[] salt = new byte[16];
        RANDOM.nextBytes(salt);
        int N = 16384; // CPU/memory cost (2^14)
        int r = 8;
        int p = 1;
        int keyLen = 32;

        long t0 = System.nanoTime();
        byte[] derived = SCrypt.generate(PASSWORD.getBytes(StandardCharsets.UTF_8), salt, N, r, p, keyLen);
        long t1 = System.nanoTime();

        String stored = String.format("scrypt$%d$%d$%d$%s$%s",
                N, r, p,
                Base64.getEncoder().encodeToString(salt),
                Base64.getEncoder().encodeToString(derived));

        System.out.println("Stored: " + stored);
        System.out.println("Hash time: " + ((t1 - t0) / 1_000_000) + " ms");

        long v0 = System.nanoTime();
        boolean ok = verifyScrypt(PASSWORD, stored);
        long v1 = System.nanoTime();
        System.out.println("Verify: " + ok + " (time: " + ((v1 - v0) / 1_000_000) + " ms)\n");
    }

    private static boolean verifyScrypt(String password, String stored) {
        // stored format: scrypt$N$r$p$base64salt$base64hash
        String[] parts = stored.split("\\$");
        int N = Integer.parseInt(parts[1]);
        int r = Integer.parseInt(parts[2]);
        int p = Integer.parseInt(parts[3]);
        byte[] salt = Base64.getDecoder().decode(parts[4]);
        byte[] expected = Base64.getDecoder().decode(parts[5]);

        byte[] computed = SCrypt.generate(password.getBytes(StandardCharsets.UTF_8), salt, N, r, p, expected.length);
        return MessageDigest.isEqual(computed, expected);
    }

    private static void scryptOnce() {
        byte[] salt = new byte[8];
        RANDOM.nextBytes(salt);
        SCrypt.generate(PASSWORD.getBytes(StandardCharsets.UTF_8), salt, 1024, 8, 1, 16);
    }

    // ---------- Argon2id ----------
    private static void argon2HashAndVerify() {
        byte[] salt = new byte[16];
        RANDOM.nextBytes(salt);
        int iterations = 3;
        int memoryKB = 64 * 1024; // 64 MB represented as KB here
        int parallelism = 1;
        int hashLen = 32;

        Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)
                .withSalt(salt)
                .withParallelism(parallelism)
                .withMemoryAsKB(memoryKB)
                .withIterations(iterations)
                .build();

        Argon2BytesGenerator gen = new Argon2BytesGenerator();

        long t0 = System.nanoTime();
        gen.init(params);
        byte[] hash = new byte[hashLen];
        gen.generateBytes(PASSWORD.getBytes(StandardCharsets.UTF_8), hash);
        long t1 = System.nanoTime();

        String stored = String.format("argon2id$%d$%d$%d$%s$%s",
                iterations, memoryKB, parallelism,
                Base64.getEncoder().encodeToString(salt),
                Base64.getEncoder().encodeToString(hash));

        System.out.println("Stored: " + stored);
        System.out.println("Hash time: " + ((t1 - t0) / 1_000_000) + " ms");

        long v0 = System.nanoTime();
        boolean ok = verifyArgon2(PASSWORD, stored);
        long v1 = System.nanoTime();
        System.out.println("Verify: " + ok + " (time: " + ((v1 - v0) / 1_000_000) + " ms)\n");
    }

    private static boolean verifyArgon2(String password, String stored) {
        // stored format: argon2id$iterations$memoryKB$parallelism$base64salt$base64hash
        String[] parts = stored.split("\\$");
        int iterations = Integer.parseInt(parts[1]);
        int memoryKB = Integer.parseInt(parts[2]);
        int parallelism = Integer.parseInt(parts[3]);
        byte[] salt = Base64.getDecoder().decode(parts[4]);
        byte[] expected = Base64.getDecoder().decode(parts[5]);

        Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)
                .withSalt(salt)
                .withParallelism(parallelism)
                .withMemoryAsKB(memoryKB)
                .withIterations(iterations)
                .build();

        Argon2BytesGenerator gen = new Argon2BytesGenerator();
        gen.init(params);
        byte[] computed = new byte[expected.length];
        gen.generateBytes(password.getBytes(StandardCharsets.UTF_8), computed);

        return MessageDigest.isEqual(computed, expected);
    }

    private static void argon2Once() {
        byte[] salt = new byte[8];
        RANDOM.nextBytes(salt);
        Argon2Parameters params = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)
                .withSalt(salt)
                .withParallelism(1)
                .withMemoryAsKB(32)
                .withIterations(1)
                .build();
        Argon2BytesGenerator gen = new Argon2BytesGenerator();
        gen.init(params);
        byte[] out = new byte[16];
        gen.generateBytes(PASSWORD.getBytes(StandardCharsets.UTF_8), out);
    }
}

執行結果

=== Hash + Verify Benchmark ===
Password: MyPassword123!

---- PBKDF2 (HmacSHA256) ----
Stored: PBKDF2$65536$uBq2UzPm/rU5/5QOOHgWwA==$0Ri1XVl8++OB5Pz7pXAXEAJ32M8i8degzp6PZPnyd5o=
Hash time: 61 ms
Verify: true (time: 52 ms)

---- bcrypt (jBCrypt) ----
Stored: $2a$12$FjXjsIfL7MQ8zz8oyNfx.O6sBoSkhG6hcMK/brtWvfFOlfFx0WD/a
Hash time: 215 ms
Verify: true (time: 213 ms)

---- scrypt (BouncyCastle) ----
Stored: scrypt$16384$8$1$C6G1/j3+24iT7CHfW8/Ifg==$HC7JX3pdmDTKk2tCMUdTQ/ezgyey/hLx2ZCAoePzdHs=
Hash time: 22 ms
Verify: true (time: 25 ms)

---- Argon2id (BouncyCastle) ----
Stored: argon2id$3$65536$1$6HpyoNfAlJQ32cFAmflEHQ==$vZ+hNK/DnNpj1Urbj0W76zT2nvm0qDV14HFMbW9O9J0=
Hash time: 136 ms
Verify: true (time: 133 ms)

2026/6/15

Argon2

Argon2 是一種密碼雜湊 (password hashing) 演算法,也是 2015 年密碼雜湊競賽(PHC, Password Hashing Competition) 的獲勝者。它被設計來安全地儲存密碼,抵抗暴力破解和 GPU / ASIC 攻擊。

特性

  1. Memory-hard:需要大量記憶體計算,增加硬體破解成本。

  2. Time-cost adjustable:可設定運算次數(iterations),增加雜湊延遲。

  3. Parallelism:支援多執行緒並行計算。

  4. 三種變體

    • Argon2d:可抵抗 GPU 破解,記憶體存取取決於輸入密碼,但對側信道攻擊 side‑channel attack 敏感。

    • Argon2i:可抵抗側信道攻擊,使用固定存取模式,但稍慢。

    • Argon2id:混合模式,推薦用於大多數應用(兼顧 GPU 攻擊與側信道安全)。

側信道攻擊 side‑channel attack

側信道攻擊不是直接破解演算法數學弱點,而是利用系統在執行時「洩漏的額外資訊」來恢復密碼、金鑰。這些洩漏資訊稱為「側信道」,常見類型有:

  • 時間(Timing):根據運算花費時間推斷內部邏輯或資料(例如不同輸入導致不同記憶體存取時間)。

  • 快取/記憶體訪問模式(Cache / Memory access):透過觀察 CPU cache 命中/未命中或記憶體訪問順序推測密碼相關資料。

  • 電力(Power analysis):量測設備耗電曲線(特別在智慧卡、嵌入式裝置)來推斷內部運算。

  • 電磁輻射(EM):接收設備發出的電磁洩漏訊號。

  • 分支/投機執行漏洞(Spectre/Speculative exec):利用微架構行為取得不該看到的記憶體內容。

  • I/O 或錯誤回應差異:例如錯誤訊息長短或序列差異可洩漏資訊。

側信道攻擊常見條件:攻擊者和目標在同一台機器或共用硬體資源(例如 cloud 共宿主、虛擬機、瀏覽器 JS 高解析計時)或在物理近距離(電力/EM)時更容易成功。遠端網路時延雜訊大,攻擊難度上升但並非不可能(需大量樣本與高解析度計時)。

若攻擊者只有透過網路遠端(無共用硬體且無高解析計時),側信道攻擊較難。

三種變體

在記憶體存取模式上不同

  • Argon2d

    • 記憶體存取依賴輸入(data‑dependent)

    • 優點:對 GPU / ASIC 破解更抗(memory‑hard),但容易洩漏記憶體訪問模式,因此對於有本地或共宿主攻擊者(能觀察 cache/access pattern)的系統 較不安全

  • Argon2i

    • 記憶體存取獨立於輸入(data‑independent),以固定/預定方式存取記憶體。

    • 優點:較能抵抗側信道攻擊(尤其是記憶體訪問/快取型);缺點:通常較慢,對某些攻擊(GPU 的大量平行 brute force)耐性較弱。

  • Argon2id

    • 混合模式:先用 Argon2i 的 data‑independent pass 再用 Argon2d 的 data‑dependent pass(或類似組合)。

    • 建議:大多數情況使用 Argon2id —— 在兼顧側信道與 GPU 抗性間取得平衡,是常見推薦選擇。

java example

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk18on</artifactId>
            <version>1.82</version>
        </dependency>

Argon2BouncyCastleExample.java

import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;

import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Arrays;

public class Argon2BouncyCastleExample {

    // 產生隨機 salt
    private static byte[] generateSalt(int length) {
        byte[] salt = new byte[length];
        new SecureRandom().nextBytes(salt);
        return salt;
    }

    // 將密碼 hash
    public static String hashPassword(String password, byte[] salt) {
        // 設定參數
        Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id)
                .withSalt(salt)
                .withIterations(3)       // 運算次數
                .withMemoryAsKB(65536)   // 記憶體使用量 KB (64 MB)
                .withParallelism(2);     // 併行線程數

        Argon2BytesGenerator generator = new Argon2BytesGenerator();
        generator.init(builder.build());

        byte[] hash = new byte[32]; // 32 bytes hash
        generator.generateBytes(password.toCharArray(), hash, 0, hash.length);

        // 回傳 base64 編碼
        return Base64.getEncoder().encodeToString(hash);
    }

    // 驗證密碼
    public static boolean verifyPassword(String password, String expectedHashBase64, byte[] salt) {
        String hashToCheck = hashPassword(password, salt);
        return Arrays.equals(Base64.getDecoder().decode(hashToCheck), Base64.getDecoder().decode(expectedHashBase64));
    }

    public static void main(String[] args) {
        String password = "MyPassword123!";
        byte[] salt = generateSalt(16); // 16 bytes salt

        // hash
        String hash = hashPassword(password, salt);
        System.out.println("Salt (Base64): " + Base64.getEncoder().encodeToString(salt));
        System.out.println("Hash (Base64): " + hash);

        // 驗證
        boolean ok = verifyPassword(password, hash, salt);
        System.out.println("Password verified: " + ok);

        // 測試錯誤密碼
        boolean fail = verifyPassword("wrongPassword", hash, salt);
        System.out.println("Wrong password verified: " + fail);
    }
}

執行結果

Salt (Base64): Uivew8iBmhiZaz7Wv2nSDw==
Hash (Base64): Ldm2DksAcnhUIHyJ4v4uzJJwLd5A2YIhTMn3277/tDU=
Password verified: true
Wrong password verified: false

References

Argon2 - 維基百科,自由的百科全書