I'm using Liferay CE Portal 7.1.1 GA2 with MySQL CE and want to add encryption to some user data. MySQL only offers TDE for the Enterprise Edition, so I want to use column-level encryption instead.
With Hibernate I'd use the @ColumnTransformer annotation. Is there a way, in Liferay CE 7.1.1 GA2, to change the entity to do it automatically?
I'd rather not do it on the Java-side, but if there's a hook mechanism or something similar that I can use, it would be great to know.
There's nothing that I know of that does automatic and transparent encryption. You can manually implement a ModelListener to encapsulate the required implementation.
Under the hood, ServiceBuilder utilizes Hibernate, but I'm not aware of any support of @ColumnTransformer. Especially when it should survive another run of the code generator. However, you might want to look at the generated code on the persistence layer and just try it. Remember that there are plenty of future runs of the code generatur, so that you not only should test if you can insert the annotation, but you should also see if it survives the next generator run.
As yet another - but hard to maintain - option, you might want to look into ServiceBuilder's templates. I'd refrain from large-scale changes there, but if the change is minimal, there might be a point in making this change. In that case I'd recommend that you interact with Liferay (on the Liferay forums and issuetracker) to try getting it into the next version of ServiceBuilder.