- 1.SQL数据脱敏实现
- 2.JAVA数据脱敏实现
- 3.mybatis-mate-sensitive-jackson
1.SQL数据脱敏实现
MYSQL(电话号码,身份证)数据脱敏的实现
-- CONCAT()、LEFT()和RIGHT()字符串函数组合使用,请看下面具体实现 -- CONCAT(str1,str2,…):返回结果为连接参数产生的字符串 -- LEFT(str,len):返回从字符串str 开始的len 最左字符 -- RIGHT(str,len):从字符串str 开始,返回最右len 字符 -- 电话号码脱敏sql: SELECT mobilePhone AS 脱敏前电话号码,CONCAT(LEFT(mobilePhone,3), '********' ) AS 脱敏后电话号码 FROM t_s_user -- 身份证号码脱敏sql: SELECT idcard AS 未脱敏身份证, CONCAT(LEFT(idcard,3), '****' ,RIGHT(idcard,4)) AS 脱敏后身份证号 FROM t_s_user
基于 Spring Boot + MyBatis Plus + Vue & Element 实现的后台管理系统 + 用户小程序,支持 RBAC 动态权限、多租户、数据权限、工作流、三方登录、支付、短信、商城等功能。
2.JAVA数据脱敏实现
可参考:海强 / sensitive-plus
数据脱敏插件,目前支持地址脱敏、银行卡号脱敏、中文姓名脱敏、固话脱敏、身份证号脱敏、手机号脱敏、密码脱敏 一个是正则脱敏、另外一个根据显示长度脱敏,默认是正则脱敏,可以根据自己的需要配置自己的规则。
基于微服务的思想,构建在 B2C 电商场景下的项目实战。核心技术栈,是 Spring Boot + Dubbo 。未来,会重构成 Spring Cloud Alibaba 。
3.mybatis-mate-sensitive-jackson
mybatisplus 的新作,可以测试使用,生产需要收费。
根据定义的策略类型,对数据进行脱敏,当然策略可以自定义。
# 目前已有 package mybatis.mate.strategy; public interface SensitiveType { String chineseName = "chineseName"; String idCard = "idCard"; String phone = "phone"; String mobile = "mobile"; String address = "address"; String email = "email"; String bankCard = "bankCard"; String password = "password"; String carNumber = "carNumber"; }
Demo 代码目录
1、pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <groupId>com.baomidou</groupId> <artifactId>mybatis-mate-examples</artifactId> <version>0.0.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>mybatis-mate-sensitive-jackson</artifactId> <dependencies> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> </dependencies> </project>
2、appliation.yml
# DataSource Config spring: datasource: # driver-class-name: org.h2.Driver # schema: classpath:db/schema-h2.sql # data: classpath:db/data-h2.sql # url: jdbc:h2:mem:test # username: root # password: test driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/mybatis_mate?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC username: root password: 123456 # Mybatis Mate 配置 mybatis-mate: cert: # 请添加微信wx153666购买授权,不白嫖从我做起! 测试证书会失效,请勿正式环境使用 grant: thisIsTestLicense license: as/bsBaSVrsA9FfjC/N77ruEt2/QZDrW+MHETNuEuZBra5mlaXZU+DE1ZvF8UjzlLCpH3TFVH3WPV+Ya7Ugiz1Rx4wSh/FK6Ug9lhos7rnsNaRB/+mR30aXqtlLt4dAmLAOCT56r9mikW+t1DDJY8TVhERWMjEipbqGO9oe1fqYCegCEX8tVCpToKr5J1g1V86mNsNnEGXujnLlEw9jBTrGxAyQroD7Ns1Dhwz1K4Y188mvmRQp9t7OYrpgsC7N9CXq1s1c2GtvfItHArkqHE4oDrhaPjpbMjFWLI5/XqZDtW3D+AVcH7pTcYZn6vzFfDZEmfDFV5fQlT3Rc+GENEg== # Logger Config logging: level: mybatis.mate: debug
3、Appliation启动类
package mybatis.mate.sensitive.jackson; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class SensitiveJacksonApplication { // 测试访问 http://localhost:8080/info ,http://localhost:8080/list public static void main(String[] args) { SpringApplication.run(SensitiveJacksonApplication.class, args); } }
4、配置类,自定义脱敏策略
package mybatis.mate.sensitive.jackson.config; import mybatis.mate.databind.ISensitiveStrategy; import mybatis.mate.strategy.SensitiveStrategy; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class SensitiveStrategyConfig { /** * 注入脱敏策略 */ @Bean public ISensitiveStrategy sensitiveStrategy() { // 自定义 testStrategy 类型脱敏处理 return new SensitiveStrategy().addStrategy("testStrategy", t -> t + "***test***"); } }
5、业务类
User,注解标识脱敏字段,及选用脱敏策略
package mybatis.mate.sensitive.jackson.entity; import lombok.Getter; import lombok.Setter; import mybatis.mate.annotation.FieldSensitive; import mybatis.mate.sensitive.jackson.config.SensitiveStrategyConfig; import mybatis.mate.strategy.SensitiveType; @Getter @Setter public class User { private Long id; /** * 这里是一个自定义的策略 {@link SensitiveStrategyConfig} 初始化注入 */ @FieldSensitive("testStrategy") private String username; /** * 默认支持策略 {@link SensitiveType } */ @FieldSensitive(SensitiveType.mobile) private String mobile; @FieldSensitive(SensitiveType.email) private String email; }
UserController
package mybatis.mate.sensitive.jackson.controller; import mybatis.mate.databind.ISensitiveStrategy; import mybatis.mate.databind.RequestDataTransfer; import mybatis.mate.sensitive.jackson.entity.User; import mybatis.mate.sensitive.jackson.mapper.UserMapper; import mybatis.mate.strategy.SensitiveType; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import java.util.HashMap; import java.util.List; import java.util.Map; @RestController public class UserController { @Autowired private UserMapper userMapper; @Autowired private ISensitiveStrategy sensitiveStrategy; // 测试访问 http://localhost:8080/info @GetMapping("/info") public User info() { return userMapper.selectById(1L); } // 测试返回 map 访问 http://localhost:8080/map @GetMapping("/map") public Map<String, Object> map() { // 测试嵌套对象脱敏 Map<String, Object> userMap = new HashMap<>(); userMap.put("user", userMapper.selectById(1L)); userMap.put("test", 123); userMap.put("userMap", new HashMap<String, Object>() {{ put("user2", userMapper.selectById(2L)); put("test2", "hi china"); }}); // 手动调用策略脱敏 userMap.put("mobile", sensitiveStrategy.getStrategyFunctionMap() .get(SensitiveType.mobile).apply("15315388888")); return userMap; } // 测试访问 http://localhost:8080/list // 不脱敏 http://localhost:8080/list?skip=1 @GetMapping("/list") public List<User> list(HttpServletRequest request) { if ("1".equals(request.getParameter("skip"))) { // 跳过脱密处理 RequestDataTransfer.skipSensitive(); } return userMapper.selectList(null); } }
UserMapper
package mybatis.mate.sensitive.jackson.mapper; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import mybatis.mate.sensitive.jackson.entity.User; import org.apache.ibatis.annotations.Mapper; @Mapper public interface UserMapper extends BaseMapper<User> { }
6、测试
GET http://localhost:8080/list
[ { "id": 1, "username": "Jone***test***", "mobile": "153******81", "email": "t****@baomidou.com" }, { "id": 2, "username": "Jack***test***", "mobile": "153******82", "email": "t****@baomidou.com" }, { "id": 3, "username": "Tom***test***", "mobile": "153******83", "email": "t****@baomidou.com" } ]
GET http://localhost:8080/list?skip=1
[ { "id": 1, "username": "Jone", "mobile": "15315388881", "email": "test1@baomidou.com" }, { "id": 2, "username": "Jack", "mobile": "15315388882", "email": "test2@baomidou.com" }, { "id": 3, "username": "Tom", "mobile": "15315388883", "email": "test3@baomidou.com" } ]
