Java

1、SQL数据脱敏实现

MYSQL(电话号码,身份证)数据脱敏的实现

  1. -- CONCAT()、LEFT()和RIGHT()字符串函数组合使用,请看下面具体实现
  2. -- CONCAT(str1,str2,…):返回结果为连接参数产生的字符串
  3. -- LEFT(str,len):返回从字符串str 开始的len 最左字符
  4. -- RIGHT(str,len):从字符串str 开始,返回最右len 字符
  5. -- 电话号码脱敏sql
  6. SELECT mobilePhone AS 脱敏前电话号码,CONCAT(LEFT(mobilePhone,3), '********' ) AS 脱敏后电话号码
  7. FROM t_s_user
  8. -- 身份证号码脱敏sql:
  9. SELECT idcard AS 未脱敏身份证, CONCAT(LEFT(idcard,3), '****' ,RIGHT(idcard,4)) AS 脱敏后身份证号
  10. FROM t_s_user

2、JAVA数据脱敏实现

可参考:海强 / sensitive-plus
https://gitee.com/strong_sea/sensitive-plus
数据脱敏插件,目前支持地址脱敏、银行卡号脱敏、中文姓名脱敏、固话脱敏、身份证号脱敏、手机号脱敏、密码脱敏 一个是正则脱敏、另外一个根据显示长度脱敏,默认是正则脱敏,可以根据自己的需要配置自己的规则。

3、mybatis-mate-sensitive-jackson

mybatisplus 的新作,可以测试使用,生产需要收费。
根据定义的策略类型,对数据进行脱敏,当然策略可以自定义。

  1. # 目前已有
  2. package mybatis.mate.strategy;
  3. public interface SensitiveType {
  4. String chineseName = "chineseName";
  5. String idCard = "idCard";
  6. String phone = "phone";
  7. String mobile = "mobile";
  8. String address = "address";
  9. String email = "email";
  10. String bankCard = "bankCard";
  11. String password = "password";
  12. String carNumber = "carNumber";
  13. }

Demo 代码目录
2022-05-22-20-38-36-709502.png

1、pom.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3. xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  4. <parent>
  5. <groupId>com.baomidou</groupId>
  6. <artifactId>mybatis-mate-examples</artifactId>
  7. <version>0.0.1-SNAPSHOT</version>
  8. </parent>
  9. <modelVersion>4.0.0</modelVersion>
  10. <artifactId>mybatis-mate-sensitive-jackson</artifactId>
  11. <dependencies>
  12. <dependency>
  13. <groupId>mysql</groupId>
  14. <artifactId>mysql-connector-java</artifactId>
  15. </dependency>
  16. </dependencies>
  17. </project>

2、appliation.yml

  1. # DataSource Config
  2. spring:
  3. datasource:
  4. # driver-class-name: org.h2.Driver
  5. # schema: classpath:db/schema-h2.sql
  6. # data: classpath:db/data-h2.sql
  7. # url: jdbc:h2:mem:test
  8. # username: root
  9. # password: test
  10. driver-class-name: com.mysql.cj.jdbc.Driver
  11. url: jdbc:mysql://localhost:3306/mybatis_mate?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
  12. username: root
  13. password: 123456
  14. # Mybatis Mate 配置
  15. mybatis-mate:
  16. cert:
  17. # 请添加微信wx153666购买授权,测试证书会失效,请勿正式环境使用
  18. grant: thisIsTestLicense
  19. license: as/bsBaSVrsA9FfjC/N77ruEt2/QZDrW+MHETNuEuZBra5mlaXZU+DE1ZvF8UjzlLCpH3TFVH3WPV+Ya7Ugiz1Rx4wSh/FK6Ug9lhos7rnsNaRB/+mR30aXqtlLt4dAmLAOCT56r9mikW+t1DDJY8TVhERWMjEipbqGO9oe1fqYCegCEX8tVCpToKr5J1g1V86mNsNnEGXujnLlEw9jBTrGxAyQroD7Ns1Dhwz1K4Y188mvmRQp9t7OYrpgsC7N9CXq1s1c2GtvfItHArkqHE4oDrhaPjpbMjFWLI5/XqZDtW3D+AVcH7pTcYZn6vzFfDZEmfDFV5fQlT3Rc+GENEg==
  20. # Logger Config
  21. logging:
  22. level:
  23. mybatis.mate: debug

3、Appliation启动类

  1. package mybatis.mate.sensitive.jackson;
  2. import org.springframework.boot.SpringApplication;
  3. import org.springframework.boot.autoconfigure.SpringBootApplication;
  4. @SpringBootApplication
  5. public class SensitiveJacksonApplication {
  6. // 测试访问 http://localhost:8080/info ,http://localhost:8080/list
  7. public static void main(String[] args) {
  8. SpringApplication.run(SensitiveJacksonApplication.class, args);
  9. }
  10. }

4、配置类,自定义脱敏策略

  1. package mybatis.mate.sensitive.jackson.config;
  2. import mybatis.mate.databind.ISensitiveStrategy;
  3. import mybatis.mate.strategy.SensitiveStrategy;
  4. import org.springframework.context.annotation.Bean;
  5. import org.springframework.context.annotation.Configuration;
  6. @Configuration
  7. public class SensitiveStrategyConfig {
  8. /**
  9. * 注入脱敏策略
  10. */
  11. @Bean
  12. public ISensitiveStrategy sensitiveStrategy() {
  13. // 自定义 testStrategy 类型脱敏处理
  14. return new SensitiveStrategy().addStrategy("testStrategy", t -> t + "***test***");
  15. }
  16. }

5、业务类

User,注解标识脱敏字段,及选用脱敏策略

  1. package mybatis.mate.sensitive.jackson.entity;
  2. import lombok.Getter;
  3. import lombok.Setter;
  4. import mybatis.mate.annotation.FieldSensitive;
  5. import mybatis.mate.sensitive.jackson.config.SensitiveStrategyConfig;
  6. import mybatis.mate.strategy.SensitiveType;
  7. @Getter
  8. @Setter
  9. public class User {
  10. private Long id;
  11. /**
  12. * 这里是一个自定义的策略 {@link SensitiveStrategyConfig} 初始化注入
  13. */
  14. @FieldSensitive("testStrategy")
  15. private String username;
  16. /**
  17. * 默认支持策略 {@link SensitiveType }
  18. */
  19. @FieldSensitive(SensitiveType.mobile)
  20. private String mobile;
  21. @FieldSensitive(SensitiveType.email)
  22. private String email;
  23. }

UserController

  1. package mybatis.mate.sensitive.jackson.controller;
  2. import mybatis.mate.databind.ISensitiveStrategy;
  3. import mybatis.mate.databind.RequestDataTransfer;
  4. import mybatis.mate.sensitive.jackson.entity.User;
  5. import mybatis.mate.sensitive.jackson.mapper.UserMapper;
  6. import mybatis.mate.strategy.SensitiveType;
  7. import org.springframework.beans.factory.annotation.Autowired;
  8. import org.springframework.web.bind.annotation.GetMapping;
  9. import org.springframework.web.bind.annotation.RestController;
  10. import javax.servlet.http.HttpServletRequest;
  11. import java.util.HashMap;
  12. import java.util.List;
  13. import java.util.Map;
  14. @RestController
  15. public class UserController {
  16. @Autowired
  17. private UserMapper userMapper;
  18. @Autowired
  19. private ISensitiveStrategy sensitiveStrategy;
  20. // 测试访问 http://localhost:8080/info
  21. @GetMapping("/info")
  22. public User info() {
  23. return userMapper.selectById(1L);
  24. }
  25. // 测试返回 map 访问 http://localhost:8080/map
  26. @GetMapping("/map")
  27. public Map<String, Object> map() {
  28. // 测试嵌套对象脱敏
  29. Map<String, Object> userMap = new HashMap<>();
  30. userMap.put("user", userMapper.selectById(1L));
  31. userMap.put("test", 123);
  32. userMap.put("userMap", new HashMap<String, Object>() {{
  33. put("user2", userMapper.selectById(2L));
  34. put("test2", "hi china");
  35. }});
  36. // 手动调用策略脱敏
  37. userMap.put("mobile", sensitiveStrategy.getStrategyFunctionMap()
  38. .get(SensitiveType.mobile).apply("15315388888"));
  39. return userMap;
  40. }
  41. // 测试访问 http://localhost:8080/list
  42. // 不脱敏 http://localhost:8080/list?skip=1
  43. @GetMapping("/list")
  44. public List<User> list(HttpServletRequest request) {
  45. if ("1".equals(request.getParameter("skip"))) {
  46. // 跳过脱密处理
  47. RequestDataTransfer.skipSensitive();
  48. }
  49. return userMapper.selectList(null);
  50. }
  51. }

UserMapper

  1. package mybatis.mate.sensitive.jackson.mapper;
  2. import com.baomidou.mybatisplus.core.mapper.BaseMapper;
  3. import mybatis.mate.sensitive.jackson.entity.User;
  4. import org.apache.ibatis.annotations.Mapper;
  5. @Mapper
  6. public interface UserMapper extends BaseMapper<User> {
  7. }

6、测试

  1. GET http://localhost:8080/list
  2. [
  3. {
  4. "id": 1,
  5. "username": "Jone***test***",
  6. "mobile": "153******81",
  7. "email": "t****@baomidou.com"
  8. },
  9. {
  10. "id": 2,
  11. "username": "Jack***test***",
  12. "mobile": "153******82",
  13. "email": "t****@baomidou.com"
  14. },
  15. {
  16. "id": 3,
  17. "username": "Tom***test***",
  18. "mobile": "153******83",
  19. "email": "t****@baomidou.com"
  20. }
  21. ]
  1. GET http://localhost:8080/list?skip=1
  2. [
  3. {
  4. "id": 1,
  5. "username": "Jone",
  6. "mobile": "15315388881",
  7. "email": "test1@baomidou.com"
  8. },
  9. {
  10. "id": 2,
  11. "username": "Jack",
  12. "mobile": "15315388882",
  13. "email": "test2@baomidou.com"
  14. },
  15. {
  16. "id": 3,
  17. "username": "Tom",
  18. "mobile": "15315388883",
  19. "email": "test3@baomidou.com"
  20. }
  21. ]