1. Implementation of SQL data desensitization
Implementation of MYSQL (phone number, ID card) data desensitization
-- CONCAT()、LEFT()和RIGHT()字符串函数组合使用,请看下面具体实现
-- CONCAT(str1,str2,…):返回结果为连接参数产生的字符串
-- LEFT(str,len):返回从字符串str 开始的len 最左字符
-- RIGHT(str,len):从字符串str 开始,返回最右len 字符
-- 电话号码脱敏sql:
SELECT mobilePhone AS 脱敏前电话号码,CONCAT(LEFT(mobilePhone,3), '********' ) AS 脱敏后电话号码 FROM t_s_user
-- 身份证号码脱敏sql:
SELECT idcard AS 未脱敏身份证, CONCAT(LEFT(idcard,3), '****' ,RIGHT(idcard,4)) AS 脱敏后身份证号 FROM t_s_user
2. Implementation of JAVA data desensitization
For reference: Haiqiang/sensitive-plus
https://gitee.com/strong_sea/sensitive-plus
Data desensitization plug-in, currently supports address desensitization, bank card number desensitization, Chinese name desensitization, fixed line desensitization, ID number desensitization, mobile phone number desensitization, password desensitization one is regular desensitization, the other is based on display Length desensitization, the default is regular desensitization, you can configure your own rules according to your needs.
3.mybatis-mate-sensitive-jackson
The new work of mybatisplus can be tested and used, and production needs to be charged.
According to the defined policy type, the data is desensitized. Of course, the policy can be customized.
# 目前已有
package mybatis.mate.strategy;
public interface SensitiveType {
String chineseName = "chineseName";
String idCard = "idCard";
String phone = "phone";
String mobile = "mobile";
String address = "address";
String email = "email";
String bankCard = "bankCard";
String password = "password";
String carNumber = "carNumber";
}
The basics of Spring Boot will not be introduced. It is recommended to watch this free tutorial:
https://github.com/javastacks/spring-boot-best-practice
1、pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-mate-examples</artifactId>
<version>0.0.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>mybatis-mate-sensitive-jackson</artifactId>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
</dependencies>
</project>
2、appliation.yml
# DataSource Config spring: datasource: # driver-class-name: org.h2.Driver # schema: classpath:db/schema-h2.sql # data: classpath:db/data-h2.sql # url: jdbc:h2: mem:test # username: root # password: test driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/mybatis_mate?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone= UTC username: root password: 123456 # Mybatis Mate configuration mybatis-mate: cert: # Please add WeChat wx153666 to purchase authorization, start with me if you don't want to be a prostitute! The test certificate will be invalid, please do not use it in a formal environment grant: thisIsTestLicense license:
3. Application startup class
package mybatis.mate.sensitive.jackson; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class SensitiveJacksonApplication { // 测试访问 http://localhost:8080/info ,http://localhost:8080/list public static void main(String[] args) { SpringApplication.run(SensitiveJacksonApplication.class, args); } }
Spring Boot study notes, share with you.
4. Configuration class, custom desensitization strategy
package mybatis.mate.sensitive.jackson.config; import mybatis.mate.databind.ISensitiveStrategy; import mybatis.mate.strategy.SensitiveStrategy; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Config ration ; @Configuration public class SensitiveStrategyConfig { /** * Inject desensitization strategy*/ @Bean public ISensitiveStrategy sensitiveStrategy() { // Custom testStrategy type desensitization return new SensitiveStrategy().addStrategy("testStrategy", t -> t + "***test***"); } }
User, the annotation identifies the desensitization field, and selects the desensitization strategy
package mybatis.mate.sensitive.jackson.entity; Import Lombok.getter; Import Lombok.Setter; Import mybative.annotation.fieldSense; Import myb Atis.mate.sensitive.jackson.config.sensitivestrategyconfig; Import mybatis.mate.strategy. SensitiveType; @Getter @Setter public class User { private Long id; /** * Here is a custom strategy {@link SensitiveStrategyConfig} initialization injection */ @FieldSensitive("testStrategy") private String username; /** * Default Support policy {@link SensitiveType } */ @FieldSensitive(SensitiveType.mobile) private String mobile; @FieldSensitive(SensitiveType.email) private String email; }
UserController
package mybatis.mate.sensitive.jackson.controller; import mybatis.mate.databind.ISensitiveStrategy; import mybatis.mate.databind.RequestDataTransfer; import mybatis.mate.sensitive.jackson.entity.User; import mybatis.mate.sensitive.jackson.mapper.UserMapper; import mybatis.mate.strategy.SensitiveType; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import java.util.HashMap; import java.util.List; import java.util.Map; @RestController public class UserController { @Autowired private UserMapper userMapper; @Autowired private ISensitiveStrategy sensitiveStrategy; // 测试访问 http://localhost:8080/info @GetMapping("/info") public User info() { return userMapper.selectById(1L); } // test return map visit http://localhost:8080/map @GetMapping("/map") public Map<String, Object> map() { // Test nested object desensitization Map<String, Object> userMap = new HashMap<>(); userMap.put("user", userMapper.selectById(1L)); userMap .put("test", 123); userMap.put("userMap", new HashMap<String, Object>() {selectById(1L)); userMap.put("test", 123); userMap.put("userMap", new HashMap<String, Object>() {selectById(1L)); userMap.put("test", 123); userMap.put("userMap", new HashMap<String, Object>() { { put("user2", userMapper.selectById(2L)); put("test2", "hi china"); }}); // Manually call strategy desensitization userMap.put("mobile", sensitiveStrategy.getStrategyFunctionMap( ) .get(SensitiveType.mobile).apply("15315388888")); return userMap; } // Test visit http://localhost:8080/list // No desensitization http://localhost:8080/list?skip =1 @GetMapping("/list") public List<User> list(HttpServletRequest request) { if ("1".equals(request.getParameter("skip"))) { // Skip decryption processing RequestDataTransfer.skipSensitive (); } return userMapper. selectList(null); } }
UserMapper
package mybatis.mate.sensitive.jackson.mapper; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import mybatis.mate.sensitive.jackson.entity.User; import org.apache.ibatis.annotations.Mapper; @Mapper public interface UserMapper extends BaseMapper<User> { }
6. Test
GET http://localhost:8080/list
[ { "id": 1, "username": "Jone***test***", "mobile": "153******81", "email": "t****@baomidou.com" }, { "id": 2, "username": "Jack***test***", "mobile": "153******82", "email": "t****@baomidou.com" }, { "id": 3, "username": "Tom***test***", "mobile": "153******83", "email": "t****@baomidou.com" } ]
GET http://localhost:8080/list?skip=1
[
{
"id": 1,
"username": "Jone",
"mobile": "15315388881",
"email": "[email protected]"
},
{
"id": 2,
"username": "Jack",
"mobile": "15315388882",
"email": "[email protected]"
},
{
"id": 3,
"username": "Tom",
"mobile": "15315388883",
"email": "[email protected]"
}
]