数据脱敏有什么规范(3种常见的数据脱敏方案)
数据脱敏有什么规范(3种常见的数据脱敏方案)<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <groupId>com.baomidou</groupId> <artifactId&g
目录- SQL数据脱敏实现
- JAVA数据脱敏实现
- mybatis-mate-sensitive-jackson
mysql(电话号码 身份证)数据脱敏的实现
-- CONCAT()、LEFT()和RIGHT()字符串函数组合使用,请看下面具体实现
-- CONCAT(str1 str2 …):返回结果为连接参数产生的字符串
-- LEFT(str len):返回从字符串str 开始的len 最左字符
-- RIGHT(str len):从字符串str 开始,返回最右len 字符
-- 电话号码脱敏sql:
SELECT mobilePhone AS 脱敏前电话号码 CONCAT(LEFT(mobilePhone 3) '********' ) AS 脱敏后电话号码 FROM t_s_user
-- 身份证号码脱敏sql:
SELECT idcard AS 未脱敏身份证 CONCAT(LEFT(idcard 3) '****' RIGHT(idcard 4)) AS 脱敏后身份证号 FROM t_s_user
2.JAVA数据脱敏实现
可参考:海强 / sensitive-plus
https://gitee.com/strong_sea/sensitive-plus
数据脱敏插件,目前支持地址脱敏、银行卡号脱敏、中文姓名脱敏、固话脱敏、身份证号脱敏、手机号脱敏、密码脱敏 一个是正则脱敏、另外一个根据显示长度脱敏,默认是正则脱敏,可以根据自己的需要配置自己的规则。
3.mybatis-mate-sensitive-jacksonmybatisplus 的新作,可以测试使用,生产需要收费。
根据定义的策略类型,对数据进行脱敏,当然策略可以自定义。
# 目前已有
package mybatis.mate.strategy;
public interface SensitiveType {
String chineseName = "chineseName";
String idCard = "idCard";
String phone = "phone";
String mobile = "mobile";
String address = "address";
String email = "email";
String bankCard = "bankCard";
String password = "password";
String carNumber = "carNumber";
}
Demo 代码目录
1、pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-mate-examples</artifactId>
<version>0.0.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>mybatis-mate-sensitive-jackson</artifactId>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
</dependencies>
</project>
2、appliation.yml
# DataSource Config
spring:
datasource:
# driver-class-name: org.h2.Driver
# schema: classpath:db/schema-h2.sql
# data: classpath:db/data-h2.sql
# url: jdbc:h2:mem:test
# username: root
# password: test
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/mybatis_mate?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
username: root
password: 123456
# Mybatis Mate 配置
mybatis-mate:
cert:
# 请添加微信wx153666购买授权,不白嫖从我做起! 测试证书会失效,请勿正式环境使用
grant: thisIsTestLicense
license: as/bsBaSVrsA9FfjC/N77ruEt2/QZDrW MHETNuEuZBra5mlaXZU DE1ZvF8UjzlLCpH3TFVH3WPV Ya7Ugiz1Rx4wSh/FK6Ug9lhos7rnsNaRB/ mR30aXqtlLt4dAmLAOCT56r9mikW t1DDJY8TVhERWMjEipbqGO9oe1fqYCegCEX8tVCpToKr5J1g1V86mNsNnEGXujnLlEw9jBTrGxAyQroD7Ns1Dhwz1K4Y188mvmRQp9t7OYrpgsC7N9CXq1s1c2GtvfItHArkqHE4oDrhaPjpbMjFWLI5/XqZDtW3D AVcH7pTcYZn6vzFfDZEmfDFV5fQlT3Rc GENEg==
# Logger Config
logging:
level:
mybatis.mate: debug
3、Appliation启动类
package mybatis.mate.sensitive.jackson;
import org.springframework.boot.SpringApplication;
import org.Springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SensitiveJacksonApplication {
// 测试访问 http://localhost:8080/info ,http://localhost:8080/list
public static void main(String[] args) {
SpringApplication.run(SensitiveJacksonApplication.class args);
}
}
4、配置类,自定义脱敏策略
package mybatis.mate.sensitive.jackson.config;
import mybatis.mate.databind.ISensitiveStrategy;
import mybatis.mate.strategy.SensitiveStrategy;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SensitiveStrategyConfig {
/**
* 注入脱敏策略
*/
@Bean
public ISensitiveStrategy sensitiveStrategy() {
// 自定义 testStrategy 类型脱敏处理
return new SensitiveStrategy().addStrategy("testStrategy" t -> t "***test***");
}
}
5、业务类
User,注解标识脱敏字段,及选用脱敏策略
package mybatis.mate.sensitive.jackson.entity;
import lombok.Getter;
import lombok.Setter;
import mybatis.mate.annotation.FieldSensitive;
import mybatis.mate.sensitive.jackson.config.SensitiveStrategyConfig;
import mybatis.mate.strategy.SensitiveType;
@Getter
@Setter
public class User {
private Long id;
/**
* 这里是一个自定义的策略 {@link SensitiveStrategyConfig} 初始化注入
*/
@FieldSensitive("testStrategy")
private String username;
/**
* 默认支持策略 {@link SensitiveType }
*/
@FieldSensitive(SensitiveType.mobile)
private String mobile;
@FieldSensitive(SensitiveType.email)
private String email;
}
UserController
package mybatis.mate.sensitive.jackson.controller;
import mybatis.mate.databind.ISensitiveStrategy;
import mybatis.mate.databind.requestDataTransfer;
import mybatis.mate.sensitive.jackson.entity.User;
import mybatis.mate.sensitive.jackson.mapper.Usermapper;
import mybatis.mate.strategy.SensitiveType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@RestController
public class UserController {
@Autowired
private UserMapper userMapper;
@Autowired
private ISensitiveStrategy sensitiveStrategy;
// 测试访问 http://localhost:8080/info
@GetMapping("/info")
public User info() {
return userMapper.selectById(1L);
}
// 测试返回 Map 访问 http://localhost:8080/map
@GetMapping("/map")
public Map<String Object> map() {
// 测试嵌套对象脱敏
Map<String Object> userMap = new HashMap<>();
userMap.put("user" userMapper.selectById(1L));
userMap.put("test" 123);
userMap.put("userMap" new HashMap<String Object>() {{
put("user2" userMapper.selectById(2L));
put("test2" "hi china");
}});
// 手动调用策略脱敏
userMap.put("mobile" sensitiveStrategy.getStrategyFunctionMap()
.get(SensitiveType.mobile).apply("15315388888"));
return userMap;
}
// 测试访问 http://localhost:8080/list
// 不脱敏 http://localhost:8080/list?skip=1
@GetMapping("/list")
public List<User> list(HttpServletRequest request) {
if ("1".equals(request.getParameter("skip"))) {
// 跳过脱密处理
RequestDataTransfer.skipSensitive();
}
return userMapper.selectList(null);
}
}
UserMapper
package mybatis.mate.sensitive.jackson.mapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import mybatis.mate.sensitive.jackson.entity.User;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface UserMapper extends BaseMapper<User> {
}
6、测试
GET http://localhost:8080/list
[
{
"id": 1
"username": "Jone***test***"
"mobile": "153******81"
"email": "t****@baomidou.com"
}
{
"id": 2
"username": "Jack***test***"
"mobile": "153******82"
"email": "t****@baomidou.com"
}
{
"id": 3
"username": "Tom***test***"
"mobile": "153******83"
"email": "t****@baomidou.com"
}
]
GET http://localhost:8080/list?skip=1
[
{
"id": 1
"username": "Jone"
"mobile": "15315388881"
"email": "test1@baomidou.com"
}
{
"id": 2
"username": "Jack"
"mobile": "15315388882"
"email": "test2@baomidou.com"
}
{
"id": 3
"username": "Tom"
"mobile": "15315388883"
"email": "test3@baomidou.com"
}
]
来源:https://blog.csdn.net/weixin_61594803
