3種常見的數據脫敏方案
VSole2023-03-03 15:45:32
目錄
- SQL數據脫敏實現
- JAVA數據脫敏實現
- mybatis-mate-sensitive-jackson
1、SQL數據脫敏實現
MYSQL(電話號碼,身份證)數據脫敏的實現
-- CONCAT()、LEFT()和RIGHT()字符串函數組合使用,請看下面具體實現 -- CONCAT(str1,str2,…):返回結果為連接參數產生的字符串 -- LEFT(str,len):返回從字符串str 開始的len 最左字符 -- RIGHT(str,len):從字符串str 開始,返回最右len 字符 -- 電話號碼脫敏sql: SELECT mobilePhone AS 脫敏前電話號碼,CONCAT(LEFT(mobilePhone,3), '********' ) AS 脫敏后電話號碼 FROM t_s_user -- 身份證號碼脫敏sql: SELECT idcard AS 未脫敏身份證, CONCAT(LEFT(idcard,3), '****' ,RIGHT(idcard,4)) AS 脫敏后身份證號 FROM t_s_user
2、JAVA數據脫敏實現
可參考:海強 / sensitive-plus
https://gitee.com/strong_sea/sensitive-plus
數據脫敏插件,目前支持地址脫敏、銀行卡號脫敏、中文姓名脫敏、固話脫敏、身份證號脫敏、手機號脫敏、密碼脫敏 一個是正則脫敏、另外一個根據顯示長度脫敏,默認是正則脫敏,可以根據自己的需要配置自己的規則。
3、mybatis-mate-sensitive-jackson
mybatisplus 的新作,可以測試使用,生產需要收費。
根據定義的策略類型,對數據進行脫敏,當然策略可以自定義。
# 目前已有
package mybatis.mate.strategy;
public interface SensitiveType {
String chineseName = "chineseName";
String idCard = "idCard";
String phone = "phone";
String mobile = "mobile";
String address = "address";
String email = "email";
String bankCard = "bankCard";
String password = "password";
String carNumber = "carNumber";
}
Demo 代碼目錄
1、pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <groupId>com.baomidougroupId> <artifactId>mybatis-mate-examplesartifactId> <version>0.0.1-SNAPSHOTversion> parent> <modelVersion>4.0.0modelVersion> <artifactId>mybatis-mate-sensitive-jacksonartifactId> <dependencies> <dependency> <groupId>mysqlgroupId> <artifactId>mysql-connector-javaartifactId> dependency> dependencies> project>
2、appliation.yml
# DataSource Config spring: datasource: # driver-class-name: org.h2.Driver # schema: classpath:db/schema-h2.sql # data: classpath:db/data-h2.sql # url: jdbc:h2:mem:test # username: root # password: test driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/mybatis_mate?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC username: root password: 123456 # Mybatis Mate 配置 mybatis-mate: cert: # 請添加微信wx153666購買授權,不白嫖從我做起! 測試證書會失效,請勿正式環境使用 grant: thisIsTestLicense license: as/bsBaSVrsA9FfjC/N77ruEt2/QZDrW+MHETNuEuZBra5mlaXZU+DE1ZvF8UjzlLCpH3TFVH3WPV+Ya7Ugiz1Rx4wSh/FK6Ug9lhos7rnsNaRB/+mR30aXqtlLt4dAmLAOCT56r9mikW+t1DDJY8TVhERWMjEipbqGO9oe1fqYCegCEX8tVCpToKr5J1g1V86mNsNnEGXujnLlEw9jBTrGxAyQroD7Ns1Dhwz1K4Y188mvmRQp9t7OYrpgsC7N9CXq1s1c2GtvfItHArkqHE4oDrhaPjpbMjFWLI5/XqZDtW3D+AVcH7pTcYZn6vzFfDZEmfDFV5fQlT3Rc+GENEg== # Logger Config logging: level: mybatis.mate: debug
3、Appliation啟動類
package mybatis.mate.sensitive.jackson;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SensitiveJacksonApplication {
// 測試訪問 http://localhost:8080/info ,http://localhost:8080/list
public static void main(String[] args) {
SpringApplication.run(SensitiveJacksonApplication.class, args);
}
}
4、配置類,自定義脫敏策略
package mybatis.mate.sensitive.jackson.config;
import mybatis.mate.databind.ISensitiveStrategy;
import mybatis.mate.strategy.SensitiveStrategy;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SensitiveStrategyConfig {
/**
* 注入脫敏策略
*/
@Bean
public ISensitiveStrategy sensitiveStrategy() {
// 自定義 testStrategy 類型脫敏處理
return new SensitiveStrategy().addStrategy("testStrategy", t -> t + "***test***");
}
}
5、業務類
User,注解標識脫敏字段,及選用脫敏策略
package mybatis.mate.sensitive.jackson.entity;
import lombok.Getter;
import lombok.Setter;
import mybatis.mate.annotation.FieldSensitive;
import mybatis.mate.sensitive.jackson.config.SensitiveStrategyConfig;
import mybatis.mate.strategy.SensitiveType;
@Getter
@Setter
public class User {
private Long id;
/**
* 這里是一個自定義的策略 {@link SensitiveStrategyConfig} 初始化注入
*/
@FieldSensitive("testStrategy")
private String username;
/**
* 默認支持策略 {@link SensitiveType }
*/
@FieldSensitive(SensitiveType.mobile)
private String mobile;
@FieldSensitive(SensitiveType.email)
private String email;
}
UserController
package mybatis.mate.sensitive.jackson.controller;
import mybatis.mate.databind.ISensitiveStrategy;
import mybatis.mate.databind.RequestDataTransfer;
import mybatis.mate.sensitive.jackson.entity.User;
import mybatis.mate.sensitive.jackson.mapper.UserMapper;
import mybatis.mate.strategy.SensitiveType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@RestController
public class UserController {
@Autowired
private UserMapper userMapper;
@Autowired
private ISensitiveStrategy sensitiveStrategy;
// 測試訪問 http://localhost:8080/info
@GetMapping("/info")
public User info() {
return userMapper.selectById(1L);
}
// 測試返回 map 訪問 http://localhost:8080/map
@GetMapping("/map")
public Map map() {
// 測試嵌套對象脫敏
Map userMap = new HashMap<>();
userMap.put("user", userMapper.selectById(1L));
userMap.put("test", 123);
userMap.put("userMap", new HashMap() {{
put("user2", userMapper.selectById(2L));
put("test2", "hi china");
}});
// 手動調用策略脫敏
userMap.put("mobile", sensitiveStrategy.getStrategyFunctionMap()
.get(SensitiveType.mobile).apply("15315388888"));
return userMap;
}
// 測試訪問 http://localhost:8080/list
// 不脫敏 http://localhost:8080/list?skip=1
@GetMapping("/list")
public List list(HttpServletRequest request) {
if ("1".equals(request.getParameter("skip"))) {
// 跳過脫密處理
RequestDataTransfer.skipSensitive();
}
return userMapper.selectList(null);
}
}
UserMapper
package mybatis.mate.sensitive.jackson.mapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import mybatis.mate.sensitive.jackson.entity.User;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface UserMapper extends BaseMapper<User> {
}
6、測試
GET http://localhost:8080/list
[
{
"id": 1,
"username": "Jone***test***",
"mobile": "153******81",
"email": "t****@baomidou.com"
},
{
"id": 2,
"username": "Jack***test***",
"mobile": "153******82",
"email": "t****@baomidou.com"
},
{
"id": 3,
"username": "Tom***test***",
"mobile": "153******83",
"email": "t****@baomidou.com"
}
]
GET http://localhost:8080/list?skip=1
[
{
"id": 1,
"username": "Jone",
"mobile": "15315388881",
"email": "test1@baomidou.com"
},
{
"id": 2,
"username": "Jack",
"mobile": "15315388882",
"email": "test2@baomidou.com"
},
{
"id": 3,
"username": "Tom",
"mobile": "15315388883",
"email": "test3@baomidou.com"
}
]
VSole
網絡安全專家