总阅读量:

⭐⭐⭐ Spring Boot 项目实战 ⭐⭐⭐ Spring Cloud 项目实战
《Dubbo 实现原理与源码解析 —— 精品合集》 《Netty 实现原理与源码解析 —— 精品合集》
《Spring 实现原理与源码解析 —— 精品合集》 《MyBatis 实现原理与源码解析 —— 精品合集》
《Spring MVC 实现原理与源码解析 —— 精品合集》 《数据库实体设计合集》
《Spring Boot 实现原理与源码解析 —— 精品合集》 《Java 面试题 + Java 学习指南》

摘要: 原创出处 blog.csdn.net/weixin_61594803/article/details/122639894 「y小恒」欢迎转载,保留摘要,谢谢!

🙂🙂🙂关注**微信公众号:【芋道源码】**有福利:

  1. RocketMQ / MyCAT / Sharding-JDBC 所有源码分析文章列表
  2. RocketMQ / MyCAT / Sharding-JDBC 中文注释源码 GitHub 地址
  3. 您对于源码的疑问每条留言将得到认真回复。甚至不知道如何读源码也可以请教噢
  4. 新的源码解析文章实时收到通知。每周更新一篇左右
  5. 认真的源码交流微信群。

1.SQL数据脱敏实现

MYSQL(电话号码,身份证)数据脱敏的实现

-- CONCAT()、LEFT()和RIGHT()字符串函数组合使用,请看下面具体实现
 
-- CONCAT(str1,str2,…):返回结果为连接参数产生的字符串
-- LEFT(str,len):返回从字符串str 开始的len 最左字符
-- RIGHT(str,len):从字符串str 开始,返回最右len 字符
 
-- 电话号码脱敏sql:
 
SELECT mobilePhone AS 脱敏前电话号码,CONCAT(LEFT(mobilePhone,3), '********' ) AS 脱敏后电话号码 FROM t_s_user
 
-- 身份证号码脱敏sql:
 
SELECT idcard AS 未脱敏身份证, CONCAT(LEFT(idcard,3), '****' ,RIGHT(idcard,4)) AS 脱敏后身份证号 FROM t_s_user

2.JAVA数据脱敏实现

可参考:海强 / sensitive-plus

https://gitee.com/strong_sea/sensitive-plus

数据脱敏插件,目前支持地址脱敏、银行卡号脱敏、中文姓名脱敏、固话脱敏、身份证号脱敏、手机号脱敏、密码脱敏 一个是正则脱敏、另外一个根据显示长度脱敏,默认是正则脱敏,可以根据自己的需要配置自己的规则。

3.mybatis-mate-sensitive-jackson

mybatisplus 的新作,可以测试使用,生产需要收费。

根据定义的策略类型,对数据进行脱敏,当然策略可以自定义。

# 目前已有
package mybatis.mate.strategy;
 
public interface SensitiveType {
    String chineseName = "chineseName";
    String idCard = "idCard";
    String phone = "phone";
    String mobile = "mobile";
    String address = "address";
    String email = "email";
    String bankCard = "bankCard";
    String password = "password";
    String carNumber = "carNumber";
}

Demo 代码目录

1、pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <groupId>com.baomidou</groupId>
        <artifactId>mybatis-mate-examples</artifactId>
        <version>0.0.1-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    <artifactId>mybatis-mate-sensitive-jackson</artifactId>
    <dependencies>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>
    </dependencies>
 
</project>

2、appliation.yml

# DataSource Config
spring:
  datasource:
#    driver-class-name: org.h2.Driver
#    schema: classpath:db/schema-h2.sql
#    data: classpath:db/data-h2.sql
#    url: jdbc:h2:mem:test
#    username: root
#    password: test
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://localhost:3306/mybatis_mate?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC
    username: root
    password: 123456
# Mybatis Mate 配置
mybatis-mate:
  cert:
    # 请添加微信wx153666购买授权,不白嫖从我做起! 测试证书会失效,请勿正式环境使用
    grant: thisIsTestLicense
    license: as/bsBaSVrsA9FfjC/N77ruEt2/QZDrW+MHETNuEuZBra5mlaXZU+DE1ZvF8UjzlLCpH3TFVH3WPV+Ya7Ugiz1Rx4wSh/FK6Ug9lhos7rnsNaRB/+mR30aXqtlLt4dAmLAOCT56r9mikW+t1DDJY8TVhERWMjEipbqGO9oe1fqYCegCEX8tVCpToKr5J1g1V86mNsNnEGXujnLlEw9jBTrGxAyQroD7Ns1Dhwz1K4Y188mvmRQp9t7OYrpgsC7N9CXq1s1c2GtvfItHArkqHE4oDrhaPjpbMjFWLI5/XqZDtW3D+AVcH7pTcYZn6vzFfDZEmfDFV5fQlT3Rc+GENEg==
 
# Logger Config
logging:
  level:
    mybatis.mate: debug

3、Appliation启动类

package mybatis.mate.sensitive.jackson;
 
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
 
@SpringBootApplication
public class SensitiveJacksonApplication {
 
    // 测试访问 http://localhost:8080/info ,http://localhost:8080/list
    public static void main(String[] args) {
        SpringApplication.run(SensitiveJacksonApplication.class, args);
    }
}

4、配置类,自定义脱敏策略

package mybatis.mate.sensitive.jackson.config;
 
import mybatis.mate.databind.ISensitiveStrategy;
import mybatis.mate.strategy.SensitiveStrategy;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
 
@Configuration
public class SensitiveStrategyConfig {
 
    /**
     * 注入脱敏策略
     */
    @Bean
    public ISensitiveStrategy sensitiveStrategy() {
        // 自定义 testStrategy 类型脱敏处理
        return new SensitiveStrategy().addStrategy("testStrategy", t -> t + "***test***");
    }
}

5、业务类

User,注解标识脱敏字段,及选用脱敏策略

package mybatis.mate.sensitive.jackson.entity;
 
import lombok.Getter;
import lombok.Setter;
import mybatis.mate.annotation.FieldSensitive;
import mybatis.mate.sensitive.jackson.config.SensitiveStrategyConfig;
import mybatis.mate.strategy.SensitiveType;
 
@Getter
@Setter
public class User {
    private Long id;
    /**
     * 这里是一个自定义的策略 {@link SensitiveStrategyConfig} 初始化注入
     */
    @FieldSensitive("testStrategy")
    private String username;
    /**
     * 默认支持策略 {@link SensitiveType }
     */
    @FieldSensitive(SensitiveType.mobile)
    private String mobile;
    @FieldSensitive(SensitiveType.email)
    private String email;
 
}

UserController

package mybatis.mate.sensitive.jackson.controller;
 
import mybatis.mate.databind.ISensitiveStrategy;
import mybatis.mate.databind.RequestDataTransfer;
import mybatis.mate.sensitive.jackson.entity.User;
import mybatis.mate.sensitive.jackson.mapper.UserMapper;
import mybatis.mate.strategy.SensitiveType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
 
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
 
@RestController
public class UserController {
    @Autowired
    private UserMapper userMapper;
    @Autowired
    private ISensitiveStrategy sensitiveStrategy;
 
    // 测试访问 http://localhost:8080/info
    @GetMapping("/info")
    public User info() {
        return userMapper.selectById(1L);
    }
 
    // 测试返回 map 访问 http://localhost:8080/map
    @GetMapping("/map")
    public Map<String, Object> map() {
        // 测试嵌套对象脱敏
        Map<String, Object> userMap = new HashMap<>();
        userMap.put("user", userMapper.selectById(1L));
        userMap.put("test", 123);
        userMap.put("userMap", new HashMap<String, Object>() {{
            put("user2", userMapper.selectById(2L));
            put("test2", "hi china");
        }});
        // 手动调用策略脱敏
        userMap.put("mobile", sensitiveStrategy.getStrategyFunctionMap()
                .get(SensitiveType.mobile).apply("15315388888"));
        return userMap;
    }
 
    // 测试访问 http://localhost:8080/list
    // 不脱敏 http://localhost:8080/list?skip=1
    @GetMapping("/list")
    public List<User> list(HttpServletRequest request) {
        if ("1".equals(request.getParameter("skip"))) {
            // 跳过脱密处理
            RequestDataTransfer.skipSensitive();
        }
        return userMapper.selectList(null);
    }
}

UserMapper

package mybatis.mate.sensitive.jackson.mapper;
 
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import mybatis.mate.sensitive.jackson.entity.User;
import org.apache.ibatis.annotations.Mapper;
 
@Mapper
public interface UserMapper extends BaseMapper<User> {
 
}

6、测试

GET http://localhost:8080/list

[
  {
    "id": 1,
    "username": "Jone***test***",
    "mobile": "153******81",
    "email": "t****@baomidou.com"
  },
  {
    "id": 2,
    "username": "Jack***test***",
    "mobile": "153******82",
    "email": "t****@baomidou.com"
  },
  {
    "id": 3,
    "username": "Tom***test***",
    "mobile": "153******83",
    "email": "t****@baomidou.com"
  }
]

GET http://localhost:8080/list?skip=1

[
  {
    "id": 1,
    "username": "Jone",
    "mobile": "15315388881",
    "email": "test1@baomidou.com"
  },
  {
    "id": 2,
    "username": "Jack",
    "mobile": "15315388882",
    "email": "test2@baomidou.com"
  },
  {
    "id": 3,
    "username": "Tom",
    "mobile": "15315388883",
    "email": "test3@baomidou.com"
  }
]

文章目录
  1. 1. 1.SQL数据脱敏实现
  2. 2. 2.JAVA数据脱敏实现
  3. 3. 3.mybatis-mate-sensitive-jackson