Spring 数据脱敏实现方式

devtools/2024/9/25 23:24:33/

1、前言

当前互联网中，越来越重视数据安全，数据脱敏在实际应用中越来越多。

2 、脱敏方式

2.1 数据库sql 语句脱敏

sql 语句脱敏是比较传统通用的，例子如下所示：

select CONCAT(LETF(mobile,3),"*****",RIGHT(mobile,3))  from tb_user

2.2 通过Java 代码脱敏

代码脱敏一般要通过aop以及自定义注解实现，代码如下。

package com.example.demo.annotion;import java.lang.annotation.*;@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface DesensitizationWord {}

package com.example.demo.annotion;import java.lang.annotation.*;@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface DesensitizationWord {}

@Aspect
@Component
@Slf4j
public class DesensitizationgWordAspect {@Pointcut(value = "@annotation(com.example.demo.annotion.DesensitizationWord)")public void desensitizationgWordFlag() {}@AfterReturning(value = "desensitizationgWordFlag()",returning = "result")public void afterReturning(JoinPoint joinPoint, Object result) throws IllegalAccessException {if(result instanceof Base){Base base  = (Base)result;List<?> list = base.getData();if(CollectionUtils.isEmpty(list)) return;for(Object objcet:list){Field[]  fields = objcet.getClass().getDeclaredFields();for(Field field:fields){Annotation[]  annotations = field.getAnnotations();if(annotations!=null && annotations.length>0){for (Annotation annotation:annotations ){field.setAccessible(true);if(annotation instanceof Mobile){Object  mobile = field.get(objcet);if(mobile instanceof String){String mobileString= (String)mobile;field.set(objcet,desensitizedPhoneNumber(mobileString));}}}}}}}}public  String desensitizedPhoneNumber(String phoneNumber) {if (StringUtils.isNotBlank(phoneNumber)) {phoneNumber = phoneNumber.replaceAll("(\\w{3})\\w*(\\w{3})", "$1*****$2");}return phoneNumber;}
}

2.3 、通过mybatis-mate-sensitive-jackson

这个是mybaitsplus 的功能，其实实现的原理和2.2的的方法类型，只是它封装成jar包，并且支持扩展。怎么使用大家可以参考企业高级特性 | MyBatis-Plus，它目前支持如下脱敏规则如

package mybatis.mate.strategy;public interface SensitiveType {String chineseName = "chineseName";String idCard = "idCard";String phone = "phone";String mobile = "mobile";String address = "address";String email = "email";String bankCard = "bankCard";String password = "password";String carNumber = "carNumber";
}

在使用脱敏规则字段上新增注解，如下代码

@FieldSensitive("chineseName ")
private String username;

还可以自定义脱敏规则，如下代码

@Configuration
public class SensitiveStrategyConfig {/*** 注入脱敏策略*/@Beanpublic ISensitiveStrategy sensitiveStrategy() {// 自定义 testStrategy 类型脱敏处理return new SensitiveStrategy().addStrategy("testStrategy", t -> t + "***test***");}
}