当前位置:网站首页>Talk about how to customize data desensitization
Talk about how to customize data desensitization
2022-06-23 21:05:00 【lyb-geek】
Preface
What is data desensitization
Data desensitization refers to the deformation of some sensitive information through desensitization rules , Reliable protection of sensitive privacy data
Common desensitization rules
Replace 、 rearrangement 、 encryption 、 truncation 、 Mask
Good data desensitization implementation
1、 As much as possible for the application after desensitization , Keep the meaningful information before desensitization
2、 Prevent hackers from cracking as much as possible
Today we talk about how to customize data desensitization
The whole idea
This example realizes desensitization by means of replacement , And then cooperate with the common frame features , such as mybatis Interceptor mechanism or json To quickly realize desensitization
Specific landing
1、 Define a desensitization tool class
You can quote hutool tool kit , But it's in 5.6+ This tool is available only after version
https://www.hutool.cn/docs/#/core/ Tool class / Information desensitization tool -DesensitizedUtil
Otherwise, we will implement one by ourselves , The shape is as follows
public class DesensitizedUtils {
/**
* desensitization , Use the default desensitization strategy
* <pre>
* DesensitizedUtil.desensitized("100", DesensitizedUtils.DesensitizedType.USER_ID)) = "0"
* DesensitizedUtil.desensitized(" Duan Zhengchun ", DesensitizedUtils.DesensitizedType.CHINESE_NAME)) = " paragraph **"
* DesensitizedUtil.desensitized("51343620000320711X", DesensitizedUtils.DesensitizedType.ID_CARD)) = "5***************1X"
* DesensitizedUtil.desensitized("09157518479", DesensitizedUtils.DesensitizedType.FIXED_PHONE)) = "0915*****79"
* DesensitizedUtil.desensitized("18049531999", DesensitizedUtils.DesensitizedType.MOBILE_PHONE)) = "180****1999"
* DesensitizedUtil.desensitized(" Malianwa street, Haidian District, Beijing 289 Number ", DesensitizedUtils.DesensitizedType.ADDRESS)) = " Ma, Haidian District, Beijing ********"
* DesensitizedUtil.desensitized("[email protected]", DesensitizedUtils.DesensitizedType.EMAIL)) = "d*************@gmail.com.cn"
* DesensitizedUtil.desensitized("1234567890", DesensitizedUtils.DesensitizedType.PASSWORD)) = "**********"
* DesensitizedUtil.desensitized(" Sue D40000", DesensitizedUtils.DesensitizedType.CAR_LICENSE)) = " Sue D4***0"
* DesensitizedUtil.desensitized("11011111222233333256", DesensitizedUtils.DesensitizedType.BANK_CARD)) = "1101 **** **** **** 3256"
* </pre>
*
* @param str character string
* @param desensitizedType Desensitization type ; Can desensitize : user id、 Chinese name 、 ID number 、 Seat number 、 cell-phone number 、 Address 、 E-mail 、 password
* @return Desensitized string
* @author dazer and neusoft and qiaomu
* @since 5.6.2
*/
public static String desensitized(CharSequence str, DesensitizedType desensitizedType) {
if (StrUtil.isBlank(str)) {
return StrUtil.EMPTY;
}
String newStr = String.valueOf(str);
switch (desensitizedType) {
case USER_ID:
newStr = String.valueOf(DesensitizedUtils.userId());
break;
case CHINESE_NAME:
newStr = DesensitizedUtils.chineseName(String.valueOf(str));
break;
case ID_CARD:
newStr = DesensitizedUtils.idCardNum(String.valueOf(str), 1, 2);
break;
case FIXED_PHONE:
newStr = DesensitizedUtils.fixedPhone(String.valueOf(str));
break;
case MOBILE_PHONE:
newStr = DesensitizedUtils.mobilePhone(String.valueOf(str));
break;
case ADDRESS:
newStr = DesensitizedUtils.address(String.valueOf(str), 8);
break;
case EMAIL:
newStr = DesensitizedUtils.email(String.valueOf(str));
break;
case PASSWORD:
newStr = DesensitizedUtils.password(String.valueOf(str));
break;
case CAR_LICENSE:
newStr = DesensitizedUtils.carLicense(String.valueOf(str));
break;
case BANK_CARD:
newStr = DesensitizedUtils.bankCard(String.valueOf(str));
break;
default:
}
return newStr;
}
/**
* 【 user id】 No external supply userId
*
* @return Desensitized primary key
*/
public static Long userId() {
return 0L;
}
/**
* 【 Chinese name 】 Only the first Chinese character , Other hidden as 2 asterisk , such as : Li **
*
* @param fullName full name
* @return Name after desensitization
*/
public static String chineseName(String fullName) {
if (StrUtil.isBlank(fullName)) {
return StrUtil.EMPTY;
}
return StrUtil.hide(fullName, 1, fullName.length());
}
/**
* 【 ID number 】 front 1 position And after 2 position
*
* @param idCardNum Id card
* @param front Retain : Ahead front digit ; from 1 Start
* @param end Retain : hinder end digit ; from 1 Start
* @return The ID card after desensitization
*/
public static String idCardNum(String idCardNum, int front, int end) {
// ID card cannot be empty
if (StrUtil.isBlank(idCardNum)) {
return StrUtil.EMPTY;
}
// The length of interception must not exceed the length of the ID number.
if ((front + end) > idCardNum.length()) {
return StrUtil.EMPTY;
}
// The to be intercepted cannot be less than 0
if (front < 0 || end < 0) {
return StrUtil.EMPTY;
}
return StrUtil.hide(idCardNum, front, idCardNum.length() - end);
}
/**
* 【 fixed telephone The top four , The last two
*
* @param num fixed telephone
* @return Fixed line telephone after desensitization ;
*/
public static String fixedPhone(String num) {
if (StrUtil.isBlank(num)) {
return StrUtil.EMPTY;
}
return StrUtil.hide(num, 4, num.length() - 2);
}
/**
* 【 Phone number 】 Top three , after 4 position , Other hidden , such as 135****2210
*
* @param num Mobile phone ;
* @return Desensitized mobile phones ;
*/
public static String mobilePhone(String num) {
if (StrUtil.isBlank(num)) {
return StrUtil.EMPTY;
}
return StrUtil.hide(num, 3, num.length() - 4);
}
/**
* 【 Address 】 Only show to area , Do not show detailed address , such as : Haidian District, Beijing ****
*
* @param address Home address
* @param sensitiveSize Length of sensitive information
* @return Home address after desensitization
*/
public static String address(String address, int sensitiveSize) {
if (StrUtil.isBlank(address)) {
return StrUtil.EMPTY;
}
int length = address.length();
return StrUtil.hide(address, length - sensitiveSize, length);
}
/**
* 【 email 】 The mailbox prefix shows only the first letter , Prefix other hidden , Replace... With an asterisk ,@ And the following address display , such as :d**@126.com
*
* @param email mailbox
* @return Desensitized mailbox
*/
public static String email(String email) {
if (StrUtil.isBlank(email)) {
return StrUtil.EMPTY;
}
int index = StrUtil.indexOf(email, '@');
if (index <= 1) {
return email;
}
return StrUtil.hide(email, 1, index);
}
/**
* 【 password 】 All the characters of the password are * Instead of , such as :******
*
* @param password password
* @return Desensitized password
*/
public static String password(String password) {
if (StrUtil.isBlank(password)) {
return StrUtil.EMPTY;
}
return StrUtil.repeat('*', password.length());
}
/**
* 【 Chinese license plate 】 In the middle of the license plate * Instead of
* eg1:null -》 ""
* eg1:"" -》 ""
* eg3: Sue D40000 -》 Sue D4***0
* eg4: shan A12345D -》 shan A1****D
* eg5: Beijing A123 -》 Beijing A123 If it is the wrong license plate , Don't deal with
*
* @param carLicense Complete license plate number
* @return Desensitized license plate
*/
public static String carLicense(String carLicense) {
if (StrUtil.isBlank(carLicense)) {
return StrUtil.EMPTY;
}
// Ordinary license plate
if (carLicense.length() == 7) {
carLicense = StrUtil.hide(carLicense, 3, 6);
} else if (carLicense.length() == 8) {
// New energy license plate
carLicense = StrUtil.hide(carLicense, 3, 7);
}
return carLicense;
}
/**
* Bank card number desensitization
* eg: 1101 **** **** **** 3256
*
* @param bankCardNo Bank card number
* @return Bank card number after desensitization
* @since 5.6.3
*/
public static String bankCard(String bankCardNo) {
if (StrUtil.isBlank(bankCardNo)) {
return bankCardNo;
}
bankCardNo = StrUtil.trim(bankCardNo);
if (bankCardNo.length() < 9) {
return bankCardNo;
}
final int length = bankCardNo.length();
final int midLength = length - 8;
final StringBuilder buf = new StringBuilder();
buf.append(bankCardNo, 0, 4);
for (int i = 0; i < midLength; ++i) {
if (i % 4 == 0) {
buf.append(CharUtil.SPACE);
}
buf.append('*');
}
buf.append(CharUtil.SPACE).append(bankCardNo, length - 4, length);
return buf.toString();
}
}In fact, this step is normal , Desensitization can be achieved by replacement , Can be directly in the program , Just call the tool directly . But as a programmer who knows how to be lazy , I am definitely not satisfied with this . So we will further encapsulate
2、 Custom desensitization annotation
@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Sensitive {
DesensitizedType strategy() default DesensitizedType.NONE;
/**
* Whether to use dfa Algorithm
* @return
*/
boolean useDFA() default false;
/**
* dfa Sensitive character substitution , The default is replaced by "*"
* @return
*/
String dfaReplaceChar() default "*";
/**
* dfa Number of sensitive character replacements
* @return
*/
int dfaReplaceCharRepeatCount() default 1;
}3、 Use some framework features to improve efficiency
a、 If the project is already useful mybatis, You can use mybatis Interceptor characteristics . The implementation principle is to intercept the result of the response , Then desensitize the results
@Intercepts(@Signature(type = ResultSetHandler.class,method = "handleResultSets",args = Statement.class))
public class DesensitizedInterceptor implements Interceptor {
@Override
public Object intercept(Invocation invocation) throws Throwable {
List<Object> list = (List<Object>) invocation.proceed();
list.forEach(EntityUtils::desensitized);
return list;
}
}b、 If the project is based on springboot Of web project , You can use springboot Self contained jackson Custom serialization implementation . Its implementation is actually in json When serializing rendering to the front end , Desensitize .
If this is the case , You need to modify the user-defined annotation , add
@JacksonAnnotationsInside @JsonSerialize(using = DesensitizedJsonSerializer.class)
annotation . The shape is as follows
@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@JacksonAnnotationsInside
@JsonSerialize(using = DesensitizedJsonSerializer.class)
public @interface Sensitive {
DesensitizedType strategy() default DesensitizedType.NONE;
/**
* Whether to use dfa Algorithm
* @return
*/
boolean useDFA() default false;
/**
* dfa Sensitive character substitution , The default is replaced by "*"
* @return
*/
String dfaReplaceChar() default "*";
/**
* dfa Number of sensitive character replacements
* @return
*/
int dfaReplaceCharRepeatCount() default 1;
}The core code of serialization desensitization logic is as follows
public class DesensitizedJsonSerializer extends JsonSerializer<String> implements ContextualSerializer {
private Sensitive sensitive;
@Override
public void serialize(String s, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
jsonGenerator.writeString(EntityUtils.getDesensitizedValue(sensitive,s));
}
@Override
public JsonSerializer<?> createContextual(SerializerProvider serializerProvider, BeanProperty beanProperty) throws JsonMappingException {
sensitive = beanProperty.getAnnotation(Sensitive.class);
if(!ObjectUtils.isEmpty(sensitive) && String.class.isAssignableFrom(beanProperty.getType().getRawClass())){
return this;
}
return serializerProvider.findValueSerializer(beanProperty.getType(),beanProperty);
}
}Example
With json Take that as an example
1、 Define entity objects , Add desensitization annotation to the attribute to be desensitized
@Data
@EqualsAndHashCode(callSuper = false)
@AllArgsConstructor
@NoArgsConstructor
@Builder
public class UserDTO {
private Integer id;
private String username;
@Sensitive(strategy = DesensitizedType.PASSWORD)
private String password;
@Sensitive(strategy = DesensitizedType.CHINESE_NAME)
private String fullname;
@Sensitive(strategy = DesensitizedType.MOBILE_PHONE)
private String mobile;
@Sensitive(strategy = DesensitizedType.EMAIL)
private String email;
@Sensitive(useDFA = true,dfaReplaceChar = "#",dfaReplaceCharRepeatCount = 3)
private String remark;
}2、 Write a test controller
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@GetMapping(value="/list")
public AjaxResult listUsers(){
return AjaxResult.success(userService.listUserDTO());
}
}test result
Desensitization has been carried out as shown in the figure
Other options
1、 be based on Sharding Sphere Realize data desensitization
For specific implementation, please refer to the following article
https://jaskey.github.io/blog/2020/03/18/sharding-sphere-data-desensitization/
2、 Custom annotation formatting
The main steps are as follows
- 1、 Realization AnnotationFormatterFactory Interface
- 2、 Create a desensitization formatting class to implement Formatter
- 3、 take AnnotationFormatterFactory The implemented interface is registered to FormatterRegistry
For specific implementation, please refer to the following article
https://blog.csdn.net/qq_27081015/article/details/103295983
4、 utilize fastjson Desensitize
The main steps are as follows
- 1、 Realization ValueFilter Interface , stay process Desensitize
- 2、 To configure fastjson As the default JSON transformation
/**
* To configure fastjson As the default JSON transformation
*
* @return
*/
@Bean
public HttpMessageConverters fastJsonHttpMessageConverters() {
// 1. Define a converters Transform the object of the message
FastJsonHttpMessageConverter fastConverter = new FastJsonHttpMessageConverter();
// 2. add to fastjson Configuration information , such as : Whether to format the returned json data
FastJsonConfig fastJsonConfig = new FastJsonConfig();
fastJsonConfig.setSerializerFeatures(SerializerFeature.PrettyFormat);
fastJsonConfig.setSerializeFilters(new ValueDesensitizeFilter());// Add your own interceptor
// 3. stay converter Add configuration information to
fastConverter.setFastJsonConfig(fastJsonConfig);
// 4. take converter Assign a value to HttpMessageConverter
HttpMessageConverter<?> converter = fastConverter;
// 5. return HttpMessageConverters object
return new HttpMessageConverters(converter);
}For specific implementation, please refer to the following article
https://blog.csdn.net/qq_27081015/article/details/103297316
5、 utilize mybatis-mate
mybatis-plus Enterprises ( Elegant data processing ) modular , Configure the authorization code when using . as follows
mybatis-mate:
cert:
grant: jinTianYiXueKe
license: GKXP9r4MCJhGID/DTGigcBcLmZjb1YZGjE4GXaAoxbtGsPC20sxpEtiUr2F7Nb1ANTUekvF6Syo6DzraA4M4oacwoLVTglzfvaEyUogW8L7mydqlsZ4+hlm20kK85eLJK1QsskrSJmreMnEaNh9lsV7Lpbxy9JeGCeM0HPEbRvq8Y+8dUt5bQYLklsa3ZIBexir+4XykZY15uqn1pYIp4pEK0+aINTa57xjJNoWuBIqm7BdFIb4l1TAcPYMTsMXhF5hfMmKD2h391HxWTshJ6jbt4YqdKD167AgeoM+B+DE1jxlLjcpskY+kFs9piOS7RCcmKBBUOgX2BD/JxhR2gQ==His implementation mechanism is to use json Serialize that , If you are interested, please refer to the following links
https://gitee.com/baomidou/mybatis-mate-examples
In this paper, the demo It's also based on mybatis-mate Realize desensitization , Links are as follows
summary
Sometimes business scenarios can be implemented in a variety of ways , We should know how to judge , For example, if the above scheme is useless for your project mybatis, But in order to desensitize and introduce mybatis, This solution adds extra complexity , It is estimated that there will be a lot of trouble in the later maintenance
demo link
https://github.com/lyb-geek/springboot-learning/tree/master/springboot-desensitization
边栏推荐
- How do I open an account? Is it safe to open an account in Guohai Securities? What do you need to bring?
- Excel text function
- 【Golang】快速复习指南QuickReview(十)——goroutine池
- JS advanced programming version 4: generator learning
- Easyplayer player error 502 bad gateway problem analysis
- Process injection
- [golang] follow the object pool sync Pool
- JS regular ignore case
- JS mailbox regular expression
- The substring() method in. JS can be used to intercept all characters after the specified string
猜你喜欢
Application of JDBC in performance test
Use of the vs2022scanf function. An error is reported when using scanf - the return value is ignored: Solutions
3000 frame animation illustrating why MySQL needs binlog, redo log and undo log
Yaokui tower in Fengjie, Chongqing, after its completion, will be the safety tower for Sichuan river shipping with five local scholars in the company
Applet development framework recommendation
Implementing MySQL fuzzy search with node and express
JS advanced programming version 4: generator learning
FPGA based electromagnetic ultrasonic pulse compression detection system paper + source file
随机推荐
Troubleshooting of black screen after easynvr is cascaded to the upper platform and played for one minute
【TypeScript】在实战中的一些总结
【Golang】跟着源码学技巧系列之对象池sync.Pool
[golang] quick review guide quickreview (IV) -- functions
【Golang】怎么实现Go程序的实时热更新
Script tag attributes and & lt; noscript&gt; label
[golang] quick review guide quickreview (VIII) -- goroutine
How to build Tencent cloud game server? Differences between cloud game platforms and ordinary games
What software is safe to use to fight new debts? What are the new bond platforms
Full instructions for databinding
Easyplayer player error 502 bad gateway problem analysis
What is the role of short video AI intelligent audit? Why do I need intelligent auditing?
Pathname attribute of link a object
打新债到底是用什么软件比较安全?打新债平台有哪些
[golang] some questions to strengthen slice
Is it possible to transfer files on the fortress server? How to operate?
What is the process of setting up local cloud on demand? Can cloud on demand audit videos?
ntpupdate. tencentyun. Com has been eliminated
How to make a commodity price tag
. Net Core 3. X MVC built-in log extension log4net