MyBatis学习笔记-数据脱敏

如果项目需要对一些特殊、敏感的数据进行脱敏处理。根据实际的需求可以考虑在读写的过程中分别做脱敏操作。
一、写过程参数脱敏
主要是使用mybatis框架提供的Interceptor实现。需要考虑不同类型的参数解析处理方式不同。
java 复制代码
@Slf4j
@AllArgsConstructor
@Intercepts({@Signature(type = ParameterHandler.class, method = "setParameters", args = PreparedStatement.class)})
public class ParameterDesensitizationInterceptor extends ParameterInterceptor implements Interceptor {

    private final DesensitizationProperties desensitizationProperties;

    @Override
    public Object intercept(Invocation invocation) throws Throwable {
        return handleInvocation(invocation);
    }

    @Override
    public Map<String, List<String>> getObjectFieldsMap() {
        return desensitizationProperties.getObjectFieldsMap();
    }

    @Override
    public Object handleObjectField(Object objectFieldValue) {
        // 暂时只处理字符串类型
        return StringUtils.mask(String.valueOf(objectFieldValue), desensitizationProperties.getStartPosition(),
            desensitizationProperties.getEndPosition(), desensitizationProperties.getMaskChar());
    }

}
java 复制代码
@Slf4j
public abstract class ParameterInterceptor extends AbstractInterceptor {

    /**
     * handle invocation
     * @param invocation
     * @return
     * @throws Throwable
     */
    protected Object handleInvocation(Invocation invocation) throws Throwable {
        ParameterHandler parameterHandler = (ParameterHandler) invocation.getTarget();
        MetaObject metaObject = MetaObject.forObject(parameterHandler, SystemMetaObject.DEFAULT_OBJECT_FACTORY,
            SystemMetaObject.DEFAULT_OBJECT_WRAPPER_FACTORY, new DefaultReflectorFactory());
        Object parameterObject = parameterHandler.getParameterObject();
        if (null == parameterObject) {
            return invocation.proceed();
        }
        Class<Object> parameterizedType = getParameterizedType((MappedStatement) metaObject.getValue("mappedStatement"));
        List<String> fields = getObjectFieldsMap().get(parameterizedType.getName());
        if (null == fields || fields.isEmpty()) {
            return invocation.proceed();
        }
        if (parameterObject instanceof Map) {
            Map<String, Object> parameterMapObject = (Map<String, Object>) parameterObject;
            if (parameterMapObject.containsKey(com.baomidou.mybatisplus.core.toolkit.Constants.ENTITY)) {
                // handle entity object
                Object etObject = parameterMapObject.get(com.baomidou.mybatisplus.core.toolkit.Constants.ENTITY);
                if (null != etObject) {
                    handleObjectFields(etObject);
                }
            } if (parameterMapObject.containsKey(com.baomidou.mybatisplus.core.toolkit.Constants.WRAPPER)) {
                // handle wrapper object
                handleObjectFields(metaObject, fields);
            } else {
                // handle map object
                handleObjectFields(parameterizedType, parameterMapObject);
            }
        } else {
            handleObjectFields(parameterObject);
        }
        return invocation.proceed();
    }

}
二、读过程结果脱敏
主要是使用mybatis框架提供的Interceptor实现。
java 复制代码
@Slf4j
@AllArgsConstructor
@Intercepts({@Signature(type = ResultSetHandler.class, method = "handleResultSets", args = Statement.class)})
public class ResultSetDesensitizationInterceptor extends ResultSetInterceptor implements Interceptor {

    private final DesensitizationProperties desensitizationProperties;

    @Override
    public Object intercept(Invocation invocation) throws Throwable {
        return handleInvocation(invocation);
    }

    @Override
    public Map<String, List<String>> getObjectFieldsMap() {
        return desensitizationProperties.getObjectFieldsMap();
    }

    @Override
    public Object handleObjectField(Object objectFieldValue) {
        // 暂时只处理字符串类型
        return StringUtils.mask(String.valueOf(objectFieldValue), desensitizationProperties.getStartPosition(),
            desensitizationProperties.getEndPosition(), desensitizationProperties.getMaskChar());
    }

}
java 复制代码
@Slf4j
public abstract class ResultSetInterceptor extends AbstractInterceptor {

    /**
     * handle invocation
     * @param invocation
     * @return
     * @throws Throwable
     */
    protected Object handleInvocation(Invocation invocation) throws Throwable {
        Object proceed = invocation.proceed();
        if (null == proceed) {
            return null;
        }
        if (proceed instanceof List) {
            ((List<?>) proceed).forEach(this::handleObjectFields);
        } else {
            handleObjectFields(proceed);
        }
        return proceed;
    }

}

总体来说,数据字段的脱敏操作没有那么复杂,可以根据自身的需求更加细粒度的控制实现。

相关推荐
suweijie7683 小时前
SpringCloudAlibaba | Sentinel从基础到进阶
java·大数据·sentinel
公贵买其鹿4 小时前
List深拷贝后,数据还是被串改
java
xlsw_7 小时前
java全栈day20--Web后端实战(Mybatis基础2)
java·开发语言·mybatis
神仙别闹8 小时前
基于java的改良版超级玛丽小游戏
java
黄油饼卷咖喱鸡就味增汤拌孜然羊肉炒饭8 小时前
SpringBoot如何实现缓存预热?
java·spring boot·spring·缓存·程序员
暮湫8 小时前
泛型(2)
java
超爱吃士力架8 小时前
邀请逻辑
java·linux·后端
南宫生8 小时前
力扣-图论-17【算法学习day.67】
java·学习·算法·leetcode·图论
转码的小石8 小时前
12/21java基础
java
李小白669 小时前
Spring MVC(上)
java·spring·mvc