现实生活中,我们会看到电话号码等敏感信息隐藏显示的情况,eg.137****7924,那怎么才能保证敏感字段的安全性呢?
步骤 :
step1:通过sql语句保证敏感信息的安全性
step2:建立视图
step3:java调用视图
sql语句如下:
create view customer_info1 as
select replace(initiative_phone,SUBSTR(initiative_phone,4,4),'****'),customer_id,call_time,sum_time,call_result from crm
或者
create view customer_info as
select concat(left(initiative_phone,3),'****',right(initiative_phone,4))'tel',customer_id,call_time,sum_time,call_result from crm
结果如图:
已经创建好包含敏感信息的视图customer_info,在java中直接调用视图就可以了,万变不离其宗,前面已经写过如何用java调用表了,调用视图是一样的。
具体代码如下所示:
DBUtil类:用来java程序与数据库的连接
package NoSensitiveSelect;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
public class DBUtil {
static{
//加载驱动
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
static Connection con=null;
//构造方法私有化
private DBUtil(){
}
//开始连接
public static Connection getConnection() throws SQLException {
con= DriverManager.getConnection("jdbc:mysql://localhost:3306/class?","root","root");
return con;
}
//关闭连接
public static void closeConnection() throws SQLException {
con.close();
}
}
DBService:实现具体的操作
package NoSensitiveSelect;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
public class DBService {
String sql=null;
PreparedStatement PS;
ResultSet res;
List<Customer> list = new ArrayList<Customer>();
public List<Customer> select() throws SQLException {
//编写sql语句
sql="select * from customer_info";
//编译
PS=DBUtil.getConnection().prepareStatement(sql);
//执行
res = PS.executeQuery();
while(res.next()){
Customer cu = new Customer();
String phone = res.getString("concat(left(initiative_phone,3),'****',right(initiative_phone,4))");
int id = res.getInt("customer_id");
Timestamp call_time = res.getTimestamp("call_time");
int sum_time = res.getInt("sum_time");
int call_result = res.getInt("call_result");
cu.setInitiative_phone(phone);
cu.setCustomer_id(id);
cu.setCall_time(call_time);
cu.setSum_time(sum_time);
cu.setCall_result(call_result);
list.add(cu);
}
return list;
}
}
Customer类:实体类,用来存储信息
package NoSensitiveSelect;
import java.sql.Date;
import java.sql.Time;
import java.sql.Timestamp;
public class Customer {
private String initiative_phone;
private int customer_id;
private Timestamp call_time;
private int sum_time;
private int call_result;
public Customer(){
}
public Customer(String initiative_phone, int customer_id, Timestamp call_time, int sum_time, int call_result) {
this.initiative_phone = initiative_phone;
this.customer_id = customer_id;
this.call_time = call_time;
this.sum_time = sum_time;
this.call_result = call_result;
}
public String getInitiative_phone() {
return initiative_phone;
}
public void setInitiative_phone(String initiative_phone) {
this.initiative_phone = initiative_phone;
}
public int getCustomer_id() {
return customer_id;
}
public void setCustomer_id(int customer_id) {
this.customer_id = customer_id;
}
public Timestamp getCall_time() {
return call_time;
}
public void setCall_time(Timestamp call_time) {
this.call_time = call_time;
}
public int getSum_time() {
return sum_time;
}
public void setSum_time(int sum_time) {
this.sum_time = sum_time;
}
public int getCall_result() {
return call_result;
}
public void setCall_result(int call_result) {
this.call_result = call_result;
}
@Override
public String toString() {
return
"客户电话:" + initiative_phone + '\'' +
",客户编号" + customer_id +
", 电话时间:" + call_time +
", 通话总时长:" + sum_time +
", 业务:" + call_result+"\n";
}
}
Test类:测试类
package NoSensitiveSelect;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.List;
public class Test {
public static void main(String[] args) throws SQLException {
//1.建立连接
Connection con = DBUtil.getConnection();
//2.调用查询方法
DBService service = new DBService();
List list = service.select();
System.out.println(list);
//关闭连接
DBUtil.closeConnection();
}
}
结果如下图所示: