Implementing Data Masking in MySQL and Java Using MyBatis‑Mate Sensitive Jackson

This guide explains step‑by‑step how to achieve data masking (desensitization) for common personal information fields in both the database layer and the Java application layer.

1. SQL data masking – Using MySQL string functions CONCAT() , LEFT() and RIGHT() to hide parts of phone numbers and ID cards. Example:

SELECT mobilePhone AS originalPhone,
       CONCAT(LEFT(mobilePhone,3),'********') AS maskedPhone
FROM t_s_user;

SELECT idcard AS originalId,
       CONCAT(LEFT(idcard,3),'****',RIGHT(idcard,4)) AS maskedId
FROM t_s_user;

2. Java data masking – Introduces the open‑source sensitive‑plus library and the newer mybatis‑mate‑sensitive‑jackson module, which supports address, bank card, name, phone, ID, password, etc., via regular‑expression or length‑based strategies.

3. Project setup – Provides the Maven pom.xml dependencies (MySQL driver, MyBatis‑Mate, Spring Boot) and the application.yml configuration, including a placeholder for a test license.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" ...>
    <parent>
        <groupId>com.baomidou</groupId>
        <artifactId>mybatis‑mate‑examples</artifactId>
        <version>0.0.1‑SNAPSHOT</version>
    </parent>
    <artifactId>mybatis‑mate‑sensitive‑jackson</artifactId>
    <dependencies>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql‑connector‑java</artifactId>
        </dependency>
    </dependencies>
</project>

4. Custom strategy configuration – Defines a Spring @Configuration class that registers a user‑defined strategy named testStrategy :

@Configuration
public class SensitiveStrategyConfig {
    @Bean
    public ISensitiveStrategy sensitiveStrategy() {
        return new SensitiveStrategy()
            .addStrategy("testStrategy", t -> t + "***test***");
    }
}

5. Entity definition – Shows a Lombok‑enabled User class where fields are annotated with @FieldSensitive to specify built‑in strategies (e.g., SensitiveType.mobile ) or the custom testStrategy :

@Getter @Setter
public class User {
    private Long id;
    @FieldSensitive("testStrategy")
    private String username;
    @FieldSensitive(SensitiveType.mobile)
    private String mobile;
    @FieldSensitive(SensitiveType.email)
    private String email;
}

6. Mapper and controller – Provides a MyBatis UserMapper extending BaseMapper<User> and a UserController exposing three endpoints:

/info – returns a single masked user.

/list – returns a list of users with masking applied (unless skip=1 is passed, which calls RequestDataTransfer.skipSensitive() to bypass masking).

/map – demonstrates nested object masking and manual strategy invocation.

@RestController
public class UserController {
    @Autowired private UserMapper userMapper;
    @Autowired private ISensitiveStrategy sensitiveStrategy;

    @GetMapping("/info")
    public User info() { return userMapper.selectById(1L); }

    @GetMapping("/list")
    public List
list(HttpServletRequest request) {
        if ("1".equals(request.getParameter("skip"))) {
            RequestDataTransfer.skipSensitive();
        }
        return userMapper.selectList(null);
    }

    @GetMapping("/map")
    public Map
map() {
        Map
m = new HashMap<>();
        m.put("user", userMapper.selectById(1L));
        m.put("mobile", sensitiveStrategy.getStrategyFunctionMap()
            .get(SensitiveType.mobile).apply("15315388888"));
        return m;
    }
}

7. Test results – Shows JSON responses from /list with masked fields (e.g., phone numbers become 153******81 ) and from /list?skip=1 where original values are returned.

Overall, the article provides a complete, reproducible example of integrating data‑masking logic at both the SQL and application layers, making it a practical reference for developers concerned with protecting personal data.