Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking
  3. Rules
  4. Connection Rules
  5. Security Rules
  6. Security Rule Set Simulator
  7. Masking Functions
  8. Stored Procedure Result Set Masking
  9. Integration with Informatica Products
  10. XML Functions Reference
  11. Glossary

Java Class Example

Java Class Example

The following text is an example of a Java class that you can use as a Java matcher:
import com.activebase.rule.*; public class ExampleJM { public static boolean match(RuleContext ctx) { String user = ctx.getSymbol("APPLICATION_USERNAME"); if (user==null || "".equals(user.trim())) { user = ctx.getSymbol(RuleContext.OS_USER); } if (!"FRED".equals(user.toUpperCase())) { return true; } return false; } }
The Java matcher runs the match method. The method uses the
getSymbol
invocation of the
RuleContext
object to return a value for the user based on the value in the user-defined APPLICATION_USERNAME symbol. If the value is null, the matcher obtains the operating system user name from the appropriate Dynamic Data Masking symbol name from RuleContext.OS_USER.
The method compares the symbol value to
FRED
and returns a match if they are different. You can use the Mask rule action to apply a masking function to requests that do not come from FRED. Select the Stop if Applied processing action because the only user that has authorization to see unmasked data is FRED. If the user is not FRED, Dynamic Data Masking applies the masking action.
To retrieve the user name, create a security rule in the rule set with the Java matcher rule, higher in the rule sequence in the rule tree than the Java matcher rule. In the security rule, select the Text matcher and enter a regular expression to retrieve the user name from the request statement. Select the Define Symbol rule action and assign the user name to the APPLICATION_USERNAME symbol.
The incoming SELECT statement has a tag at the end, which is a two consecutive hyphens (--) followed by a string. The string is the user name that the Java matcher uses for comparison.
Use the following regular expression that treats the consecutive hyphens as a place holder and captures the text after the place holder:
.*--(.*)
The
(.*)
component of the regular expression captures the text and the Define Symbol rule action in the security rule references the text with the following regular expression markup:
\(1)
The Define Symbol action defines the symbol name as APPLICATION_USERNAME and the value as
\(1)
from the regular expression.
For example, when the user Scott views the customer information screen, the application submits the following query to the database:
select customer_name from customer --Scott
The Text matcher captures the text
Scott
after the consecutive hyphens. The Define Symbol action sets the APPLICATION_USERNAME symbol to the value
Scott
. The Java matcher compares the APPLICATION_USERNAME symbol value to the value
FRED
. If you did not define the APPLICATION_USERNAME symbol in a previous security rule, the Java matcher instead compares FRED to a predefined Dynamic Data Masking symbol. Because the values in this example not equal, the Java matcher returns a value of true and the Rule Engine applies the masking rule action in the Java matcher rule.
However, if the application submits the following query:
select customer_name from customer --Fred
The Java matcher returns a value of true and the Rule Engine does not apply the rule action in the Java matcher rule and allows Fred to see masked data.

0 COMMENTS

We’d like to hear from you!