Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking
  3. Rules
  4. Connection Rules
  5. Security Rules
  6. Security Rule Set Simulator
  7. Masking Functions
  8. Stored Procedure Result Set Masking
  9. Integration with Informatica Products
  10. Appendix A: XML Functions Reference
  11. Appendix B: Glossary

Java Class Example

Java Class Example

The following text is an example of a Java class that you can use as a Java matcher:
import com.activebase.rule.*; public class ExampleJM { public static boolean match(RuleContext ctx) { String user = ctx.getSymbol("APPLICATION_USERNAME"); if (user==null || "".equals(user.trim())) { user = ctx.getSymbol(RuleContext.OS_USER); } if (!"FRED".equals(user.toUpperCase())) { return true; } return false; } }
The Java matcher runs the match method. The method uses the
getSymbol
invocation of the
RuleContext
object to return a value for the user based on the value in the user-defined APPLICATION_USERNAME symbol. If the value is null, the matcher obtains the operating system user name from the appropriate Dynamic Data Masking symbol name from RuleContext.OS_USER.
The method compares the symbol value to
FRED
and returns a match if they are different. To apply a masking function to requests that do not come from FRED, use the Mask rule action. Select the Stop if Applied processing action because FRED is the only user who is authorized to view unmasked data. If the user is not FRED, Dynamic Data Masking applies the masking action.
To retrieve the user name, create a security rule in the rule set with the Java matcher rule, higher in the rule sequence in the rule tree than the Java matcher rule. In the security rule, select the Text matcher and enter a regular expression to retrieve the user name from the request statement. Select the Define Symbol rule action and assign the user name to the APPLICATION_USERNAME symbol.
The incoming SELECT statement has a tag at the end, which consists of two consecutive hyphens (--) followed by a string. The string is the user name that the Java matcher uses for comparison.
To specify the consecutive hyphens as a place holder and capture the text after the place holder, enter the following expression:
.*--(.*)
The
(.*)
component of the regular expression captures the text. The Define Symbol rule action in the security rule references the text with the following regular expression markup:
\(1)
From the regular expression, the Define Symbol action defines the symbol name as APPLICATION_USERNAME and defines the value as
\(1)
.
For example, when the user Scott views the customer information screen, the application submits the following query to the database:
select customer_name from customer --Scott
The Text matcher captures the text
Scott
after the consecutive hyphens. The Define Symbol action sets the APPLICATION_USERNAME symbol to the value
Scott
. The Java matcher compares the APPLICATION_USERNAME symbol value to the value
FRED
. If you did not define the APPLICATION_USERNAME symbol in a previous security rule, the Java matcher instead compares FRED to a predefined Dynamic Data Masking symbol. Because the values in this example are not equal, the Java matcher returns a value of
True
and the Rule Engine applies the masking rule action in the Java matcher rule.
However, if the application submits the following query:
select customer_name from customer --Fred
The Java matcher returns a value of
True
, the Rule Engine does not apply the rule action in the Java matcher rule, and Fred can view masked data.

0 COMMENTS

We’d like to hear from you!