为了保护用户隐私,需要对敏感信息进行脱敏处理,如:姓名、电话号码、身份证
基于jackson,通过自定义注解的方式实现数据脱敏
添加依赖spring-web、spring-boot-starter-web已经集成了jackson相关包,不用添加
脱敏注解com.fasterxml.jackson.core jackson-core com.fasterxml.jackson.core jackson-annotations com.fasterxml.jackson.core jackson-databind
DesensitizationProcessor.class: 脱敏处理器
@Retention(RetentionPolicy.RUNTIME)
@JacksonAnnotationsInside
@JsonSerialize(using = DesensitizationProcessor.class)
public @interface Desensitization {
Class value();
}
脱敏处理器
public class DesensitizationProcessor extends JsonSerializer脱敏类 脱敏父类implements ContextualSerializer { private AbstractDesensitization desensitization; public DesensitizationProcessor() { } public DesensitizationProcessor(AbstractDesensitization desensitization) { this.desensitization = desensitization; } @Override public void serialize(String s, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException { jsonGenerator.writeString(desensitization.serialize(s));; } @Override public JsonSerializer createContextual(SerializerProvider serializerProvider, BeanProperty beanProperty) throws JsonMappingException { JsonSerializer jsonSerializer = null; if(null == beanProperty) jsonSerializer = serializerProvider.findNullValueSerializer(beanProperty); if(!Objects.equals(beanProperty.getType().getRawClass(), String.class)) jsonSerializer = serializerProvider.findValueSerializer(beanProperty.getType(), beanProperty); if(Objects.equals(beanProperty.getType().getRawClass(), String.class)){ jsonSerializer = setDesensitization(jsonSerializer, beanProperty); } return jsonSerializer; } private JsonSerializer setDesensitization(JsonSerializer jsonSerializer, BeanProperty beanProperty) { Desensitization desensitization = beanProperty.getAnnotation(Desensitization.class); if (desensitization == null) desensitization = beanProperty.getContextAnnotation(Desensitization.class); if (desensitization != null) { //设置脱敏实例 try { jsonSerializer = new DesensitizationProcessor(desensitization.value().newInstance()); } catch (InstantiationException e) { e.printStackTrace(); } catch (IllegalAccessException e) { e.printStackTrace(); } } return jsonSerializer; } }
子类通过继承AbstractDesensitization实现扩展
public abstract class AbstractDesensitization {
public abstract String serialize(String value);
}
中文姓名脱敏
public class ChineseNameDesensitization extends AbstractDesensitization {
@Override
public String serialize(String value) {
String serializeValue = "";
if(value.length() < 3){
serializeValue = value.replaceAll(".*(?=[\u4e00-\u9fa5])","*");
}else{
serializeValue = value.replaceAll("(?<=[\u4e00-\u9fa5]).*(?=[\u4e00-\u9fa5])","*");
}
return serializeValue;
}
}
手机号脱敏
public class MobilePhoneDesensitization extends AbstractDesensitization {
@Override
public String serialize(String value) {
return value.replaceAll("(\d{3})\d{4}(\d{4})","$1****$2");
}
}
身份证脱敏
public class IdCardDesensitization extends AbstractDesensitization {
@Override
public String serialize(String value) {
return value.replaceAll("(?<=\w{3})\w(?=\w{4})","*");
}
}
测试
新建UserController,查询用户信息
@RestController
public class UserController {
@GetMapping("/users")
private List users() throws Exception {
List girls = new ArrayList<>();
User user = new User();
user.setName("西施");
user.setAge(18);
user.setIdCard("123456789123456202");
user.setMobilePhone("12345678901");
User user2 = new User();
user2.setName("杨贵妃");
user2.setAge(18);
user2.setIdCard("123456789123456202");
user2.setMobilePhone("12345678901");
User user3 = new User();
user3.setName("古代四大美女之一 * 貂蝉");
user3.setAge(18);
user3.setIdCard("123456789123456202");
user3.setMobilePhone("12345678901");
User user4 = new User();
user4.setName("古代四大美女之一 * 王昭君");
user4.setAge(18);
user4.setIdCard("123456789123456202");
user4.setMobilePhone("12345678901");
User user5 = new User();
user5.setName(null);
user5.setAge(18);
user5.setIdCard(null);
user5.setMobilePhone(null);
girls.add(user);
girls.add(user2);
girls.add(user3);
girls.add(user4);
girls.add(user5);
return girls;
}
}
返回json效果
