springboot拦截器自定义注解实现敏感数据脱敏展示
1:新建自定义注解
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.FIELD, ElementType.PARAMETER, ElementType.ANNOTATION_TYPE})
public @interface Desensitization {
//脱敏类型
SensitiveTypeEnum type();
}
2:定义脱敏类型枚举
public enum SensitiveTypeEnum {
/**
* 中文名
*/
CHINESE_NAME,
/**
* 身份证号
*/
ID_CARD,
/**
* 座机号
*/
FIXED_PHONE,
/**
* 手机号
*/
MOBILE_PHONE,
/**
* 地址
*/
ADDRESS,
/**
* 电子邮件
*/
EMAIL,
/**
* 银行卡
*/
BANK_CARD,
/**
* 密码
*/
PASSWORD,
/**
* 车牌号
*/
CARNUMBER;
}3:实现AnnotationFormatterFactory接口
public class DesensitizationAnnotationFormatterFactory implements AnnotationFormatterFactory {
@Override
public Set> getFieldTypes() {
Set> hashSet = new HashSet<>();
hashSet.add(String.class);
return hashSet;
}
@Override
public Printer getPrinter(Desensitization annotation, Class fieldType) {
return getFormatter(annotation);
}
@Override
public Parser getParser(Desensitization annotation, Class fieldType) {
return getFormatter(annotation);
}
private DesensitizationFormatter getFormatter(Desensitization desensitization) {
DesensitizationFormatter formatter = new DesensitizationFormatter();
formatter.setTypeEnum(desensitization.type());
return formatter;
}
} 4:创建DesensitizedFormatter 格式化类实现Formatter
public class DesensitizationFormatter implements Formatter {
private SensitiveTypeEnum typeEnum;
public SensitiveTypeEnum getTypeEnum() {
return typeEnum;
}
public void setTypeEnum(SensitiveTypeEnum typeEnum) {
this.typeEnum = typeEnum;
}
@Override
public String parse(String valueStr, Locale locale) throws ParseException {
if (StringUtils.isNotBlank(valueStr)) {
switch (typeEnum) {
case CHINESE_NAME:
valueStr = DesensitizationUtils.chineseName(valueStr);
break;
case ID_CARD:
valueStr = DesensitizationUtils.idCardNum(valueStr);
break;
case FIXED_PHONE:
valueStr = DesensitizationUtils.fixedPhone(valueStr);
break;
case MOBILE_PHONE:
valueStr = DesensitizationUtils.mobilePhone(valueStr);
break;
case ADDRESS:
valueStr = DesensitizationUtils.address(valueStr, 4);
break;
case EMAIL:
valueStr = DesensitizationUtils.email(valueStr);
break;
case BANK_CARD:
valueStr = DesensitizationUtils.bankCard(valueStr);
break;
case PASSWORD:
valueStr = DesensitizationUtils.password(valueStr);
break;
case CARNUMBER:
valueStr = DesensitizationUtils.carNumber(valueStr);
break;
default:
}
}
return valueStr;
}
@Override
public String print(String s, Locale locale) {
return s;
}
}
5:创建格式化工具类DesensitizedUtils,展示方式可自定义
public class DesensitizationUtils {
/**
* 【中文姓名】只显示第一个汉字,其他隐藏为2个星号,比如:李**
*
* @param fullName
* @return
*/
public static String chineseName(String fullName) {
if (StringUtils.isBlank(fullName)) {
return "";
}
String name = StringUtils.left(fullName, 1);
return StringUtils.rightPad(name, StringUtils.length(fullName), "*");
}
/**
* 【身份证号】显示前6后4,其他隐藏。共计18位或者15位,比如:*************1234
*
* @param id
* @return
*/
public static String idCardNum(String id) {
if (StringUtils.isBlank(id)) {
return "";
}
return StringUtils.left(id, 6).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(id, 4), StringUtils.length(id), "*"), "******"));
}
/**
* 【固定电话 后四位,其他隐藏,比如1234
*
* @param num
* @return
*/
public static String fixedPhone(String num) {
if (StringUtils.isBlank(num)) {
return "";
}
return StringUtils.leftPad(StringUtils.right(num, 4), StringUtils.length(num), "*");
}
/**
* 【手机号码】前三位,后四位,其他隐藏,比如135******10
*
* @param num
* @return
*/
public static String mobilePhone(String num) {
if (StringUtils.isBlank(num)) {
return "";
}
return StringUtils.left(num, 3).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(num, 4), StringUtils.length(num), "*"), "***"));
}
/**
* 【地址】只显示到地区,不显示详细地址,比如:北京市海淀区****
*
* @param address
* @param sensitiveSize 敏感信息长度
* @return
*/
public static String address(String address, int sensitiveSize) {
if (StringUtils.isBlank(address)) {
return "";
}
int length = StringUtils.length(address);
return StringUtils.rightPad(StringUtils.left(address, length - sensitiveSize), length, "*");
}
/**
* 【电子邮箱 邮箱前缀仅显示3个字母,前缀其他隐藏,用星号代替,@及后面的地址显示,比如:d**@126.com>
*
* @param email
* @return
*/
public static String email(String email) {
if (StringUtils.isBlank(email)) {
return "";
}
int index = StringUtils.indexOf(email, "@");
if (index <= 1) {
return email;
} else {
return StringUtils.rightPad(StringUtils.left(email, 3), index, "*").concat(StringUtils.mid(email, index, StringUtils.length(email)));
}
}
/**
* 【银行卡号】前六位,后四位,其他用星号隐藏每位1个星号,比如:6222600**********1234>
*
* @param cardNum
* @return
*/
public static String bankCard(String cardNum) {
if (StringUtils.isBlank(cardNum)) {
return "";
}
return StringUtils.left(cardNum, 6).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(cardNum, 4), StringUtils.length(cardNum), "*"), "******"));
}
/**
* 【密码】密码的全部字符都用*代替,比如:******
*
* @param password
* @return
*/
public static String password(String password) {
if (StringUtils.isBlank(password)) {
return "";
}
String pwd = StringUtils.left(password, 0);
return StringUtils.rightPad(pwd, StringUtils.length(password), "*");
}
/**
* 【车牌号】前两位后一位,比如:苏M****5
*
* @param carNumber
* @return
*/
public static String carNumber(String carNumber) {
if (StringUtils.isBlank(carNumber)) {
return "";
}
return StringUtils.left(carNumber, 2).
concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(carNumber, 1), StringUtils.length(carNumber), "*"), "**"));
}
}
6:新建 ValueDesensitizeFilter 实现 ValueFilter
public class ValueDesensitizeFilter implements ValueFilter {
@Override
public Object process(Object object, String name, Object value) {
if (null == value || !(value instanceof String) || ((String) value).length() == 0) {
return value;
}
try {
Field field = object.getClass().getDeclaredField(name);
Desensitization desensitization;
if (String.class != field.getType() || (desensitization = field.getAnnotation(Desensitization.class)) == null) {
return value;
}
String valueStr = (String) value;
SensitiveTypeEnum type = desensitization.type();
switch (type) {
case ID_CARD:
return DesensitizationUtils.idCardNum(valueStr);
case MOBILE_PHONE:
return DesensitizationUtils.mobilePhone(valueStr);
case CHINESE_NAME:
return DesensitizationUtils.chineseName(valueStr);
case FIXED_PHONE:
return DesensitizationUtils.fixedPhone(valueStr);
case ADDRESS:
return DesensitizationUtils.address(valueStr,4);
case EMAIL:
return DesensitizationUtils.email(valueStr);
case BANK_CARD:
return DesensitizationUtils.bankCard(valueStr);
case PASSWORD:
return DesensitizationUtils.password(valueStr);
case CARNUMBER:
return DesensitizationUtils.carNumber(valueStr);
default:
}
} catch (NoSuchFieldException e) {
return value;
}
return value;
}
}
7:将DesensitizedAnnotationFormatterFactory添加到spring配置文件中
@Configuration
public class WebMvcConfiguration implements WebMvcConfigurer {
@Override
public void addFormatters(FormatterRegistry registry) {
registry.addFormatterForFieldAnnotation(new DesensitizationAnnotationFormatterFactory());
}
@Bean
public HttpMessageConverters fastJsonHttpMessageConverters() {
// 1.定义一个converters转换消息的对象
FastJsonHttpMessageConverter fastConverter = new FastJsonHttpMessageConverter();
// 2.添加fastjson的配置信息,比如: 是否需要格式化返回的json数据
FastJsonConfig fastJsonConfig = new FastJsonConfig();
fastJsonConfig.setSerializerFeatures(SerializerFeature.PrettyFormat);
fastJsonConfig.setSerializerFeatures(SerializerFeature.WriteMapNullValue);
//添加自己写的拦截器
fastJsonConfig.setSerializeFilters(new ValueDesensitizeFilter());
// 3.在converter中添加配置信息
fastConverter.setFastJsonConfig(fastJsonConfig);
// 4.将converter赋值给HttpMessageConverter
HttpMessageConverter converter = fastConverter;
// 5.返回HttpMessageConverters对象
return new HttpMessageConverters(converter);
}
}8:实体类测试
@ApiModelProperty(name = "客户姓名")
@Desensitization(type = SensitiveTypeEnum.CHINESE_NAME)
private String custName ;
@ApiModelProperty(name = "电话号码")
@Desensitization(type = SensitiveTypeEnum.MOBILE_PHONE)
private String mobilePhone;
@ApiModelProperty("证件号")
@Desensitization(type = SensitiveTypeEnum.ID_CARD)
private String idNo ;
9:若实体类存在时间字段,可能会有影响,需要对时间字段加注解
@JSONField(format = "yyyy-MM-dd HH:mm:ss")