JAVA数据脱敏

为了保护用户隐私,需要对敏感信息进行脱敏处理,如:姓名、电话号码、身份证

基于jackson,通过自定义注解的方式实现数据脱敏

添加依赖

spring-web、spring-boot-starter-web已经集成了jackson相关包,不用添加


<dependency>
    <groupId>com.fasterxml.jackson.coregroupId>
    <artifactId>jackson-coreartifactId>
dependency>
<dependency>
    <groupId>com.fasterxml.jackson.coregroupId>
    <artifactId>jackson-annotationsartifactId>
dependency>
<dependency>
    <groupId>com.fasterxml.jackson.coregroupId>
    <artifactId>jackson-databindartifactId>
dependency>

脱敏注解

DesensitizationJsonSerializer.class: 脱敏序列化类

@Retention(RetentionPolicy.RUNTIME)
@JacksonAnnotationsInside
@JsonSerialize(using = DesensitizationJsonSerializer.class)
public @interface Desensitization {

    Class<? extends AbstractDesensitization> value();

}

脱敏序列化

/**
 * 脱敏序列化
 */
public class DesensitizationJsonSerializer extends JsonSerializer<String> implements ContextualSerializer {

    private AbstractDesensitization desensitization;

    public DesensitizationJsonSerializer() {
    }

    public DesensitizationJsonSerializer(AbstractDesensitization desensitization) {
        this.desensitization = desensitization;
    }

    @Override
    public void serialize(String s, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
        jsonGenerator.writeString(desensitization.serialize(s));;
    }


    @Override
    public JsonSerializer<?> createContextual(SerializerProvider serializerProvider, BeanProperty beanProperty) throws JsonMappingException {
        JsonSerializer<?> jsonSerializer = null;
        if(null == beanProperty) jsonSerializer = serializerProvider.findNullValueSerializer(beanProperty);

        if(!Objects.equals(beanProperty.getType().getRawClass(), String.class))
            jsonSerializer = serializerProvider.findValueSerializer(beanProperty.getType(), beanProperty);

        if(Objects.equals(beanProperty.getType().getRawClass(), String.class)){
            jsonSerializer = setDesensitization(jsonSerializer, beanProperty);
        }
        return jsonSerializer;
    }

    /**
     * 设置脱敏
     * @param beanProperty
     * @return
     */
    private JsonSerializer<?> setDesensitization(JsonSerializer<?> jsonSerializer, BeanProperty beanProperty) {
        Desensitization desensitization = beanProperty.getAnnotation(Desensitization.class);

        if (desensitization == null) desensitization = beanProperty.getContextAnnotation(Desensitization.class);

        if (desensitization != null) {
            //设置脱敏实例
            try {
                jsonSerializer = new DesensitizationJsonSerializer(desensitization.value().newInstance());
            } catch (InstantiationException e) {
                e.printStackTrace();
            } catch (IllegalAccessException e) {
                e.printStackTrace();
            }
        }
        return jsonSerializer;
    }
}

脱敏类

脱敏父类

子类通过继承AbstractDesensitization实现扩展

public abstract class AbstractDesensitization {

    /**
     * 脱敏
     * @param value
     * @return
     */
    public abstract String serialize(String value);

}

中文姓名脱敏

public class ChineseNameDesensitization extends AbstractDesensitization {

    @Override
    public String serialize(String value) {
        String serializeValue = "";
        if(value.length() < 3){
            serializeValue = value.replaceAll(".*(?=[\\u4e00-\\u9fa5])","*");
        }else{
            serializeValue = value.replaceAll("(?<=[\\u4e00-\\u9fa5]).*(?=[\\u4e00-\\u9fa5])","*");
        }
        return serializeValue;
    }

}

手机号脱敏

public class MobilePhoneDesensitization extends AbstractDesensitization {

    @Override
    public String serialize(String value) {
        return value.replaceAll("(\\d{3})\\d{4}(\\d{4})","$1****$2");
    }

}

身份证脱敏

public class IdCardDesensitization extends AbstractDesensitization {

    @Override
    public String serialize(String value) {
        return value.replaceAll("(?<=\\w{3})\\w(?=\\w{4})","*");
    }

}

测试

添加脱敏注解

public class User {

    @Desensitization(ChineseNameDesensitization.class)
    private String name;

    private Integer age;

    @Desensitization(IdCardDesensitization.class)
    private String idCard;

    @Desensitization(MobilePhoneDesensitization.class)
    private String mobilePhone;

	//...get and set
}

新建UserController,查询用户信息

@RestController
public class UserController {

    @GetMapping("/users")
    private List<User> users() throws Exception {
        List<User> girls = new ArrayList<>();
        User user = new User();
        user.setName("西施");
        user.setAge(18);
        user.setIdCard("123456789123456202");
        user.setMobilePhone("12345678901");
        User user2 = new User();
        user2.setName("杨贵妃");
        user2.setAge(18);
        user2.setIdCard("123456789123456202");
        user2.setMobilePhone("12345678901");
        User user3 = new User();
        user3.setName("古代四大美女之一 * 貂蝉");
        user3.setAge(18);
        user3.setIdCard("123456789123456202");
        user3.setMobilePhone("12345678901");
        User user4 = new User();
        user4.setName("古代四大美女之一 * 王昭君");
        user4.setAge(18);
        user4.setIdCard("123456789123456202");
        user4.setMobilePhone("12345678901");
        User user5 = new User();
        user5.setName(null);
        user5.setAge(18);
        user5.setIdCard(null);
        user5.setMobilePhone(null);
        girls.add(user);
        girls.add(user2);
        girls.add(user3);
        girls.add(user4);
        girls.add(user5);
        return girls;
    }
}

返回json效果

JAVA数据脱敏_第1张图片

你可能感兴趣的:(安全,数据脱敏,jackson数据脱敏,java数据脱敏,自定义注解脱敏,自定义注解数据脱敏)