java接口返回值实现数据脱敏
基于jackson,通过自定义注解的方式实现数据脱敏,在需要脱敏的字段上使用该注解即可。
由于项目是spring boot服务,而jackson相关依赖包已由spring-web、spring-boot-starter-web集成,所以无需单独添加jackson相关依赖包。
自定义脱敏注解
@Retention(RetentionPolicy.RUNTIME)
@JacksonAnnotationsInside
@JsonSerialize(using = DesensitizationJsonSerializer.class)
public @interface Desensitization {
Class value();
}DesensitizationJsonSerializer.class: 脱敏序列化类
脱敏序列化
public class DesensitizationJsonSerializer extends JsonSerializer implements ContextualSerializer {
private AbstractDesensitization desensitization;
public DesensitizationJsonSerializer() {
}
public DesensitizationJsonSerializer(AbstractDesensitization desensitization) {
this.desensitization = desensitization;
}
@Override
public void serialize(String s, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
jsonGenerator.writeString(desensitization.serialize(s));;
}
@Override
public JsonSerializer createContextual(SerializerProvider serializerProvider, BeanProperty beanProperty) throws JsonMappingException {
JsonSerializer jsonSerializer = null;
if(null == beanProperty) jsonSerializer = serializerProvider.findNullValueSerializer(beanProperty);
if(!Objects.equals(beanProperty.getType().getRawClass(), String.class))
jsonSerializer = serializerProvider.findValueSerializer(beanProperty.getType(), beanProperty);
if(Objects.equals(beanProperty.getType().getRawClass(), String.class)){
jsonSerializer = setDesensitization(jsonSerializer, beanProperty);
}
return jsonSerializer;
}
private JsonSerializer setDesensitization(JsonSerializer jsonSerializer, BeanProperty beanProperty) {
Desensitization desensitization = beanProperty.getAnnotation(Desensitization.class);
if (desensitization == null) desensitization = beanProperty.getContextAnnotation(Desensitization.class);
if (desensitization != null) {
//设置脱敏实例
try {
jsonSerializer = new DesensitizationJsonSerializer(desensitization.value().newInstance());
} catch (InstantiationException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
}
}
return jsonSerializer;
}
} 脱敏类
脱敏父类
子类通过继承AbstractDesensitization实现扩展
public abstract class AbstractDesensitization {
public abstract String serialize(String value);
}中文姓名脱敏
public class ChineseNameDesensitization extends AbstractDesensitization {
@Override
public String serialize(String value) {
String serializeValue = "";
if(value.length() < 3){
serializeValue = value.replaceAll(".*(?=[\\u4e00-\\u9fa5])","*");
}else{
serializeValue = value.replaceAll("(?<=[\\u4e00-\\u9fa5]).*(?=[\\u4e00-\\u9fa5])","*");
}
return serializeValue;
}
}手机号脱敏
public class MobilePhoneDesensitization extends AbstractDesensitization{
@Override
public String serialize(String value) {
return value.replaceAll("(\\d{3})\\d{4}(\\d{4})","$1****$2");
}
}身份证脱敏
public class IdCardDesensitization extends AbstractDesensitization{
@Override
public String serialize(String value) {
return value.replaceAll("(?<=\\w{3})\\w(?=\\w{4})","*");
}
}测试
实体类上添加脱敏注解
@Data
public class User {
@Desensitization(value = ChineseNameDesensitization.class)
private String name;
@Desensitization(value = IdCardDesensitization.class)
private String idCard;
@Desensitization(value = MobilePhoneDesensitization.class)
private String phone;
private String address;
}添加测试接口
@GetMapping("/test")
public List test() {
List userList = Lists.newArrayList();
User user1 = new User();
user1.setName("张三");
user1.setPhone("15973351565");
user1.setIdCard("513901199409081776");
userList.add(user1);
User user2 = new User();
user2.setName("李超伟");
user2.setIdCard("513901199809081799");
user2.setPhone("13898765432");
userList.add(user2);
return userList;
} 结果返回
[
{
"name": "**三",
"idCard": "513***********1776",
"phone": "159****1565",
"address": null
},
{
"name": "李**伟",
"idCard": "513***********1799",
"phone": "138****5432",
"address": null
}
]