起源:juejin.cn/post/7110110794188062727

下午惬意时光,忽然产品小姐姐走到我背后,打断我短暂的摸鱼time,希图与我进行深刻交换,还好我早有防范没有闪,关上瑞star的点单页面,暗示没有一杯coffee解决不了的需要,需要是某些接口返回的信息,波及到敏感数据的必须进行脱敏操作,我思考一反,示意某问题,马上安顿。

思路

1.要做成可配置多策略的脱敏操作,要不然一个个接口进行脱敏操作,反复的工作量太多,很显然违反了“多写一行算我输”的程序员标准,思来想去,定义数据脱敏注解和数据脱敏逻辑的接口, 在返回类上,对须要进行脱敏的属性加上,并指定对应的脱敏策略操作。

2.接下来我只须要拦挡控制器返回的数据,找到带有脱敏注解的属性操作即可,一开始打算用@ControllerAdvice去实现,但发现须要本人去反射类获取注解,当返回对象比较复杂,须要递归去反射,性能一下子就会升高,于是换种思路,我想到平时应用的@JsonFormat,跟我当初的场景很相似,通过自定义注解跟字段解析器,对字段进行自定义解析,tql

代码

Spring Boot 根底就不介绍了,举荐下这个实战教程:

https://github.com/javastacks...

1. 自定义数据注解,并能够配置数据脱敏策略

@Target({ElementType.FIELD, ElementType.TYPE})@Retention(RetentionPolicy.RUNTIME)@Documentedpublic @interface DataMasking {    DataMaskingFunc maskFunc() default DataMaskingFunc.NO_MASK;}

2. 自定义Serializer,参考jackson的StringSerializer,上面的示例只针对String类型进行脱敏

public interface DataMaskingOperation {    String MASK_CHAR = "*";    String mask(String content, String maskChar);}public enum DataMaskingFunc {     /**     *  脱敏转换器     */     NO_MASK((str, maskChar) -> {        return str;     }),     ALL_MASK((str, maskChar) -> {        if (StringUtils.hasLength(str)) {            StringBuilder sb = new StringBuilder();            for (int i = 0; i < str.length(); i++) {                sb.append(StringUtils.hasLength(maskChar) ? maskChar : DataMaskingOperation.MASK_CHAR);            }            return sb.toString();        } else {            return str;        }    });    private final DataMaskingOperation operation;    private DataMaskingFunc(DataMaskingOperation operation) {        this.operation = operation;    }    public DataMaskingOperation operation() {        return this.operation;    }}public final class DataMaskingSerializer extends StdScalarSerializer<Object> {    private final DataMaskingOperation operation;    public DataMaskingSerializer() {        super(String.class, false);        this.operation = null;    }    public DataMaskingSerializer(DataMaskingOperation operation) {        super(String.class, false);        this.operation = operation;    }    public boolean isEmpty(SerializerProvider prov, Object value) {        String str = (String)value;        return str.isEmpty();    }    public void serialize(Object value, JsonGenerator gen, SerializerProvider provider) throws IOException {        if (Objects.isNull(operation)) {            String content = DataMaskingFunc.ALL_MASK.operation().mask((String) value, null);            gen.writeString(content);        } else {            String content = operation.mask((String) value, null);            gen.writeString(content);        }    }    public final void serializeWithType(Object value, JsonGenerator gen, SerializerProvider provider, TypeSerializer typeSer) throws IOException {        this.serialize(value, gen, provider);    }    public JsonNode getSchema(SerializerProvider provider, Type typeHint) {        return this.createSchemaNode("string", true);    }    public void acceptJsonFormatVisitor(JsonFormatVisitorWrapper visitor, JavaType typeHint) throws JsonMappingException {        this.visitStringFormat(visitor, typeHint);    }}

3. 自定义AnnotationIntrospector,适配咱们自定义注解返回相应的Serializer

@Slf4jpublic class DataMaskingAnnotationIntrospector extends NopAnnotationIntrospector {    @Override    public Object findSerializer(Annotated am) {        DataMasking annotation = am.getAnnotation(DataMasking.class);        if (annotation != null) {            return new DataMaskingSerializer(annotation.maskFunc().operation());        }        return null;    }}

4. 笼罩ObjectMapper

@Configuration(        proxyBeanMethods = false)public class DataMaskConfiguration {    @Configuration(            proxyBeanMethods = false    )    @ConditionalOnClass({Jackson2ObjectMapperBuilder.class})    static class JacksonObjectMapperConfiguration {        JacksonObjectMapperConfiguration() {        }        @Bean        @Primary        ObjectMapper jacksonObjectMapper(Jackson2ObjectMapperBuilder builder) {            ObjectMapper objectMapper = builder.createXmlMapper(false).build();            AnnotationIntrospector ai = objectMapper.getSerializationConfig().getAnnotationIntrospector();            AnnotationIntrospector newAi = AnnotationIntrospectorPair.pair(ai, new DataMaskingAnnotationIntrospector());            objectMapper.setAnnotationIntrospector(newAi);            return objectMapper;        }    }}

5. 返回对象加上注解

public class User implements Serializable {    /**     * 主键ID     */    private Long id;    /**     * 姓名     */    @DataMasking(maskFunc = DataMaskingFunc.ALL_MASK)    private String name;    /**     * 年龄     */    private Integer age;    /**     * 邮箱     */    @DataMasking(maskFunc = DataMaskingFunc.ALL_MASK)    private String email;}

近期热文举荐:

1.1,000+ 道 Java面试题及答案整顿(2022最新版)

2.劲爆!Java 协程要来了。。。

3.Spring Boot 2.x 教程,太全了!

4.别再写满屏的爆爆爆炸类了,试试装璜器模式,这才是优雅的形式!!

5.《Java开发手册(嵩山版)》最新公布,速速下载!

感觉不错,别忘了顺手点赞+转发哦!