SpringBoot使用自定义注解实现数据脱敏

原创

wx59bcc77095d22 2023-08-19 21:55:34 博主文章分类：SpringBoot ©著作权

文章标签 数据脱敏 SpringBoot 自定义注解 文章分类 spring boot 后端开发 yyds干货盘点

©著作权归作者所有：来自51CTO博客作者wx59bcc77095d22的原创作品，请联系作者获取转载授权，否则将追究法律责任

我们在日常开发中，经常有一些数据中的部分需要隐藏起来，达到数据安全的目的，这一个过程就是数据脱敏。

一、自定义数据脱敏枚举类

package com.example.springbootdemo.enums;

import lombok.Getter;

import java.util.function.Function;

/**
 * 数据脱敏策略枚举
 */
@Getter
public enum DesensitizationStrategyEnum {
    /**
     * 用户名
     */
    USERNAME(s -> s.replaceAll("(\\S)\\S(\\S*)", "$1*$2")),
    /**
     * 身份证
     */
    ID_CARD(s -> s.replaceAll("(\\d{4})\\d{10}(\\w{4})", "$1****$2")),
    /**
     * 手机号
     */
    PHONE(s -> s.replaceAll("(\\d{3})\\d{4}(\\d{4})", "$1****$2")),
    /**
     * 地址
     */
    ADDRESS(s -> s.replaceAll("(\\S{4})\\S{2}(\\S*)\\S{2}", "$1****"));


    private final Function<String, String> desensitizer;

    DesensitizationStrategyEnum(Function<String, String> desensitizer) {
        this.desensitizer = desensitizer;
    }

    public Function<String, String> desensitizer() {
        return desensitizer;
    }

}

二、自定义数据脱敏序列化类

package com.example.springbootdemo.bean;

import com.example.springbootdemo.annotation.Desensitization;
import com.example.springbootdemo.enums.DesensitizationStrategyEnum;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.BeanProperty;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.ser.ContextualSerializer;

import java.io.IOException;
import java.util.Objects;

/**
 * @author qx
 * @date 2023/08/19
 * @desc 自定义Json序列化 用于对使用脱敏注解的字段进行数据脱敏
 */
public class DesensitizationJsonSerializer extends JsonSerializer<String> implements ContextualSerializer {
    private DesensitizationStrategyEnum strategy;

    @Override
    public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws
            IOException {
        gen.writeString(strategy.desensitizer().apply(value));
    }

    /**
     * 获取属性上的注解属性
     */
    @Override
    public JsonSerializer<?> createContextual(SerializerProvider prov, BeanProperty property) throws
            JsonMappingException {
        Desensitization annotation = property.getAnnotation(Desensitization.class);
        if (Objects.nonNull(annotation) && Objects.equals(String.class,
                property.getType().getRawClass())) {
            this.strategy = annotation.strategy();
            return this;
        }
        return prov.findValueSerializer(property.getType(), property);
    }
}

三、自定义数据脱敏注解

package com.example.springbootdemo.annotation;

import com.example.springbootdemo.bean.DesensitizationJsonSerializer;
import com.example.springbootdemo.enums.DesensitizationStrategyEnum;
import com.fasterxml.jackson.annotation.JacksonAnnotationsInside;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
// 使用jackson注解
@JacksonAnnotationsInside
@JsonSerialize(using = DesensitizationJsonSerializer.class)
public @interface Desensitization {

    DesensitizationStrategyEnum strategy();
}

四、定义一个实体类进行测试

在属性加上自定义的数据脱敏注解，实现对返回的数据进行数据脱敏。

package com.example.springbootdemo.bean;

import com.example.springbootdemo.annotation.Desensitization;
import com.example.springbootdemo.enums.DesensitizationStrategyEnum;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;

/**
 * @author qx
 * @date 2023/08/19
 * @desc 数据实体
 */
@Getter
@Setter
@AllArgsConstructor
@NoArgsConstructor
public class Student {

    @Desensitization(strategy = DesensitizationStrategyEnum.USERNAME)
    private String userName;

    @Desensitization(strategy = DesensitizationStrategyEnum.ADDRESS)
    private String address;

    @Desensitization(strategy = DesensitizationStrategyEnum.PHONE)
    private String phone;

    @Desensitization(strategy = DesensitizationStrategyEnum.ID_CARD)
    private String idCard;
}

五、测试

package com.example.springbootdemo.controller;

import com.example.springbootdemo.bean.Student;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author qx
 * @date 2023/08/19
 * @desc 测试
 */
@RestController
public class DesensitizationController {

    /**
     * 数据脱敏测试
     *
     * @return
     */
    @GetMapping("/testDesensitization")
    public Student test() {
        return new Student("qx", "广东省广州市天河区天河路", "18878889999", "450322210227355544");
    }
}

我们启动项目，在浏览器上测试这个请求。

SpringBoot使用自定义注解实现数据脱敏_SpringBoot