利用fastjson序列化实现数据脱敏
首先定义脱敏类型枚举类
public enum SensitiveType {
/**
* 中文名
*/
CHINESE_NAME,
/**
* 手机号
*/
MOBILE_PHONE;
}
定义脱敏注解
@Retention(RetentionPolicy.RUNTIME)
@JacksonAnnotationsInside
public @interface SensitiveInfo {
public SensitiveType value();
}
定义脱敏拦截器
@Slf4j
public class ValueDesensitizeFilter implements ValueFilter {
@Override
public Object process(Object object, String name, Object value) {
if (ObjectUtils.isEmpty(value) || !(value instanceof String)) {
return value;
}
try {
Field field = object.getClass().getDeclaredField(name);
SensitiveInfo sensitiveInfo = field.getAnnotation(SensitiveInfo.class);
if (String.class != field.getType() || ObjectUtils.isEmpty(sensitiveInfo)) {
return value;
}
String originVal = String.valueOf(value);
SensitiveType sensitiveType = sensitiveInfo.value();
switch (sensitiveType) {
case CHINESE_NAME:
return SensitiveInfoUtils.chineseName(originVal);
case MOBILE_PHONE:
return SensitiveInfoUtils.mobilePhone(originVal);
default:
}
} catch (NoSuchFieldException e) {
log.error("当前数据类型为{},值为{}", object.getClass(), value);
}
return value;
}
}
fastjson序列化配置类
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.alibaba.fastjson.support.config.FastJsonConfig;
import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;
import org.springframework.boot.autoconfigure.http.HttpMessageConverters;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class WebConfigurer implements WebMvcConfigurer {
/**
* 配置fastjson为默认JSON转换
* @return
*/
@Bean
public HttpMessageConverters fastJsonHttpMessageConverters() {
// 1.定义一个converters转换消息的对象
FastJsonHttpMessageConverter fastConverter = new FastJsonHttpMessageConverter();
// 2.添加fastjson的配置信息,比如: 是否需要格式化返回的json数据
FastJsonConfig fastJsonConfig = new FastJsonConfig();
fastJsonConfig.setSerializerFeatures(SerializerFeature.PrettyFormat);
// 中文乱码解决方案
List<MediaType> mediaTypes = new ArrayList<>();
mediaTypes.add(MediaType.APPLICATION_JSON_UTF8);//设定json格式且编码为UTF-8
fastConverter.setSupportedMediaTypes(mediaTypes);
fastJsonConfig.setSerializeFilters(new ValueDesensitizeFilter());//添加自己写的拦截器
// 3.在converter中添加配置信息
fastConverter.setFastJsonConfig(fastJsonConfig);
// 4.将converter赋值给HttpMessageConverter
HttpMessageConverter<?> converter = fastConverter;
// 5.返回HttpMessageConverters对象
return new HttpMessageConverters(converter);
}
}
脱敏工具类
public class SensitiveInfoUtils {
public static String chineseName(final String fullName) {
if (StringUtils.isBlank(fullName)) {
return "";
}
final String name = StringUtils.left(fullName, 1);
return StringUtils.rightPad(name, StringUtils.length(fullName), "*");
}
public static String mobilePhone(final String phone) {
if (StringUtils.isBlank(phone)) {
return "";
}
return phone.replaceAll("(\\d{3})\\d{4}(\\d{4})", "$1****$2");
}
}
需要脱敏的实体类
@Setter
@Getter
@NoArgsConstructor
@AllArgsConstructor
public class User {
private Integer id;
@SensitiveInfo(SensitiveType.CHINESE_NAME)
private String username;
@SensitiveInfo(SensitiveType.MOBILE_PHONE)
private String phone;
private String password;
}
需要脱敏的实体字段,需要脱敏的字段需要添加@SensitiveInfo注解,并指定脱敏类型。以上脱敏只能实现接口数据脱敏,要想实现利用fastjson数据传输时实时脱敏改如何实现呢?具体实现方式如下:
User user = new User();
user.setId(1);
user.setUsername("张三");
user.setPhone("18700370977");
ValueDesensitizeFilter filter = new ValueDesensitizeFilter();
String jsonString = JSON.toJSONString(user, filter);
对象在通过fastjson序列化时指定脱敏过滤器,就可以实现实时脱敏了,拿到jsonString已经是脱敏后的json串
标签: SpringBoot 脱敏
