文章详情

短信预约-IT技能 免费直播动态提醒

请输入下面的图形验证码

提交验证

短信预约提醒成功

Java 如何通过注解实现接口输出时数据脱敏

2024-04-02 19:55

关注

Java注解实现接口输出数据脱敏

在后台管理中,对于手机号,身份证,姓名这些数据不允许所有人都能看,这时候我们要对相对数据进行脱敏.

先声明了一个注解

通过对相关接口函数进行声明,以及配置需要脱敏的参数类型SecretTypeEnum,默认脱敏手机号



@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface SecretManage {

    SecretTypeEnum[] value() default {SecretTypeEnum.MOBILE};

}

我们目前只支持对手机号

身份证,用户姓名三个字段进行脱敏, 字段名称必须符合枚举的desc值


package com.test.base.enums;


import com.fasterxml.jackson.annotation.JsonValue;


public enum SecretTypeEnum implements BaseEnum {
    MOBILE(0, "mobile"),
    NAME(1, "name"),
    ID(2, "identity")
    ;

    @JsonValue
    private int code;
    private String desc;

    public String getDesc() {
        return desc;
    }

    SecretTypeEnum(int code, String desc) {
        this.code = code;
        this.desc = desc;
    }

    @Override
    public int code() {
        return code;
    }

    public static SecretTypeEnum checkParam(String paramName) {
        SecretTypeEnum[] values = values();
        for (int i = 0; i < values.length; i++) {
            if (paramName.equals(values[i].getDesc())) {
                return values[i];
            }
        }
        return null;
    }
}

然后我们需要实现注解的拦截功能



@Order(1)
@Aspect
@Component
public class SecretManageAspect {

    @Pointcut("@annotation(com.test.base.annotations.SecretManage)")
    public void pointCut() {
    }


    @Around("pointCut() && @annotation(secretManage)")
    public Object secretManageAround(ProceedingJoinPoint joinPoint, SecretManage secretManage) throws Throwable {
        Class returnType = ((MethodSignature) joinPoint.getSignature()).getReturnType();
        Object invokeResult = joinPoint.proceed();
        if (returnType.isInstance(invokeResult)) {
            returnType.cast(invokeResult);
        }
        Field[] fields = returnType.getDeclaredFields();
        List<SecretTypeEnum> annotationSecretTypeEnums = Arrays.asList(secretManage.value());
        for (Field field : fields) {
            String fieldName = field.getName();
            Class<?> paramType = field.getType();
            System.out.println("字段名称:" + fieldName);
            SecretTypeEnum secretTypeEnum = SecretTypeEnum.checkParam(fieldName);
            long count = annotationSecretTypeEnums.stream().filter(item -> item.equals(secretTypeEnum)).count();
            if (secretTypeEnum != null && count > 0) {
                fieldName = fieldName.substring(0, 1).toUpperCase() + fieldName.substring(1);
                // 获取到setter方法
                Method setMethod = returnType.getMethod("set" + fieldName, new Class[]{paramType});
                // 获取到getter方法
                Method getMethod = returnType.getMethod("get" + fieldName);
                // 执行getter方法
                Object value = getMethod.invoke(invokeResult);
                this.invokeSetter(setMethod, invokeResult, secretTypeEnum, value);
            }
        }
        return invokeResult;
    }

    
    private void invokeSetter(Method setterMethod, Object invokeResult, SecretTypeEnum secretTypeEnum, Object value)
        throws InvocationTargetException, IllegalAccessException {
        switch (secretTypeEnum) {
            case NAME:
                setterMethod.invoke(invokeResult, SecretUtil.nameSecret(value.toString()));
                break;
            case MOBILE:
                setterMethod.invoke(invokeResult, SecretUtil.mobileSecret(value.toString()));
                break;
            case ID:
                setterMethod.invoke(invokeResult, SecretUtil.idNoSecret(value.toString()));
                break;
        }
    }
}

上面我们就是实现了脱敏的功能,现在我们可以mock接口看看结果了,

我对默认声明和脱敏名称和手机号进行了测试


	
	@GetMapping("/test-secret")
//	@SecretManage(value = {SecretTypeEnum.NAME, SecretTypeEnum.MOBILE})
	@SecretManage
	public User getSecretUser() {
		User user = new User();
		user.setId(1);
		user.setMobile("13715166409");
		user.setName("张志新");
		user.setIdentity("370283790911703");
		return user;
	}

下面是测试结果

在这里插入图片描述

Java注解的字段脱敏处理

有这样一个场景,系统中可以出现敏感的数据,在打印日志的时候,我们并不希望打印出现,这样,我们使用自己定义注解,来解决这个问题。

定义需要脱敏的字段规则


import java.lang.reflect.Array;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
 
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
 
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.google.gson.Gson;
import com.ucf.platform.framework.core.annotation.SensitiveInfo;
import com.ucf.platform.framework.core.log.UcfLogger;
import com.ucf.platform.framework.core.log.UcfLoggerFactory;
 

public final class SensitiveInfoUtils {
 
    private final static UcfLogger logger = UcfLoggerFactory.getLogger(SensitiveInfoUtils.class);
 
    
    public static String chineseName(String fullName) {
        if (StringUtils.isBlank(fullName)) {
            return "";
        }
        String name = StringUtils.left(fullName, 1);
        return StringUtils.rightPad(name, StringUtils.length(fullName), "*");
    }
 
    
    public static String chineseName(String familyName, String givenName) {
        if (StringUtils.isBlank(familyName) || StringUtils.isBlank(givenName)) {
            return "";
        }
        return chineseName(familyName + givenName);
    }
 
    
    public static String idCardNum(String id) {
        if (StringUtils.isBlank(id)) {
            return "";
        }
        String num = StringUtils.right(id, 4);
        return StringUtils.leftPad(num, StringUtils.length(id), "*");
    }
 
    
    public static String fixedPhone(String num) {
        if (StringUtils.isBlank(num)) {
            return "";
        }
        return StringUtils.leftPad(StringUtils.right(num, 4), StringUtils.length(num), "*");
    }
 
    
    public static String mobilePhone(String num) {
        if (StringUtils.isBlank(num)) {
            return "";
        }
        return StringUtils.left(num, 3).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(num, 4), StringUtils.length(num), "*"), "***"));
    }
 
    
    public static String address(String address, int sensitiveSize) {
        if (StringUtils.isBlank(address)) {
            return "";
        }
        int length = StringUtils.length(address);
        return StringUtils.rightPad(StringUtils.left(address, length - sensitiveSize), length, "*");
    }
 
    
    public static String email(String email) {
        if (StringUtils.isBlank(email)) {
            return "";
        }
        int index = StringUtils.indexOf(email, "@");
        if (index <= 1)
            return email;
        else
            return StringUtils.rightPad(StringUtils.left(email, 1), index, "*").concat(StringUtils.mid(email, index, StringUtils.length(email)));
    }
 
    
    public static String bankCard(String cardNum) {
        if (StringUtils.isBlank(cardNum)) {
            return "";
        }
        return StringUtils.left(cardNum, 6).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(cardNum, 4), StringUtils.length(cardNum), "*"), "******"));
    }
 
    
    public static String cnapsCode(String code) {
        if (StringUtils.isBlank(code)) {
            return "";
        }
        return StringUtils.rightPad(StringUtils.left(code, 2), StringUtils.length(code), "*");
    }
 
    
    public static String getJson(Object javaBean) {
        String json = null;
        if (null != javaBean) {
            Class<? extends Object> raw = javaBean.getClass();
            try {
                if (raw.isInterface())
                    return json;
                Gson g = new Gson();
                Object clone = g.fromJson(g.toJson(javaBean, javaBean.getClass()), javaBean.getClass());
                Set<Integer> referenceCounter = new HashSet<Integer>();
                SensitiveInfoUtils.replace(SensitiveInfoUtils.findAllField(raw), clone, referenceCounter);
                json = JSON.toJSONString(clone, SerializerFeature.WriteMapNullValue, SerializerFeature.WriteNullListAsEmpty);
                referenceCounter.clear();
                referenceCounter = null;
            } catch (Throwable e) {
                logger.error("SensitiveInfoUtils.getJson() ERROR", e);
            }
        }
        return json;
    }
 
    private static Field[] findAllField(Class<?> clazz) {
        Field[] fileds = clazz.getDeclaredFields();
        while (null != clazz.getSuperclass() && !Object.class.equals(clazz.getSuperclass())) {
            fileds = (Field[]) ArrayUtils.addAll(fileds, clazz.getSuperclass().getDeclaredFields());
            clazz = clazz.getSuperclass();
        }
        return fileds;
    }
    private static void replace(Field[] fields, Object javaBean, Set<Integer> referenceCounter) throws IllegalArgumentException, IllegalAccessException {
        if (null != fields && fields.length > 0) {
            for (Field field : fields) {
                field.setAccessible(true);
                if (null != field && null != javaBean) {
                    Object value = field.get(javaBean);
                    if (null != value) {
                        Class<?> type = value.getClass();
                        // 1.处理子属性,包括集合中的
                        if (type.isArray()) {
                            int len = Array.getLength(value);
                            for (int i = 0; i < len; i++) {
                                Object arrayObject = Array.get(value, i);
                                SensitiveInfoUtils.replace(SensitiveInfoUtils.findAllField(arrayObject.getClass()), arrayObject, referenceCounter);
                            }
                        } else if (value instanceof Collection<?>) {
                            Collection<?> c = (Collection<?>) value;
                            Iterator<?> it = c.iterator();
                            while (it.hasNext()) {
                                Object collectionObj = it.next();
                                SensitiveInfoUtils.replace(SensitiveInfoUtils.findAllField(collectionObj.getClass()), collectionObj, referenceCounter);
                            }
                        } else if (value instanceof Map<?, ?>) {
                            Map<?, ?> m = (Map<?, ?>) value;
                            Set<?> set = m.entrySet();
                            for (Object o : set) {
                                Entry<?, ?> entry = (Entry<?, ?>) o;
                                Object mapVal = entry.getValue();
                                SensitiveInfoUtils.replace(SensitiveInfoUtils.findAllField(mapVal.getClass()), mapVal, referenceCounter);
                            }
                        } else if (!type.isPrimitive()
                                   && !StringUtils.startsWith(type.getPackage().getName(), "javax.")
                                   && !StringUtils.startsWith(type.getPackage().getName(), "java.")
                                   && !StringUtils.startsWith(field.getType().getName(), "javax.")
                                   && !StringUtils.startsWith(field.getName(), "java.")
                                   && referenceCounter.add(value.hashCode())) {
                            SensitiveInfoUtils.replace(SensitiveInfoUtils.findAllField(type), value, referenceCounter);
                        }
                    }
                    // 2. 处理自身的属性
                    SensitiveInfo annotation = field.getAnnotation(SensitiveInfo.class);
                    if (field.getType().equals(String.class) && null != annotation) {
                        String valueStr = (String) value;
                        if (StringUtils.isNotBlank(valueStr)) {
                            switch (annotation.type()) {
                                case CHINESE_NAME: {
                                    field.set(javaBean, SensitiveInfoUtils.chineseName(valueStr));
                                    break;
                                }
                                case ID_CARD: {
                                    field.set(javaBean, SensitiveInfoUtils.idCardNum(valueStr));
                                    break;
                                }
                                case FIXED_PHONE: {
                                    field.set(javaBean, SensitiveInfoUtils.fixedPhone(valueStr));
                                    break;
                                }
                                case MOBILE_PHONE: {
                                    field.set(javaBean, SensitiveInfoUtils.mobilePhone(valueStr));
                                    break;
                                }
                                case ADDRESS: {
                                    field.set(javaBean, SensitiveInfoUtils.address(valueStr, 4));
                                    break;
                                }
                                case EMAIL: {
                                    field.set(javaBean, SensitiveInfoUtils.email(valueStr));
                                    break;
                                }
                                case BANK_CARD: {
                                    field.set(javaBean, SensitiveInfoUtils.bankCard(valueStr));
                                    break;
                                }
                                case CNAPS_CODE: {
                                    field.set(javaBean, SensitiveInfoUtils.cnapsCode(valueStr));
                                    break;
                                }
                            }
                        }
                    }
                }
            }
        }
    }
   
//----------------------------------------------------------------------------------------------
    public static Method [] findAllMethod(Class<?> clazz){
        Method [] methods= clazz.getMethods();
        return methods;
    }
  
  //----------------------------------------------------------------------------------------------
    public static enum SensitiveType {
        
        CHINESE_NAME,
 
        
        ID_CARD,
        
        FIXED_PHONE,
        
        MOBILE_PHONE,
        
        ADDRESS,
        
        EMAIL,
        
        BANK_CARD,
        
        CNAPS_CODE;
    }
}

声明注解


import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
 
import com.ucf.platform.framework.core.util.SensitiveInfoUtils;
 

@Target({ElementType.FIELD,ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface SensitiveInfo {
 
    public SensitiveInfoUtils.SensitiveType type() ;
}

测试


public class JavaBeanA {
    
    public JavaBeanA(String name,String id){
        
    }
    
    @SensitiveInfo(type=SensitiveType.CHINESE_NAME)
    private String name = "A先生";
    
    private JavaBeanB b;
    
    private Date date;
    
    private List<JavaBeanB> list;
    
    private Map<String,JavaBeanB> map;
 
    public String getName() {
        return name;
    }
 
    public void setName(String name) {
        this.name = name;
    }
 
    public JavaBeanB getB() {
        return b;
    }
 
    public void setB(JavaBeanB b) {
        this.b = b;
    }
 
    public List<JavaBeanB> getList() {
        return list;
    }
 
    public void setList(List<JavaBeanB> list) {
        this.list = list;
    }
 
    public Map<String, JavaBeanB> getMap() {
        return map;
    }
 
    public void setMap(Map<String, JavaBeanB> map) {
        this.map = map;
    }
 
    public Date getDate() {
        return date;
    }
 
    public void setDate(Date date) {
        this.date = date;
    }
    
}

public class JavaBeanB {
    @SensitiveInfo(type=SensitiveType.CHINESE_NAME)
    private String name = "B先生";
    
    private JavaBeanA a;
    
    private Set<JavaBeanA> list;
    
    private Map<String,JavaBeanA> map;
 
    public String getName() {
        return name;
    }
 
    public void setName(String name) {
        this.name = name;
    }
 
    public JavaBeanA getA() {
        return a;
    }
 
    public void setA(JavaBeanA a) {
        this.a = a;
    }
 
    public Set<JavaBeanA> getList() {
        return list;
    }
 
    public void setList(Set<JavaBeanA> list) {
        this.list = list;
    }
 
    public Map<String, JavaBeanA> getMap() {
        return map;
    }
 
    public void setMap(Map<String, JavaBeanA> map) {
        this.map = map;
    }
}

public class SensitiveInfoUtilsTest {
    
    
    @Test
    public void testChineseNameString() {
        System.out.println(SensitiveInfoUtils.chineseName("李先生"));
    }
 
    
    @Test
    public void testChineseNameStringString() {
        System.out.println(SensitiveInfoUtils.chineseName("李","雷"));
    }
 
    
    @Test
    public void testIdCardNum() {
        System.out.println(SensitiveInfoUtils.idCardNum("1103541983073188711"));
    }
 
    
    @Test
    public void testFixedPhone() {
        System.out.println(SensitiveInfoUtils.fixedPhone("01077482277"));
    }
 
    
    @Test
    public void testMobilePhone() {
        System.out.println(SensitiveInfoUtils.mobilePhone("13777446578"));
    }
 
    
    @Test
    public void testAddress() {
        System.out.println(SensitiveInfoUtils.address("北京朝阳区酒仙桥中路26号院4号楼人人大厦",8));
    }
 
    
    @Test
    public void testEmail() {
        System.out.println(SensitiveInfoUtils.email("66374777@qq.com"));
    }
 
    
    @Test
    public void testBankCard() {
        System.out.println(SensitiveInfoUtils.bankCard("6228480402565890018"));
    }
 
    
    @Test
    public void testCnapsCode() {
        System.out.println(SensitiveInfoUtils.cnapsCode("102100029679"));
    }
 
    
    @Test
    public void testGetJson() {
//        ThreadPoolExecutor consumeExecutor = new ThreadPoolExecutor(30, 30 + 10, 5, TimeUnit.SECONDS, new ArrayBlockingQueue<Runnable>(30 + 10), new ThreadFactory() {
//            @Override
//            public Thread newThread(Runnable r) {
//                Thread myThread = new Thread(r);
//                myThread.setName("TT");
//                return myThread;
//            }
//        }, new ThreadPoolExecutor.CallerRunsPolicy());
//        while (true) {
//            consumeExecutor.execute(new Runnable() {
//                @Override
//                public void run() {}
//            });
//        }
 
        JavaBeanA a1 = new JavaBeanA("","");
        JavaBeanA a2 = new JavaBeanA("","");
        JavaBeanB b1 = new JavaBeanB();
        a1.setB(b1);
//        a1.setDate(new Date());
        
        List<JavaBeanB> a1l = new ArrayList<JavaBeanB>();
        a1l.add(b1);
        a1.setList(a1l);
        Map<String, JavaBeanB> a1m = new HashMap<String, JavaBeanB>();
        a1m.put("b1", b1);
        a1.setMap(a1m);
 
        b1.setA(a2);
        Set<JavaBeanA> b1l = new HashSet<JavaBeanA>();
        b1.setList(b1l);
        Map<String, JavaBeanA> b1m = new HashMap<String, JavaBeanA>();
        b1m.put("a2", a2);
        b1.setMap(b1m);
        long t = System.currentTimeMillis();
        System.out.println(t);
        System.out.println(SensitiveInfoUtils.getJson(a1));
        System.out.println(System.currentTimeMillis()-t);
        System.out.println(JSON.toJSON(a1));
        System.out.println(System.currentTimeMillis()-t);
    
    }
}

测试结果:

李**
李*
***************8711
*******2277
137****6578
北京朝阳区酒仙桥中路26号********
6*******@qq.com
622848*********0018
10**********
1443435915750
{"b":{"a":{"b":null,"date":null,"list":[],"map":null,"name":"A**"},"list":[],"map":{"a2":{"b":null,"date":null,"list":[],"map":null,"name":"A**"}},"name":"B**"},"date":null,"list":[{"a":{"b":null,"date":null,"list":[],"map":null,"name":"A**"},"list":[],"map":{"a2":{"b":null,"date":null,"list":[],"map":null,"name":"A**"}},"name":"B**"}],"map":{"b1":{"a":{"b":null,"date":null,"list":[],"map":null,"name":"A**"},"list":[],"map":{"a2":{"b":null,"date":null,"list":[],"map":null,"name":"A**"}},"name":"B**"}},"name":"A**"}
289
{"b":{"a":{"name":"A先生"},"list":[],"map":{"a2":{"name":"A先生"}},"name":"B先生"},"list":[{"a":{"name":"A先生"},"list":[],"map":{"a2":{"name":"A先生"}},"name":"B先生"}],"map":{"b1":{"a":{"name":"A先生"},"list":[],"map":{"a2":{"name":"A先生"}},"name":"B先生"}},"name":"A先生"}
300

使用了google 的API,可以使用maven在添加,配置如下:


<!-- gson -->
  <dependency>
   <groupId>com.google.code.gson</groupId>
   <artifactId>gson</artifactId>
  </dependency>

说明:在需要脱敏的字段上使用定义好的注解,在具体的使用时用SensitiveInfoUtils.getJson(a1),如果不需要脱敏的输出,尽量不要打印JSON,使用对象的toString()输出。效率更高。

以上为个人经验,希望能给大家一个参考,也希望大家多多支持编程网。

阅读原文内容投诉

免责声明:

① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。

② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341

软考中级精品资料免费领

  • 历年真题答案解析
  • 备考技巧名师总结
  • 高频考点精准押题
  • 2024年上半年信息系统项目管理师第二批次真题及答案解析(完整版)

    难度     813人已做
    查看
  • 【考后总结】2024年5月26日信息系统项目管理师第2批次考情分析

    难度     354人已做
    查看
  • 【考后总结】2024年5月25日信息系统项目管理师第1批次考情分析

    难度     318人已做
    查看
  • 2024年上半年软考高项第一、二批次真题考点汇总(完整版)

    难度     435人已做
    查看
  • 2024年上半年系统架构设计师考试综合知识真题

    难度     224人已做
    查看

相关文章

发现更多好内容

猜你喜欢

AI推送时光机
位置:首页-资讯-后端开发
咦!没有更多了?去看看其它编程学习网 内容吧
首页课程
资料下载
问答资讯