Java利用Jackson序列化實現(xiàn)數(shù)據(jù)脫敏

更新時間：2021年10月13日 09:54:23 作者：EalenXie

這篇文章主要介紹了利用Jackson序列化實現(xiàn)數(shù)據(jù)脫敏,首先在需要進行脫敏的VO字段上面標注相關脫敏注解，具體實例代碼文中給大家介紹的非常詳細，需要的朋友可以參考下

幾天前使用了Jackson對數(shù)據(jù)的自定義序列化。突發(fā)靈感，利用此方法來簡單實現(xiàn)接口返回數(shù)據(jù)脫敏，故寫此文記錄。

核心思想是利用Jackson的StdSerializer,@JsonSerialize，以及自己實現(xiàn)的數(shù)據(jù)脫敏過程。

使用效果如下:

首先在需要進行脫敏的VO字段上面標注相關脫敏注解

調(diào)用接口即可看到脫敏效果

實現(xiàn)過程如下:

1. 定義脫敏的過程實現(xiàn)

/**
 * Created by EalenXie on 2021/9/24 15:52
 * 頂級的脫敏器
 */
public interface Desensitization<T> {

    /**
     * 脫敏實現(xiàn)
     *
     * @param target 脫敏對象
     * @return 脫敏返回結(jié)果
     */
    T desensitize(T target);

}

比如具體的手機號脫敏器實現(xiàn)

import com.github.Symbol;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * Created by EalenXie on 2021/9/24 15:56
 * 手機號脫敏器 默認只保留前3位和后4位
 */
public class PhoneDesensitization implements StringDesensitization {

    /**
     * 手機號正則
     */
    private static final Pattern DEFAULT_PATTERN = Pattern.compile("(13[0-9]|14[579]|15[0-3,5-9]|16[6]|17[0135678]|18[0-9]|19[89])\d{8}");

    /**
     * 手機號脫敏 只保留前3位和后4位
     */
    @Override
    public String desensitize(String target) {
        Matcher matcher = DEFAULT_PATTERN.matcher(target);
        while (matcher.find()) {
            String group = matcher.group();
            target = target.replace(group, group.substring(0, 3) + Symbol.getSymbol(4, Symbol.STAR) + group.substring(7, 11));
        }
        return target;
    }
}

2.定義脫敏注解,并指明了使用的序列化器,注解中聲明了使用的脫敏器實現(xiàn)

package com.github.annotation;

import com.fasterxml.jackson.annotation.JacksonAnnotationsInside;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.github.desensitization.Desensitization;
import com.github.serializer.ObjectDesensitizeSerializer;

import java.lang.annotation.*;

/**
 * Created by EalenXie on 2021/10/8 11:30
 */
@Target({ElementType.FIELD, ElementType.ANNOTATION_TYPE})
@Retention(RetentionPolicy.RUNTIME)
@JacksonAnnotationsInside
@JsonSerialize(using = ObjectDesensitizeSerializer.class)
@Documented
public @interface Desensitize {
    /**
     * 脫敏器實現(xiàn)
     */
    @SuppressWarnings("all")
    Class<? extends Desensitization<?>> desensitization();
}

3. 實現(xiàn)定義的序列化器

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.BeanProperty;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.ser.ContextualSerializer;
import com.fasterxml.jackson.databind.ser.std.StdSerializer;
import com.github.Symbol;
import com.github.annotation.Desensitize;
import com.github.desensitization.Desensitization;
import com.github.desensitization.DesensitizationFactory;
import com.github.desensitization.StringDesensitization;

import java.io.IOException;

/**
 * Created by EalenXie on 2021/8/9 9:03
 * 脫敏序列化器
 */
public class ObjectDesensitizeSerializer extends StdSerializer<Object> implements ContextualSerializer {

    private transient Desensitization<Object> desensitization;

    protected ObjectDesensitizeSerializer() {
        super(Object.class);
    }

    public Desensitization<Object> getDesensitization() {
        return desensitization;
    }

    public void setDesensitization(Desensitization<Object> desensitization) {
        this.desensitization = desensitization;
    }

    @Override
    public JsonSerializer<Object> createContextual(SerializerProvider prov, BeanProperty property) {
        Desensitize annotation = property.getAnnotation(Desensitize.class);
        return createContextual(annotation.desensitization());
    }

    @SuppressWarnings("unchecked")
    public JsonSerializer<Object> createContextual(Class<? extends Desensitization<?>> clazz) {
        ObjectDesensitizeSerializer serializer = new ObjectDesensitizeSerializer();
        if (clazz != StringDesensitization.class) {
            serializer.setDesensitization((Desensitization<Object>) DesensitizationFactory.getDesensitization(clazz));
        }
        return serializer;
    }

    @Override
    public void serialize(Object value, JsonGenerator gen, SerializerProvider provider) throws IOException {
        Desensitization<Object> objectDesensitization = getDesensitization();
        if (objectDesensitization != null) {
            try {
                gen.writeObject(objectDesensitization.desensitize(value));
            } catch (Exception e) {
                gen.writeObject(value);
            }
        } else if (value instanceof String) {
            gen.writeString(Symbol.getSymbol(((String) value).length(), Symbol.STAR));
        } else {
            gen.writeObject(value);
        }
    }
}

4.代碼的設計說明

完整代碼可見 : https://github.com/EalenXie/jackson-desensitize

另附基于Logback的日志脫敏方案(筆者認為這可能是全網(wǎng)最簡單快捷的)

原理是利用Logback的自定義日志轉(zhuǎn)換器ClassicConverter

1. 自定義脫敏日志轉(zhuǎn)換器

import ch.qos.logback.classic.pattern.ClassicConverter;
import ch.qos.logback.classic.spi.ILoggingEvent;
import com.github.desensitization.EmailDesensitization;
import com.github.desensitization.IDCardDesensitization;
import com.github.desensitization.PhoneDesensitization;
import com.github.desensitization.StringDesensitization;

import java.util.ArrayList;
import java.util.List;


/**
 * @author EalenXie create on 2021/3/18 10:07
 * 此Converter提供支持日志脫敏
 * 1. 編寫此LogbackDesensitizeConverter
 * 2. 正則脫敏 手機號/郵箱/身份證
 */
public class LogbackDesensitizeConverter extends ClassicConverter {

    protected static final List<StringDesensitization> DESENSITIZATION_LIST = new ArrayList<>();

    static {
        // 手機號脫敏
        DESENSITIZATION_LIST.add(new PhoneDesensitization());
        // 郵箱脫敏
        DESENSITIZATION_LIST.add(new EmailDesensitization());
        // 身份證脫敏
        DESENSITIZATION_LIST.add(new IDCardDesensitization());
    }

    @Override
    public String convert(ILoggingEvent event) {
        String content = event.getMessage();
        try {
            for (StringDesensitization desensitization : DESENSITIZATION_LIST) {
                content = desensitization.desensitize(content);
            }
        } catch (Exception e) {
            // ig
        }
        return content;
    }
}

2. 啟動類為PatternLayout的靜態(tài)變量defaultConverterMap新增此自定義轉(zhuǎn)換器

import ch.qos.logback.classic.PatternLayout;
import com.github.filter.LogbackDesensitizeConverter;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;

/**
 * @author EalenXie create on 2020/11/24 14:16
 */
@EnableDiscoveryClient
@SpringBootApplication
public class ApiGatewayApplication {
    public static void main(String[] args) {
        // 日志處理方案 新增一個Logback的日志脫敏轉(zhuǎn)換器
        PatternLayout.defaultConverterMap.put("m", LogbackDesensitizeConverter.class.getName());
        SpringApplication.run(ApiGatewayApplication.class, args);
    }
}

啟動后可以看到日志脫敏效果。