当前位置:网站首页>太强了,一个注解搞定接口返回数据脱敏
太强了,一个注解搞定接口返回数据脱敏
2022-07-27 01:22:00 【肥肥技术宅】
思路
代码
1. 自定义数据注解,并可以配置数据脱敏策略
2. 自定义Serializer,参考jackson的StringSerializer,下面的示例只针对String类型进行脱敏
3. 自定义AnnotationIntrospector,适配我们自定义注解返回相应的Serializer
4. 覆盖ObjectMapper
5. 返回对象加上注解
下午惬意时光,突然产品小姐姐走到我面前,打断我短暂的摸鱼time,企图与我进行深入交流,还好我早有防备没有闪,打开瑞star的点单页面,暗示没有一杯coffee解决不了的需求,需求是某些接口返回的信息,涉及到敏感数据的必须进行脱敏操作,我思考一反,表示某问题,马上安排。
思路
1.要做成可配置多策略的脱敏操作,要不然一个个接口进行脱敏操作,重复的工作量太多,很显然违背了“多写一行算我输”的程序员规范,思来想去,定义数据脱敏注解和数据脱敏逻辑的接口, 在返回类上,对需要进行脱敏的属性加上,并指定对应的脱敏策略操作。
2.接下来我只需要拦截控制器返回的数据,找到带有脱敏注解的属性操作即可,一开始打算用@ControllerAdvice去实现,但发现需要自己去反射类获取注解,当返回对象比较复杂,需要递归去反射,性能一下子就会降低,于是换种思路,我想到平时使用的@JsonFormat,跟我现在的场景很类似,通过自定义注解跟字段解析器,对字段进行自定义解析,tql
代码
1. 自定义数据注解,并可以配置数据脱敏策略
@Target({ElementType.FIELD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface DataMasking {
DataMaskingFunc maskFunc() default DataMaskingFunc.NO_MASK;
}
2. 自定义Serializer,参考jackson的StringSerializer,下面的示例只针对String类型进行脱敏
public interface DataMaskingOperation {
String MASK_CHAR = "*";
String mask(String content, String maskChar);
}
public enum DataMaskingFunc {
/**
* 脱敏转换器
*/
NO_MASK((str, maskChar) -> {
return str;
}),
ALL_MASK((str, maskChar) -> {
if (StringUtils.hasLength(str)) {
StringBuilder sb = new StringBuilder();
for (int i = 0; i < str.length(); i++) {
sb.append(StringUtils.hasLength(maskChar) ? maskChar : DataMaskingOperation.MASK_CHAR);
}
return sb.toString();
} else {
return str;
}
});
private final DataMaskingOperation operation;
private DataMaskingFunc(DataMaskingOperation operation) {
this.operation = operation;
}
public DataMaskingOperation operation() {
return this.operation;
}
}
public final class DataMaskingSerializer extends StdScalarSerializer<Object> {
private final DataMaskingOperation operation;
public DataMaskingSerializer() {
super(String.class, false);
this.operation = null;
}
public DataMaskingSerializer(DataMaskingOperation operation) {
super(String.class, false);
this.operation = operation;
}
public boolean isEmpty(SerializerProvider prov, Object value) {
String str = (String)value;
return str.isEmpty();
}
public void serialize(Object value, JsonGenerator gen, SerializerProvider provider) throws IOException {
if (Objects.isNull(operation)) {
String content = DataMaskingFunc.ALL_MASK.operation().mask((String) value, null);
gen.writeString(content);
} else {
String content = operation.mask((String) value, null);
gen.writeString(content);
}
}
public final void serializeWithType(Object value, JsonGenerator gen, SerializerProvider provider, TypeSerializer typeSer) throws IOException {
this.serialize(value, gen, provider);
}
public JsonNode getSchema(SerializerProvider provider, Type typeHint) {
return this.createSchemaNode("string", true);
}
public void acceptJsonFormatVisitor(JsonFormatVisitorWrapper visitor, JavaType typeHint) throws JsonMappingException {
this.visitStringFormat(visitor, typeHint);
}
}
3. 自定义AnnotationIntrospector,适配我们自定义注解返回相应的Serializer
@Slf4j
public class DataMaskingAnnotationIntrospector extends NopAnnotationIntrospector {
@Override
public Object findSerializer(Annotated am) {
DataMasking annotation = am.getAnnotation(DataMasking.class);
if (annotation != null) {
return new DataMaskingSerializer(annotation.maskFunc().operation());
}
return null;
}
}
4. 覆盖ObjectMapper
@Configuration(
proxyBeanMethods = false
)
public class DataMaskConfiguration {
@Configuration(
proxyBeanMethods = false
)
@ConditionalOnClass({Jackson2ObjectMapperBuilder.class})
static class JacksonObjectMapperConfiguration {
JacksonObjectMapperConfiguration() {
}
@Bean
@Primary
ObjectMapper jacksonObjectMapper(Jackson2ObjectMapperBuilder builder) {
ObjectMapper objectMapper = builder.createXmlMapper(false).build();
AnnotationIntrospector ai = objectMapper.getSerializationConfig().getAnnotationIntrospector();
AnnotationIntrospector newAi = AnnotationIntrospectorPair.pair(ai, new DataMaskingAnnotationIntrospector());
objectMapper.setAnnotationIntrospector(newAi);
return objectMapper;
}
}
}
5. 返回对象加上注解
public class User implements Serializable {
/**
* 主键ID
*/
private Long id;
/**
* 姓名
*/
@DataMasking(maskFunc = DataMaskingFunc.ALL_MASK)
private String name;
/**
* 年龄
*/
private Integer age;
/**
* 邮箱
*/
@DataMasking(maskFunc = DataMaskingFunc.ALL_MASK)
private String email;
}
边栏推荐
- Worth more than 100 million! The 86 version of "red boy" refuses to be a Daocheng Xueba. He is already a doctor of the Chinese Academy of Sciences and has 52 companies under his name
- 队列达到最大长度代码实战
- 【flask】服务端获取客户端的请求头信息
- 175. 组合两个表(非常简单)
- 2649: segment calculation
- [dynamic planning medium] leetcode 198. looting 740. delete and get points
- Zhang Ping, Alibaba cloud Solution Architect: system construction of cloud native digital safety production
- Naive Bayes -- Document Classification
- 周全的照护 解析LYRIQ锐歌电池安全设计
- Worthington果胶酶的特性及测定方案
猜你喜欢
window对象的常见事件
Portraiture5全新升级版磨皮滤镜插件神器
Social wechat applet of fanzhihu forum community
impala 执行计划详解
队列达到最大长度代码实战
阿里云解决方案架构师张平:云原生数字化安全生产的体系建设
C语言const用法详解
196. 删除重复的电子邮箱
杀毒软件 clamav 的安装和使用
be based on. NETCORE development blog project starblog - (16) some new functions (monitoring / statistics / configuration / initialization)
随机推荐
数模1232
毕业2年转行软件测试获得12K+,不考研月薪过万的梦想实现了
单例模式(双检锁)
二叉树(DAY 82)
Worth more than 100 million! The 86 version of "red boy" refuses to be a Daocheng Xueba. He is already a doctor of the Chinese Academy of Sciences and has 52 companies under his name
Portraiture5全新升级版磨皮滤镜插件神器
An error in the fourth edition of the red book?
关于OpenFeign的源码分析
QT编译出来的exe以管理员权限启动
2649: segment calculation
2513: Xiao Yong's academic score (common divisor problem)
一体式水利视频监控站 遥测终端视频图像水位水质水量流速监测
红宝书第四版的一个错误?
DNS记录类型及相关名词解释
Boom 3D new 2022 audio enhancement app
Bulk copy baby upload prompt garbled, how to solve?
{“errcode“:44001,“errmsg“:“empty media data, hint: [1655962096234893527769663], from ip: 222.72.xxx.
2513: 小勇学分数(公约数问题)
Worthington过氧化物酶活性的6种测定方法
数据库红的表如何设计才能使性能更加优化