溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章給大家分享的是有關如何使用自定義Json注解實現輸出日志字段脫敏的內容。小編覺得挺實用的,因此分享給大家做個參考,一起跟隨小編過來看看吧。
在日志輸出的時候,有時會輸出一些用戶的敏感信息,如手機號,身份證號,銀行卡號等,現需要對這些信息在日志輸出的時候進行脫敏處理
使用fastjson的ValueFilter對帶有自定義注解的字段進行過濾
/**
* 敏感信息類型
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
public enum SensitiveType {
ID_CARD,
BANK_CARD,
PHONE
}/**
* 脫敏字段注解
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
@Target({ElementType.TYPE, ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
public @interface SensitiveInfo {
SensitiveType type();
}/**
* 日志敏感信息脫敏工具
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
public class SensitiveInfoUtils {
public static String toJsonString(Object object) {
return JSON.toJSONString(object, getValueFilter());
}
private static String desensitizePhoneOrIdCard(String num) {
if (StringUtils.isBlank(num)) {
return "";
}
return StringUtils.left(num, 3).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(num, 4), StringUtils.length(num), "*"), "***"));
}
private static String desensitizeBankCard(String cardNum) {
if (StringUtils.isBlank(cardNum)) {
return "";
}
return StringUtils.left(cardNum, 4).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(cardNum, 4), StringUtils.length(cardNum), "*"), "****"));
}
private static final ValueFilter getValueFilter() {
return new ValueFilter() {
@Override
public Object process(Object obj, String key, Object value) {//obj-對象 key-字段名 value-字段值
try {
Field field = obj.getClass().getDeclaredField(key);
SensitiveInfo annotation = field.getAnnotation(SensitiveInfo.class);
if (null != annotation && value instanceof String) {
String strVal = (String) value;
if (StringUtils.isNotBlank(strVal)) {
switch (annotation.type()) {
case PHONE:
return desensitizePhoneOrIdCard(strVal);
case ID_CARD:
return desensitizePhoneOrIdCard(strVal);
case BANK_CARD:
return desensitizeBankCard(strVal);
default:
break;
}
}
}
} catch (NoSuchFieldException e) {
//找不到的field對功能沒有影響,空處理
}
return value;
}
};
}
public static void main(String[] args) {
CardInfo cardInfo = new CardInfo();
cardInfo.setId("11111111111111111");
cardInfo.setCardId("6228480402564890018");
System.out.println(SensitiveInfoUtils.toJsonString(cardInfo));
}
}public class CardInfo {
private String userId;
private String name;
@SensitiveInfo(type = SensitiveType.ID_CARD)
private String certId;
@SensitiveInfo(type = SensitiveType.BANK_CARD)
private String cardId;
private String bank;
private String phone;
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getCertId() {
return certId;
}
public void setCertId(String certId) {
this.certId = certId;
}
public String getCardId() {
return cardId;
}
public void setCardId(String cardId) {
this.cardId = cardId;
}
public String getBank() {
return bank;
}
public void setBank(String bank) {
this.bank = bank;
}
public String getPhone() {
return phone;
}
public void setPhone(String phone) {
this.phone = phone;
}
}隨著互聯網時代普及,用戶的信息越來越重要,我們開發軟件過程中也需要對用戶的信息進行脫敏處理活著加密處理,針對于比較繁雜的工作,個人來講解如何實現注解式脫敏,支持靜態調用和aop統一攔截實現脫敏或者加密返回。
定義枚舉類,處理所有脫敏和加密等,同時可擴展性,這里只是注解式調用方法而已,以便編寫樣例。DesensitizationEnum若還需要其他脫敏或者加密方法是,只需要添加下面枚舉類型即可
package com.lgh.common.sensitive;
import com.lgh.common.utils.MaskUtils;
import java.lang.reflect.Method;
/**
* 若需要新定義一個掃描規則,這里添加即可
*
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public enum DesensitizationEnum {
// 執行類和脫敏方法名
PHONE(MaskUtils.class, "maskPhone", new Class[]{String.class});
private Class<?> clazz;
private Method method;
DesensitizationEnum(Class<?> target, String method, Class[] paramTypes) {
this.clazz = target;
try {
this.method = target.getDeclaredMethod(method, paramTypes);
} catch (NoSuchMethodException e) {
e.printStackTrace();
}
}
public Method getMethod() {
return method;
}
}脫敏工具
package com.lgh.common.utils;
import org.springframework.util.StringUtils;
/**
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public class MaskUtils {
public static String maskPhone(String phone){
if(StringUtils.isEmpty(phone) || phone.length() < 8){
return phone;
}
return phone.replaceAll("(\\d{3})\\d*(\\d{4})", "$1****$2");
}
}此類添加到需要脫敏的類屬性上即可實現脫敏,具體是遞歸遍歷此注解,通過反射機制來實現脫敏功能
package com.lgh.common.sensitive;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 參數定義注解類
* @author linguohu
* @version 1.0
* @date 2021/1/17
**/
@Target({ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface SensitiveValid {
DesensitizationEnum type();
}特殊聲明,我們遞歸時是索引遞歸,會出現死循環的情況,比如對象引用了對象,循環地址引用,所以會出現死循環,這里設置了10層遞歸,一般我們也不允許有那么深的對象設置。
package com.lgh.common.utils;
import com.lgh.common.sensitive.DesensitizationEnum;
import com.lgh.common.sensitive.SensitiveValid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ReflectionUtils;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.Map;
/**
* 對象脫敏工具
*
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public class DesensitizationUtils {
private static final Logger log = LoggerFactory.getLogger(DesensitizationUtils.class);
private DesensitizationUtils() {
}
/**
* 掃描對象注解,脫敏,最高層次8層
*
* @param obj
*/
public static void format(Object obj) {
DesensitizationUtils.formatMethod(obj, 10);
}
/**
* 遞歸遍歷數據,因為可能有對象地址應用導致循環問題,同時設置莫名奇妙的異常,所以設置遞歸層次,一般不要超過10層
*
* @param obj 需要反射對象
* @param level 遞歸層次,必須輸入
*/
private static void formatMethod(Object obj, int level) {
if (obj == null || isPrimitive(obj.getClass()) || level <= 0) {
return;
}
if (obj.getClass().isArray()) {
for (Object object : (Object[]) obj) {
formatMethod(object, level--);
}
} else if (Collection.class.isAssignableFrom(obj.getClass())) {
for (Object o : ((Collection) obj)) {
formatMethod(o, level--);
}
} else if (Map.class.isAssignableFrom(obj.getClass())) {
for (Object o : ((Map) obj).values()) {
formatMethod(o, level--);
}
} else {
objFormat(obj, level);
}
}
/**
* 只有對象才格式化數據
*
* @param obj
* @param level
*/
private static void objFormat(Object obj, int level) {
for (Field field : obj.getClass().getDeclaredFields()) {
try {
if (isPrimitive(field.getType())) {
SensitiveValid sensitiveValid = field.getAnnotation(SensitiveValid.class);
if (sensitiveValid != null) {
ReflectionUtils.makeAccessible(field);
DesensitizationEnum desensitizationEnum = sensitiveValid.type();
Object fieldV = desensitizationEnum.getMethod().invoke(null, field.get(obj));
ReflectionUtils.setField(field, obj, fieldV);
}
} else {
ReflectionUtils.makeAccessible(field);
Object fieldValue = ReflectionUtils.getField(field, obj);
if (fieldValue == null) {
continue;
}
formatMethod(fieldValue, level - 1);
}
} catch (Exception e) {
log.error("脫敏數據處理異常", e);
}
}
}
/**
* 基本數據類型和String類型判斷
*
* @param clz
* @return
*/
public static boolean isPrimitive(Class<?> clz) {
try {
if (String.class.isAssignableFrom(clz) || clz.isPrimitive()) {
return true;
} else {
return ((Class) clz.getField("TYPE").get(null)).isPrimitive();
}
} catch (Exception e) {
return false;
}
}
}aop插拔式編程,以便防止有不需要的操作,所以編寫可控制類注解EnableDesensitization
package com.lgh.common.sensitive;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 方法返回值攔截器,需要注解才生效
* @author lgh
* @version 1.0
* @date 2021/1/17
**/
@Target({ElementType.TYPE,ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface EnableDesensitization {
}最后實現攔截aop
package com.lgh.common.sensitive;
import com.lgh.common.utils.DesensitizationUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.context.annotation.Configuration;
import org.aspectj.lang.annotation.Aspect;
import java.lang.reflect.Method;
/**
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
@Aspect
@Configuration
public class SensitiveAspect {
public static final String ACCESS_EXECUTION = "execution(* com.lgh.controller..*.*(..))";
/**
* 注解脫敏處理
*
* @param joinPoint
* @return
* @throws Throwable
*/
@Around(ACCESS_EXECUTION)
public Object sensitiveClass(ProceedingJoinPoint joinPoint) throws Throwable {
return sensitiveFormat(joinPoint);
}
/**
* 插拔式注解統一攔截器。@{link EnableDesensitization } 和 @SensitiveValid
*
* @param joinPoint
* @return
* @throws Throwable
*/
public Object sensitiveFormat(ProceedingJoinPoint joinPoint) throws Throwable {
Object obj = joinPoint.proceed();
if (obj == null || DesensitizationUtils.isPrimitive(obj.getClass())) {
return obj;
}
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
EnableDesensitization desensitization = joinPoint.getTarget().getClass().getAnnotation(EnableDesensitization.class);
if (desensitization != null || method.getAnnotation(EnableDesensitization.class) != null) {
DesensitizationUtils.format(obj);
}
return obj;
}
}我居于上一章節的UserDetail對象增加phone字段,同時加入注解,如下:
package com.lgh.common.authority.entity;
import com.lgh.common.sensitive.DesensitizationEnum;
import com.lgh.common.sensitive.SensitiveValid;
public class UserDetail {
private long id;
private String name;
@SensitiveValid(type = DesensitizationEnum.PHONE)
private String phone;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public void setPhone(String phone) {
this.phone = phone;
}
public String getPhone() {
return phone;
}
}接下來controller中啟動注解
@GetMapping("/detail")
@EnableDesensitization
public IResult<UserDetail> getUser(@AuthenticationPrincipal UserDetail userDetail) {
return CommonResult.successData(userDetail);
}大功告成,接下來我們實現一下訪問操作
感謝各位的閱讀!關于“如何使用自定義Json注解實現輸出日志字段脫敏”這篇文章就分享到這里了,希望以上內容可以對大家有一定的幫助,讓大家可以學到更多知識,如果覺得文章不錯,可以把它分享出去讓更多的人看到吧!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
