使用自定義Json註解實現輸出日誌欄位脫敏
阿新 • • 發佈:2021-12-21
自定義on註解實現輸出日誌欄位脫敏
背景
在日誌輸出的時候,有時會輸出一些使用者的敏感資訊,如手機號,身份證號,銀行卡號等,現需要對這些資訊在日誌輸出的時候進行脫敏處理
思路
使用fastjson的ValueFilter對帶有自定義註解的欄位進行過濾
/**
* 敏感資訊型別
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
public enum SensitiveType {
ID_CARD,BANK_CARD,PHONE
}
/**
* 脫敏欄位註解
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
@Target({ElementType.TYPE,ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
public @interface SensitiveInfo {
SensitiveType type();
}
/**
* 日誌敏感資訊脫敏工具
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
public class SensitiveInfoUtils {
public static String toJsonString(Object object) {
return JSON.toJSONString(object,getValueFilter());
}
private static String desensitizePhoneOrIdCard(String num) {
if (StringUtils.isBlank(num)) {
return "";
}
return StringUtils.left(num,3).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(num,4),StringUtils.length(num),"*"),www.cppcns.com
附CardInfo類
public class CardInfo {
private String userId;
private String name;
@SensitiveInfo(type = SensitiveType.ID_CARD)
private String certId;
@SensitiveInfo(type = SensitiveType.BANK_CARD)
private String cardId;
private String bank;
private String phone;
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getCertId() {
return certId;
}
public void setCertId(String certId) {
this.certId = certId;
}
public String getCardId() {
return cardId;
}
public void setCardId(String cardId) {
this.cardId = cardId;
}
public String getBank() {
return bank;
}
public void setBank(String bank) {
this.bank = bank;
}
public String getPhone() {
return phone;
}
public void setPhone(String phone) {
this.phone = phone;
}
}
註解式脫敏
隨著網際網路時代普及,使用者的資訊越來越重要,我們開發軟體過程中也需要對使用者的資訊進行脫敏處理活著加密處理,針對於比較繁雜的工作,個人來講解如何實現註解式脫敏,支援靜態呼叫和aop統一攔截實現脫敏或者加密返回。
程式碼講解
脫敏列舉類
定義列舉類,處理所有脫敏和加密等,同時可擴充套件性,這裡只是註解式呼叫方法而已,以便編寫樣例。DesensitizationEnum若還需要其他脫敏或者加密方法是,只需要新增下面列舉型別即可
package com.lgh.common.sensitive;
import com.lgh.common.utils.MaskUtils;
import java.lang.reflect.Method;
/**
* 若需要新定義一個掃描規則,這裡新增即可
*
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public enum DesensitizationEnum {
// 執行類和脫敏方法名
PHONE(MaskUtils.class,"maskPhone",new Class[]{String.class});
private Class<?> clazz;
private Method method;
DesensitizationEnum(Class<?> target,String method,Class[] paramTypes) {
this.clazz = target;
try {
this.method = target.getDeclaredMethod(method,paramTypes);
} catch (NoSuchMethodException e) {
e.printStackTrace();
}
}
public Method getMethod() {
return method;
}
}
脫敏工具
package com.lgh.common.utils;
import org.springframework.util.StringUtils;
/**
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public class MaskUtils {
public static String maskPhone(String phone){
if(StringUtils.isEmpty(phone) || phone.length() < 8){
return phone;
}
return phone.replaceAll("(\\d{3})\\d*(\\d{4})","$1****$2");
}
}
註解類編寫
此類新增到需要脫敏的類屬性上即可實現脫敏,具體是遞迴遍歷此註解,通過反射機制來實現脫敏功能
package com.lgh.common.sensitive;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 引數定義註解類
* @author linguohu
* @version 1.0
* @date 2021/1/17
**/
@Target({ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface SensitiveValid {
DesensitizationEnum type();
}
脫敏工具類
特殊宣告,我們遞迴時是索引遞迴,會出現死迴圈的情況,比如物件引用了物件,迴圈地址引用,所以會出現死迴圈,這裡設定了10層遞迴,一般我們也不允許有那麼深的物件設定。
package com.lgh.common.utils;
import com.lgh.common.sensitive.DesensitizationEnum;
import com.lgh.common.sensitive.SensitiveValid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ReflectionUtils;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.Map;
/**
* 物件脫敏工具
*
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public class DesensitizationUtils {
private static final Logger log = LoggerFactory.getLogger(DesensitizationUtils.class);
private DesensitizationUtils() {
}
/**
* 掃描物件註解,脫敏,最高層次8層
*
* @param obj
*/
public static void format(Object obj) {
DesensitizationUtils.formatMethod(obj,10);
}
/**
* 遞迴遍歷資料,因為可能有物件地址應用導致迴圈問題,同時設定莫名奇妙的異常,所以設定遞迴層次,一般不要超過10層
*
* @param obj 需要反射物件
* @param level 遞迴層次,必須輸入
*/
private static void formatMethod(Object obj,int level) {
if (obj == null || isPrimitive(obj.getClass()) || level <= 0) {
return;
}
if (obj.getClass().isArray()) {
for (Object object : (Object[]) obj) {
formatMethod(object,level--);
}
} else if (Collection.class.isAssignableFrom(obj.getClass())) {
for (Object o : ((Collection) obj)) {
formatMethod(o,level--);
}
} else if (Map.class.isAssignableFrom(obj.getClass())) {
for (Object o : ((Map) obj).values()) {
formatMethod(o,level--);
}
} else {
objFormat(obj,level);
}
}
/**
* 只有物件才格式化資料
*
* @param obj
* @param level
*/
private static void objFormat(Object obj,int level) {
for (Field field : obj.getClass().getDeclaredFields()) {
try {
if (isPrimitive(field.getType())) {
SensitiveValid sensitiveValid = field.getAnnotation(SensitiveValid.class);
if (sensitiveValid != null) {
ReflectionUtils.makeAccessible(field);
DesensitizationEnum desensitizationEnum = sensitiveValid.type();
Object fieldV = desensitizationEnum.getMethod().invoke(null,field.get(obj));
ReflectionUtils.setField(field,obj,fieldV);
}
} else {
ReflectionUtils.makeAccessible(field);
Object fieldValue = ReflectionUtils.getField(field,obj);
if (fieldValue == null) {
continue;
}
formatMethod(fieldValue,level - 1);
}
} catch (Exception e) {
log.error("脫敏資料處理異常",e);
}
}
}
/**
* 基本資料型別和String型別判斷
*
* @param clz
* @return
*/
public static boolean isPrimitive(Class<?> clz) {
try {
if (String.class.isAssignableFrom(clz) || clz.isPrimitive()) {
return true;
} else {
return ((Class) clz.getField("TYPE").get(null)).ishttp://www.cppcns.comPrimitive();
}
} catch (Exception e) {
return false;
}
}
}
脫敏AOP的實現
aop插拔式,以便防止有不需要的操作,所以編寫可控制類註解EnableDesensitization
package com.lgh.common.sensitive;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 方法返回值攔截器,需要註解才生效
* @author lgh
* @version 1.0
* @date 2021/1/17
**/
@Target({ElementType.TYPE,ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface EnableDesensitization {
}
最後實現攔截aop
package com.lgh.common.sensitive;
import com.lgh.common.utils.DesensitizationUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.context.annotation.Configuration;
import org.aspectj.lang.annotation.Aspect;
import java.lang.reflect.Method;
/**
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
@Aspect
@Configuration
public class SensitiveAspect {
public static final String ACCESS_EXECUTION = "execution(* com.lgh.controller..*.*(..))";
/**
* 註解脫敏處理
*
* @param joinPoint
* @return
* @throws Throwable
*/
@Around(ACCESS_EXECUTION)
public Object sensitiveClass(ProceedingJoinPoint joinPoint) throws Throwable {
return sensitiveFormat(joinPoint);
}
/**
* 插拔式註解統一攔截器。@{link EnableDesensitization } 和 @SensitiveValid
*
* @param joinPoint
* @return
* @throws Throwable
*/
public Object sensitiveFormat(ProceedingJoinPoint joinPoint) throws Throwable {
Object obj = joinPoint.proceed();
if (obj == null || DesensitizationUtils.isPrimitive(obj.getClass())) {
return obj;
}
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
EnableDesensitization desensitization = joinPoint.getTarget().getClass().getAnnotation(EnableDesensitization.class);
if (desensitization != null || method.getAnnotation(EnableDesensitization.class) != null) {
DesensitizationUtils.format(obj);
}
return obj;
}
}
實戰演練
我居於上一章節的UserDetail物件增加phone欄位,同時加入註解,如下:
package com.lgh.common.authority.entity;
import com.lgh.common.sensitive.DesensitizationEnum;
import com.lgh.common.sensitive.SensitiveValid;
public class UserDetail {
private long id;
private String name;
@SensitiveValid(type = DesensitizationEnum.PHONE)
private String phone;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public void setPhone(String phone) {
this.phone = phone;
}
public String getPhone() {
return phone;
}
}
接下來controller中啟動註解
@GetMapping("/detail")
@EnableDesensitization
public IResult<UserDetail> getUser(@AuthenticationPrincipal UserDetail userDetail) {
return CommonResult.successData(userDetail);
}
大功告成,接下來我們實現一下訪問操作
,以上為個人經驗,希望能給大家一個參考,也希望大家多多支援我們。