使用自定義Json註解實現輸出日志字段脫敏
自定義Json註解實現輸出日志字段脫敏
背景
在日志輸出的時候,有時會輸出一些用戶的敏感信息,如手機號,身份證號,銀行卡號等,現需要對這些信息在日志輸出的時候進行脫敏處理
思路
使用fastjson的ValueFilter對帶有自定義註解的字段進行過濾
/**
* 敏感信息類型
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
public enum SensitiveType {
ID_CARD,
BANK_CARD,
PHONE
}
/**
* 脫敏字段註解
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
@Target({ElementType.TYPE, ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
public @interface SensitiveInfo {
SensitiveType type();
}
/**
* 日志敏感信息脫敏工具
*
* @author worstEzreal
* @version V1.0.0
* @date 2017/7/19
*/
public class SensitiveInfoUtils {
public static String toJsonString(Object object) {
return JSON.toJSONString(object, getValueFilter());
}
private static String desensitizePhoneOrIdCard(String num) {
if (StringUtils.isBlank(num)) {
return "";
}
return StringUtils.left(num, 3).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(num, 4), StringUtils.length(num), "*"), "***"));
}
private static String desensitizeBankCard(String cardNum) {
if (StringUtils.isBlank(cardNum)) {
return "";
}
return StringUtils.left(cardNum, 4).concat(StringUtils.removeStart(StringUtils.leftPad(StringUtils.right(cardNum, 4), StringUtils.length(cardNum), "*"), "****"));
}
private static final ValueFilter getValueFilter() {
return new ValueFilter() {
@Override
public Object process(Object obj, String key, Object value) {//obj-對象 key-字段名 value-字段值
try {
Field field = obj.getClass().getDeclaredField(key);
SensitiveInfo annotation = field.getAnnotation(SensitiveInfo.class);
if (null != annotation && value instanceof String) {
String strVal = (String) value;
if (StringUtils.isNotBlank(strVal)) {
switch (annotation.type()) {
case PHONE:
return desensitizePhoneOrIdCard(strVal);
case ID_CARD:
return desensitizePhoneOrIdCard(strVal);
case BANK_CARD:
return desensitizeBankCard(strVal);
default:
break;
}
}
}
} catch (NoSuchFieldException e) {
//找不到的field對功能沒有影響,空處理
}
return value;
}
};
}
public static void main(String[] args) {
CardInfo cardInfo = new CardInfo();
cardInfo.setId("11111111111111111");
cardInfo.setCardId("6228480402564890018");
System.out.println(SensitiveInfoUtils.toJsonString(cardInfo));
}
}
附CardInfo類
public class CardInfo {
private String userId;
private String name;
@SensitiveInfo(type = SensitiveType.ID_CARD)
private String certId;
@SensitiveInfo(type = SensitiveType.BANK_CARD)
private String cardId;
private String bank;
private String phone;
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getCertId() {
return certId;
}
public void setCertId(String certId) {
this.certId = certId;
}
public String getCardId() {
return cardId;
}
public void setCardId(String cardId) {
this.cardId = cardId;
}
public String getBank() {
return bank;
}
public void setBank(String bank) {
this.bank = bank;
}
public String getPhone() {
return phone;
}
public void setPhone(String phone) {
this.phone = phone;
}
}
java註解式脫敏
隨著互聯網時代普及,用戶的信息越來越重要,我們開發軟件過程中也需要對用戶的信息進行脫敏處理活著加密處理,針對於比較繁雜的工作,個人來講解如何實現註解式脫敏,支持靜態調用和aop統一攔截實現脫敏或者加密返回。
代碼講解
脫敏枚舉類
定義枚舉類,處理所有脫敏和加密等,同時可擴展性,這裡隻是註解式調用方法而已,以便編寫樣例。DesensitizationEnum若還需要其他脫敏或者加密方法是,隻需要添加下面枚舉類型即可
package com.lgh.common.sensitive;
import com.lgh.common.utils.MaskUtils;
import java.lang.reflect.Method;
/**
* 若需要新定義一個掃描規則,這裡添加即可
*
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public enum DesensitizationEnum {
// 執行類和脫敏方法名
PHONE(MaskUtils.class, "maskPhone", new Class[]{String.class});
private Class<?> clazz;
private Method method;
DesensitizationEnum(Class<?> target, String method, Class[] paramTypes) {
this.clazz = target;
try {
this.method = target.getDeclaredMethod(method, paramTypes);
} catch (NoSuchMethodException e) {
e.printStackTrace();
}
}
public Method getMethod() {
return method;
}
}
脫敏工具
package com.lgh.common.utils;
import org.springframework.util.StringUtils;
/**
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public class MaskUtils {
public static String maskPhone(String phone){
if(StringUtils.isEmpty(phone) || phone.length() < 8){
return phone;
}
return phone.replaceAll("(\\d{3})\\d*(\\d{4})", "$1****$2");
}
}
註解類編寫
此類添加到需要脫敏的類屬性上即可實現脫敏,具體是遞歸遍歷此註解,通過反射機制來實現脫敏功能
package com.lgh.common.sensitive;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 參數定義註解類
* @author linguohu
* @version 1.0
* @date 2021/1/17
**/
@Target({ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface SensitiveValid {
DesensitizationEnum type();
}
脫敏工具類
特殊聲明,我們遞歸時是索引遞歸,會出現死循環的情況,比如對象引用瞭對象,循環地址引用,所以會出現死循環,這裡設置瞭10層遞歸,一般我們也不允許有那麼深的對象設置。
package com.lgh.common.utils;
import com.lgh.common.sensitive.DesensitizationEnum;
import com.lgh.common.sensitive.SensitiveValid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ReflectionUtils;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.Map;
/**
* 對象脫敏工具
*
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
public class DesensitizationUtils {
private static final Logger log = LoggerFactory.getLogger(DesensitizationUtils.class);
private DesensitizationUtils() {
}
/**
* 掃描對象註解,脫敏,最高層次8層
*
* @param obj
*/
public static void format(Object obj) {
DesensitizationUtils.formatMethod(obj, 10);
}
/**
* 遞歸遍歷數據,因為可能有對象地址應用導致循環問題,同時設置莫名奇妙的異常,所以設置遞歸層次,一般不要超過10層
*
* @param obj 需要反射對象
* @param level 遞歸層次,必須輸入
*/
private static void formatMethod(Object obj, int level) {
if (obj == null || isPrimitive(obj.getClass()) || level <= 0) {
return;
}
if (obj.getClass().isArray()) {
for (Object object : (Object[]) obj) {
formatMethod(object, level--);
}
} else if (Collection.class.isAssignableFrom(obj.getClass())) {
for (Object o : ((Collection) obj)) {
formatMethod(o, level--);
}
} else if (Map.class.isAssignableFrom(obj.getClass())) {
for (Object o : ((Map) obj).values()) {
formatMethod(o, level--);
}
} else {
objFormat(obj, level);
}
}
/**
* 隻有對象才格式化數據
*
* @param obj
* @param level
*/
private static void objFormat(Object obj, int level) {
for (Field field : obj.getClass().getDeclaredFields()) {
try {
if (isPrimitive(field.getType())) {
SensitiveValid sensitiveValid = field.getAnnotation(SensitiveValid.class);
if (sensitiveValid != null) {
ReflectionUtils.makeAccessible(field);
DesensitizationEnum desensitizationEnum = sensitiveValid.type();
Object fieldV = desensitizationEnum.getMethod().invoke(null, field.get(obj));
ReflectionUtils.setField(field, obj, fieldV);
}
} else {
ReflectionUtils.makeAccessible(field);
Object fieldValue = ReflectionUtils.getField(field, obj);
if (fieldValue == null) {
continue;
}
formatMethod(fieldValue, level - 1);
}
} catch (Exception e) {
log.error("脫敏數據處理異常", e);
}
}
}
/**
* 基本數據類型和String類型判斷
*
* @param clz
* @return
*/
public static boolean isPrimitive(Class<?> clz) {
try {
if (String.class.isAssignableFrom(clz) || clz.isPrimitive()) {
return true;
} else {
return ((Class) clz.getField("TYPE").get(null)).isPrimitive();
}
} catch (Exception e) {
return false;
}
}
}
脫敏AOP的實現
aop插拔式編程,以便防止有不需要的操作,所以編寫可控制類註解EnableDesensitization
package com.lgh.common.sensitive;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 方法返回值攔截器,需要註解才生效
* @author lgh
* @version 1.0
* @date 2021/1/17
**/
@Target({ElementType.TYPE,ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface EnableDesensitization {
}
最後實現攔截aop
package com.lgh.common.sensitive;
import com.lgh.common.utils.DesensitizationUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.context.annotation.Configuration;
import org.aspectj.lang.annotation.Aspect;
import java.lang.reflect.Method;
/**
* @author lgh
* @version 1.0
* @date 2021/1/17
*/
@Aspect
@Configuration
public class SensitiveAspect {
public static final String ACCESS_EXECUTION = "execution(* com.lgh.controller..*.*(..))";
/**
* 註解脫敏處理
*
* @param joinPoint
* @return
* @throws Throwable
*/
@Around(ACCESS_EXECUTION)
public Object sensitiveClass(ProceedingJoinPoint joinPoint) throws Throwable {
return sensitiveFormat(joinPoint);
}
/**
* 插拔式註解統一攔截器。@{link EnableDesensitization } 和 @SensitiveValid
*
* @param joinPoint
* @return
* @throws Throwable
*/
public Object sensitiveFormat(ProceedingJoinPoint joinPoint) throws Throwable {
Object obj = joinPoint.proceed();
if (obj == null || DesensitizationUtils.isPrimitive(obj.getClass())) {
return obj;
}
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
Method method = signature.getMethod();
EnableDesensitization desensitization = joinPoint.getTarget().getClass().getAnnotation(EnableDesensitization.class);
if (desensitization != null || method.getAnnotation(EnableDesensitization.class) != null) {
DesensitizationUtils.format(obj);
}
return obj;
}
}
實戰演練
我居於上一章節的UserDetail對象增加phone字段,同時加入註解,如下:
package com.lgh.common.authority.entity;
import com.lgh.common.sensitive.DesensitizationEnum;
import com.lgh.common.sensitive.SensitiveValid;
public class UserDetail {
private long id;
private String name;
@SensitiveValid(type = DesensitizationEnum.PHONE)
private String phone;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public void setPhone(String phone) {
this.phone = phone;
}
public String getPhone() {
return phone;
}
}
接下來controller中啟動註解
@GetMapping("/detail")
@EnableDesensitization
public IResult<UserDetail> getUser(@AuthenticationPrincipal UserDetail userDetail) {
return CommonResult.successData(userDetail);
}
大功告成,接下來我們實現一下訪問操作
以上為個人經驗,希望能給大傢一個參考,也希望大傢多多支持WalkonNet。