利用Jackson序列化实现数据脱敏

　　几天前使用了Jackson对数据的自定义序列化。突发灵感，利用此方法来简单实现接口返回数据脱敏，故写此文记录。核心思想是利用Jackson的StdSerializer，JsonSerialize，以及自己实现的数据脱敏过程。
　　使用效果如下：首先在需要进行脱敏的VO字段上面标注相关脱敏注解
　　调用接口即可看到脱敏效果
　　实现过程如下：1。定义脱敏的过程实现CreatedbyEalenXieon202192415：52顶级的脱敏器publicinterfaceDesensitizationT｛脱敏实现paramtarget脱敏对象return脱敏返回结果Tdesensitize（Ttarget）；｝
　　比如具体的手机号脱敏器实现importcom。github。Symbol；importjava。util。regex。Matcher；importjava。util。regex。Pattern；CreatedbyEalenXieon202192415：56手机号脱敏器默认只保留前3位和后4位publicclassPhoneDesensitizationimplementsStringDesensitization｛手机号正则privatestaticfinalPatternDEFAULTPATTERNPattern。compile（（13〔09〕14〔579〕15〔03，59〕16〔6〕17〔0135678〕18〔09〕19〔89〕）d｛8｝）；手机号脱敏只保留前3位和后4位OverridepublicStringdesensitize（Stringtarget）｛MatchermatcherDEFAULTPATTERN。matcher（target）；while（matcher。find（））｛Stringgroupmatcher。group（）；targettarget。replace（group，group。substring（0，3）Symbol。getSymbol（4，Symbol。STAR）group。substring（7，11））；｝returntarget；｝｝2。定义脱敏注解，并指明了使用的序列化器，注解中声明了使用的脱敏器实现packagecom。github。annotation；importcom。fasterxml。jackson。annotation。JacksonAnnotationsInside；importcom。fasterxml。jackson。databind。annotation。JsonSerialize；importcom。github。desensitization。Desensitization；importcom。github。serializer。ObjectDesensitizeSerializer；importjava。lang。annotation。；CreatedbyEalenXieon202110811：30Target（｛ElementType。FIELD，ElementType。ANNOTATIONTYPE｝）Retention（RetentionPolicy。RUNTIME）JacksonAnnotationsInsideJsonSerialize（usingObjectDesensitizeSerializer。class）DocumentedpublicinterfaceDesensitize｛脱敏器实现SuppressWarnings（all）Classlt；？extendsDesensitizationlt；？desensitization（）；｝3。实现定义的序列化器importcom。fasterxml。jackson。core。JsonGenerator；importcom。fasterxml。jackson。databind。BeanProperty；importcom。fasterxml。jackson。databind。JsonSerializer；importcom。fasterxml。jackson。databind。SerializerProvider；importcom。fasterxml。jackson。databind。ser。ContextualSerializer；importcom。fasterxml。jackson。databind。ser。std。StdSerializer；importcom。github。Symbol；importcom。github。annotation。Desensitize；importcom。github。desensitization。Desensitization；importcom。github。desensitization。DesensitizationFactory；importcom。github。desensitization。StringDesensitization；importjava。io。IOException；CreatedbyEalenXieon2021899：03脱敏序列化器publicclassObjectDesensitizeSerializerextendsStdSerializerObjectimplementsContextualSerializer｛privatetransientDesensitizationObjectdesensitization；protectedObjectDesensitizeSerializer（）｛super（Object。class）；｝publicDesensitizationObjectgetDesensitization（）｛returndesensitization；｝publicvoidsetDesensitization（DesensitizationObjectdesensitization）｛this。desensitizationdesensitization；｝OverridepublicJsonSerializerObjectcreateContextual（SerializerProviderprov，BeanPropertyproperty）｛Desensitizeannotationproperty。getAnnotation（Desensitize。class）；returncreateContextual（annotation。desensitization（））；｝SuppressWarnings（unchecked）publicJsonSerializerObjectcreateContextual（Classlt；？extendsDesensitizationlt；？clazz）｛ObjectDesensitizeSerializerserializernewObjectDesensitizeSerializer（）；if（clazz！StringDesensitization。class）｛serializer。setDesensitization（（DesensitizationObject）DesensitizationFactory。getDesensitization（clazz））；｝returnserializer；｝Overridepublicvoidserialize（Objectvalue，JsonGeneratorgen，SerializerProviderprovider）throwsIOException｛DesensitizationObjectobjectDesensitizationgetDesensitization（）；if（objectDesensitization！null）｛try｛gen。writeObject（objectDesensitization。desensitize（value））；｝catch（Exceptione）｛gen。writeObject（value）；｝｝elseif（valueinstanceofString）｛gen。writeString（Symbol。getSymbol（（（String）value）。length（），Symbol。STAR））；｝else｛gen。writeObject（value）；｝｝｝4。代码的设计说明
　　完整代码可见：github。comEalenXieja另附基于Logback的日志脱敏方案（笔者认为这可能是全网最简单快捷的）
　　原理是利用Logback的自定义日志转换器ClassicConverter1。自定义脱敏日志转换器importch。qos。logback。classic。pattern。ClassicConverter；importch。qos。logback。classic。spi。ILoggingEvent；importcom。github。desensitization。EmailDesensitization；importcom。github。desensitization。IDCardDesensitization；importcom。github。desensitization。PhoneDesensitization；importcom。github。desensitization。StringDesensitization；importjava。util。ArrayList；importjava。util。List；authorEalenXiecreateon202131810：07此Converter提供支持日志脱敏1。编写此LogbackDesensitizeConverter2。正则脱敏手机号邮箱身份证publicclassLogbackDesensitizeConverterextendsClassicConverter｛protectedstaticfinalListStringDesensitizationDESENSITIZATIONLISTnewArrayList（）；static｛手机号脱敏DESENSITIZATIONLIST。add（newPhoneDesensitization（））；邮箱脱敏DESENSITIZATIONLIST。add（newEmailDesensitization（））；身份证脱敏DESENSITIZATIONLIST。add（newIDCardDesensitization（））；｝OverridepublicStringconvert（ILoggingEventevent）｛Stringcontentevent。getMessage（）；try｛for（StringDesensitizationdesensitization：DESENSITIZATIONLIST）｛contentdesensitization。desensitize（content）；｝｝catch（Exceptione）｛ig｝returncontent；｝｝2。启动类为PatternLayout的静态变量defaultConverterMap新增此自定义转换器importch。qos。logback。classic。PatternLayout；importcom。github。filter。LogbackDesensitizeConverter；importorg。springframework。boot。SpringApplication；importorg。springframework。boot。autoconfigure。SpringBootApplication；importorg。springframework。cloud。client。discovery。EnableDiscoveryClient；authorEalenXiecreateon2020112414：16EnableDiscoveryClientSpringBootApplicationpublicclassApiGatewayApplication｛publicstaticvoidmain（String〔〕args）｛日志处理方案新增一个Logback的日志脱敏转换器PatternLayout。defaultConverterMap。put（m，LogbackDesensitizeConverter。class。getName（））；SpringApplication。run（ApiGatewayApplication。class，args）；｝｝
　　启动后可以看到日志脱敏效果。
　　作者：EalenXie
　　链接：https：juejin。cnpost7018055632209051684