快捷導(dǎo)航

Springboot敏感字段脫敏的實(shí)現(xiàn)思路

更新時(shí)間：2021年09月10日 10:02:06 作者：努力奮斗GO

這篇文章主要介紹了Springboot敏感字段脫敏的實(shí)現(xiàn)思路，本文通過實(shí)例代碼給大家介紹的非常詳細(xì),需要的朋友可以參考下

生產(chǎn)環(huán)境用戶的隱私數(shù)據(jù)，比如手機(jī)號(hào)、身份證或者一些賬號(hào)配置等信息，入庫(kù)時(shí)都要進(jìn)行不落地脫敏，也就是在進(jìn)入我們系統(tǒng)時(shí)就要實(shí)時(shí)的脫敏處理。

用戶數(shù)據(jù)進(jìn)入系統(tǒng)，脫敏處理后持久化到數(shù)據(jù)庫(kù)，用戶查詢數(shù)據(jù)時(shí)還要進(jìn)行反向解密。這種場(chǎng)景一般需要全局處理，那么用AOP切面來實(shí)現(xiàn)在適合不過了。

首先自定義兩個(gè)注解@EncryptField、@EncryptMethod分別用在字段屬性和方法上，實(shí)現(xiàn)思路很簡(jiǎn)單，只要方法上應(yīng)用到@EncryptMethod注解，則檢查入?yún)⒆侄问欠駱?biāo)注@EncryptField注解，有則將對(duì)應(yīng)字段內(nèi)容加密。

@Documented
@Target({ElementType.FIELD,ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptField {
 
    String[] value() default "";
}

@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface EncryptMethod {
 
    String type() default ENCRYPT;
}

切面的實(shí)現(xiàn)也比較簡(jiǎn)單，對(duì)入?yún)⒓用埽祷亟Y(jié)果解密。

import com.xiaofu.annotation.EncryptField;
import com.xiaofu.annotation.EncryptMethod;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.aspectj.lang.reflect.MethodSignature;
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.SerializationUtils;
 
import java.lang.reflect.Field;
import java.util.*;
 
import static com.xiaofu.enums.EncryptConstant.DECRYPT;
import static com.xiaofu.enums.EncryptConstant.ENCRYPT;
 
@Slf4j
@Aspect
@Component
public class EncryptHandler {
 
    @Autowired
    private StringEncryptor stringEncryptor;
 
    @Pointcut("@annotation(com.xiaofu.annotation.EncryptMethod)")
    public void pointCut() {
    }
 
    @Around("pointCut()")
    public Object around(ProceedingJoinPoint joinPoint) {
        /**
         * 加密
         */
        encrypt(joinPoint);
        /**
         * 解密
         */
        Object decrypt = decrypt(joinPoint);
        return decrypt;
    }
 
    public void encrypt(ProceedingJoinPoint joinPoint) {
 
        try {
            Object[] objects = joinPoint.getArgs();
            if (objects.length != 0) {
                for (Object o : objects) {
                    if (o instanceof String) {
                        encryptValue(o);
                    } else {
                        handler(o, ENCRYPT);
                    }
                    //TODO 其余類型自己看實(shí)際情況加
                }
            }
        } catch (IllegalAccessException e) {
            e.printStackTrace();
        }
    }
 
    public Object decrypt(ProceedingJoinPoint joinPoint) {
        Object result = null;
        try {
            Object obj = joinPoint.proceed();
            if (obj != null) {
                if (obj instanceof String) {
                    decryptValue(obj);
                } else {
                    result = handler(obj, DECRYPT);
                }
                //TODO 其余類型自己看實(shí)際情況加
            }
        } catch (Throwable e) {
            e.printStackTrace();
        }
        return result;
    }
 
    private Object handler(Object obj, String type) throws IllegalAccessException {
 
        if (Objects.isNull(obj)) {
            return null;
        }
        Field[] fields = obj.getClass().getDeclaredFields();
        for (Field field : fields) {
            boolean hasSecureField = field.isAnnotationPresent(EncryptField.class);
            if (hasSecureField) {
                field.setAccessible(true);
                String realValue = (String) field.get(obj);
                String value;
                if (DECRYPT.equals(type)) {
                    value = stringEncryptor.decrypt(realValue);
                } else {
                    value = stringEncryptor.encrypt(realValue);
                }
                field.set(obj, value);
            }
        }
        return obj;
    }
 
    public String encryptValue(Object realValue) {
        String value = null;
        try {
            value = stringEncryptor.encrypt(String.valueOf(realValue));
        } catch (Exception ex) {
            return value;
        }
        return value;
    }
 
    public String decryptValue(Object realValue) {
        String value = String.valueOf(realValue);
        try {
            value = stringEncryptor.decrypt(value);
        } catch (Exception ex) {
            return value;
        }
        return value;
    }
}

緊接著測(cè)試一下切面注解的效果，我們對(duì)字段mobile、address加上注解@EncryptField做脫敏處理。

@EncryptMethod
@PostMapping(value = "test")
@ResponseBody
public Object testEncrypt(@RequestBody UserVo user, @EncryptField String name) {
 
    return insertUser(user, name);
}
 
private UserVo insertUser(UserVo user, String name) {
    System.out.println("加密后的數(shù)據(jù)：user" + JSON.toJSONString(user));
    return user;
}
 
@Data
public class UserVo implements Serializable {
 
    private Long userId;
 
    @EncryptField
    private String mobile;
 
    @EncryptField
    private String address;
 
    private String age;
}

請(qǐng)求這個(gè)接口，看到參數(shù)被成功加密，而返回給用戶的數(shù)據(jù)依然是脫敏前的數(shù)據(jù)，符合我們的預(yù)期，那到這簡(jiǎn)單的脫敏實(shí)現(xiàn)就完事了。