说明:
公司之前数据接口数据管理不严格,很多接口的敏感数据都没有脱敏处理,直接返回给前端了,然后被甲方的第三方安全漏洞扫出来,老板要求紧急处理,常用的话在单个字段上加上脱敏注解会更加的灵活,但是时间有点紧,一个个返回对象的响应参数里面的单个字段处理比较耗时间
想法:
就是快!!!快速处理
利用aop注解,对返回的对象进行处理,默认一些常用的需要脱敏的字段名,比如password、mobile、idCardNo等,支持自定义对象名称列表。同时如果返回的是个列表,则需要对列表里面的值也都遍历处理。
直接在controller接口上添加注解,就能对返回的数据做全局处理,不要一个个对象里面的一个个字段进行处理。
效果
实操:
1、pom引入依赖
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-aop</artifactId></dependency><!-- hutool工具类 -->
<dependency><groupId>cn.hutool</groupId><artifactId>hutool-all</artifactId><version>5.8.15</version>
</dependency>
2、自定义注解
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface SensitiveResponse {/*** 默认需要脱敏的字段列表* @return 字段列表*/
String[] value() default {"password", "mobile", "phone", "idCardNo", "email", "bankCardNo", "address"};/*** 默认字段上再增加的字段* @return 字段列表*/
String[] addValue() default {};
}
配置实现
import cn.hutool.core.util.DesensitizedUtil;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.stereotype.Component;import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;@Aspect
@Component
public class SensitiveResponseConfig {/*** 定义切点为注解*/
@Pointcut("@annotation(sensitiveResponse)")
public void sensitiveResponsePointcut(SensitiveResponse sensitiveResponse) {
}@AfterReturning(pointcut = "sensitiveResponsePointcut(sensitiveResponse)", returning = "response", argNames = "sensitiveResponse,response")
public void desensitizeResponse(SensitiveResponse sensitiveResponse, Object response) {List<String> sensitiveFields = new ArrayList<>(Arrays.asList(sensitiveResponse.value()));sensitiveFields.addAll(Arrays.asList(sensitiveResponse.addValue()));if (ObjectUtils.isEmpty(sensitiveFields)) {return;}if (response instanceof List) {List<Object> dataList = (List<Object>) response;for (Object data : dataList) {desensitizeObjectFields(data, sensitiveFields);}} else {desensitizeObjectFields(response, sensitiveFields);}
}private void desensitizeObjectFields(Object obj, List<String> sensitiveFields) {Arrays.stream(obj.getClass().getDeclaredFields()).filter(field -> sensitiveFields.contains(field.getName())).forEach(field -> {field.setAccessible(true);try {String fieldValue = (String) field.get(obj);if (StringUtils.isNotBlank(fieldValue)) {String fieldName = field.getName();String desensitizedValue = "";switch (fieldName) {case "mobile":case "phone":desensitizedValue = DesensitizedUtil.mobilePhone(fieldValue);break;// 身份证保留前六后三case "idCardNo":desensitizedValue = DesensitizedUtil.idCardNum(fieldValue, 6, 3);break;case "email":desensitizedValue = DesensitizedUtil.email(fieldValue);break;case "address" :desensitizedValue = DesensitizedUtil.address(fieldValue, 6);break;case "bankCardNo" :desensitizedValue = DesensitizedUtil.bankCard(fieldValue);break;default:// 默认按密码方式全部*号处理desensitizedValue = DesensitizedUtil.password(fieldValue);break;}field.set(obj, desensitizedValue);}} catch (IllegalAccessException e) {e.printStackTrace();}});// 递归处理子对象字段脱敏Arrays.stream(obj.getClass().getDeclaredFields())// 排除基本数据类型和Java内置类型.filter(field -> !field.getType().isPrimitive() && !field.getType().getName().startsWith("java")).forEach(field -> {field.setAccessible(true);try {Object fieldValue = field.get(obj);if (fieldValue != null) {desensitizeObjectFields(fieldValue, sensitiveFields);}} catch (IllegalAccessException e) {e.printStackTrace();}});`
3、使用
![[vue3]组件通信](https://img-blog.csdnimg.cn/img_convert/014c79cb2027c4c5a84dd8760b1035de.png)
