1.aop
启动类加@EnableAspectJAutoProxy
自定义注解,在实体类中使用表示被脱敏字段
建立aop切面类
可能这里gpt会建议你用@Pointcut("execution(public * com.xx.aop..*.get*(..))")这种方式拦截,这种我试了,拦截不住。猜测在mvc返回的时候,已经不被aop拦住了,除非手动调用。并且get方式还要user成为bean,不值当。直接拦截controller包吧。
2.Jackson
序列化类
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.BeanProperty;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.ser.ContextualSerializer;import java.io.IOException;public class DesensitizeSerializer extends JsonSerializer<String> implements ContextualSerializer {private SensitiveType type;private int startInclude;private int endExclude;public DesensitizeSerializer() {this.type = SensitiveType.COMMON;}public DesensitizeSerializer(SensitiveType type) {this.type = type;}@Overridepublic void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException, IOException {switch (type) {case COMMON:gen.writeString(MsgDesensitizedUtil.commonStr(value));break;case ID_CARD:gen.writeString(MsgDesensitizedUtil.idCardNum(value));break;case PHONE_NUMBER:gen.writeString(MsgDesensitizedUtil.mobilePhone(value));break;case EMAIL:gen.writeString(MsgDesensitizedUtil.email(value));break;default:throw new RuntimeException("未知脱敏类型");}}@Overridepublic JsonSerializer<?> createContextual(SerializerProvider prov, BeanProperty property) {if (property != null) {SensitiveData annotation = property.getAnnotation(SensitiveData.class);if (annotation != null) {this.type = annotation.value();}}return this;}}
针对多种类型的脱敏枚举类
在实体中添加就行了,不需要把自定义序列化加载到SimpleModule里