Today, we will dive into how to customize annotations to enable desensitization of sensitive data. In the context of increasing attention to data security today, many companies have strict requirements on the protection of sensitive data, especially when processing sensitive data such as personal privacy and financial information, desensitization has become a crucial link. Therefore, today's content will focus on practical operations without involving too much theoretical analysis.
We will step by step show how to desensitize data through custom annotations through a concrete example, the entire process only relies on the Spring framework without introducing any third-party libraries or additional dependencies. Just follow the steps to complete the corresponding function implementation. Next, let’s start learning this practical chapter.
Data desensitization
We need to process a wide variety of desensitization data, including but not limited to ID number, phone number, user name, WeChat account, etc. Each data type has its own specific encryption or desensitization rules, so each data type must be processed separately.
Custom annotations
Next, we will need to use custom annotations to implement specific functions and behaviors. These annotations will act on the properties of each class according to their defined purpose, in order to provide the required identification, verification, or processing logic in different contexts. OK, let's write it:
public class DesensitizeJsonSerializerByTelNo extends JsonSerializer<String> {
@Override
public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
// Desensitize data during serialization (("(?<=^..).(?=.*..$)", "*"));
}
}
public class DesensitizeJsonSerializerByCustNm extends JsonSerializer<String> {
@Override
public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
// Desensitize data during serialization (("(?<=^.).*", "*"));
}
}
public class DesensitizeJsonSerializerByEmail extends JsonSerializer<String> {
@Override
public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
// Desensitize data during serialization (("(?<=^.|(?<=@.).)([^@])(.*)(?=@|$)", "*$3"));
}
}
Here, we do not intend to list all possible annotations, but choose to list the three most commonly used and representative annotations. These annotations cover the most common needs we have in actual development. Next, we start adding these annotations to specific classes and properties.
usage
We usually use entity classes to pass them as return data types to the Spring framework, which automatically serializes them to exchange data between the client and the server. Next, we start to implement this process in detail.
@JsonSerialize(using = ) private String custNm; @JsonSerialize(using = ) private String ssnCrnNo;
Here we demonstrate only basic usage of desensitization. This method basically ensures that when returned to the front end, the data will be serialized and desensitized by annotation marks, thereby avoiding leakage of sensitive information. However, what if we need to desensitize the data as well during internal processing? Because by default, the desensitization operation is only triggered by annotation when the data is returned to the front end, and in the internal logic, the data is not automatically desensitized.
In this case, we can useObjectMapperManually desensitize the object to ensure that the same desensitization effect can be achieved during internal use.
Internal desensitization
Next, in this example, we will demonstrate how to protect the privacy of sensitive information through desensitization. The following is the specific code implementation:
List<ResultInfoVO> list = selectResultByCondition(searchVO);
ObjectMapper objectMapper = new ObjectMapper();
String s = (list);
list = (s, new <List<ResultInfoVO>>() {});
"In this way, the data is automatically desensitized. In fact, the whole process is just a process of converting the object into a transferable format through serialization and then reverting it to the original object through deserialization.
Summarize
In today's increasingly important data security, desensitization of sensitive data is particularly critical, especially when it comes to personal privacy and financial information. This article explores how to use Spring framework to desensitize data without introducing third-party libraries through custom annotations. We show through specific examples how to write custom annotations for common sensitive data types (such as phone numbers, ID cards, emails, etc.) and apply desensitization rules during serialization. Through these annotations, sensitive information can be automatically desensitized when the data is returned to the front end to avoid leakage.
This is the end of this article about Spring custom annotations to achieve data desensitization. For more relevant Spring data desensitization content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!