Idea 1. The model layer is processed, the Get method is rewritten directly, and a getplain is written to get the plaintext method. ( Cons: Ciphertext is used when database writes and JSON serialization are passed )
2. Use the log component to filter the specific key to go for desensitization ( disadvantage: All log outputs are matched in a regular, very time-consuming way. )
By the pros and cons, will certainly choose 1, and then consider an implementation (in the model layer definition method, get it a copy class, copy the information inside the class is desensitization, log output only copy objects), overcome the disadvantage of 1
1. Defining the Interface class
Public Interface Nosensitiveobj<t> { default T nosensitiveobj () { returnthis ; }}
2. Implementation class If this class does not have sensitive information, only implement Nosensitiveobj, do not need to implement the method inside
Public classUserImplementsNosensitiveobj<user>{ PrivateString name; PrivateString Phone; PrivateString Email; PublicString GetName () {returnname; } Public voidsetName (String name) { This. Name =name; } PublicString Getphone () {returnphone; } Public voidSetphone (String phone) { This. Phone =phone; } PublicString Getemail () {returnemail; } Public voidsetemail (String email) { This. email =email; } @Override PublicUser nosensitiveobj () {User T; T=NewUser (); T.setemail (sensitiveinfoutils.email (email)); T.setname (Sensitiveinfoutils.chinesename (name)); T.setphone (Sensitiveinfoutils.mobilephone (phone)); returnT; } }
3. Tool class
Public classSensitiveinfoutils {/*** [Chinese name] Show only the first kanji, others hidden as 2 asterisks < example: Li **>*/ Public StaticString Chinesename (FinalString FullName) { if(Stringutils.isblank (fullName)) {return""; } FinalString name = Stringutils.left (FullName, 1); returnStringutils.rightpad (name, Stringutils.length (fullName), "*"); } /*** [Chinese name] Show only the first kanji, others hidden as 2 asterisks < example: Li **>*/ Public StaticString Chinesename (FinalString Familyname,FinalString GivenName) { if(Stringutils.isblank (familyname) | |Stringutils.isblank (GivenName)) { return""; } returnChinesename (Familyname +givenName); } /*** [Social Security number] shows last four bits, other hidden. Total 18-bit or 15-bit. < example:*************5762>*/ Public StaticString Idcardnum (FinalString ID) { if(Stringutils.isblank (id)) {return""; } returnStringutils.left (ID, 3). Concat (StringUtils. Removestart (Stringutils.leftpad (stringutils.right (ID,3), Stringutils.length (ID), "*"), "* *")); } /*** [Fixed phone] four-bit, other hidden < example:****1234>*/ Public StaticString Fixedphone (FinalString num) { if(Stringutils.isblank (num)) {return""; } returnStringutils.leftpad (Stringutils.right (NUM, 4), Stringutils.length (num), "*"); } /*** [Mobile number] top three, post four, other hidden < example:138******1234>*/ Public StaticString Mobilephone (FinalString num) { if(Stringutils.isblank (num)) {return""; } returnStringutils.left (NUM, 2). Concat (StringUtils. Removestart (Stringutils.leftpad (stringutils.right (num,2), Stringutils.length (num), "*", "* *")); } /*** [address] only show to the region, do not show the detailed address; we want to enhance protection of personal information < example: ****>, Haidian District, Beijing * *@paramsensitivesize * Sensitive information length*/ Public StaticString Address (FinalString address,Final intsensitivesize) { if(Stringutils.isblank (address)) {return""; } Final intLength =stringutils.length (address); returnStringutils.rightpad (Stringutils.left (address, length-sensitivesize), Length, "*"); } /*** [e-mail] mailbox prefix only shows the first letter, prefix other hidden, with asterisks instead, @ and the following address display < example:g**@163.com>*/ Public StaticString Email (FinalString Email) { if(Stringutils.isblank (email)) {return""; } Final intindex = stringutils.indexof (email, "@"); if(Index <= 1) { returnemail; } Else { returnStringutils.rightpad (Stringutils.left (email, 1), Index, "*"). Concat (Stringutils.mid (email, index, stringutils.length (email))); } } /*** [bank card number] The top six, the last four, the other with asterisks hide 1 asterisks per digit < example:6222600**********1234>*/ Public StaticString Bankcard (FinalString Cardnum) { if(Stringutils.isblank (cardnum)) {return""; } returnStringutils.left (Cardnum, 6). Concat (Stringutils.removestart (Stringutils.leftpad (Stringutils.right (Cardnum,4), Stringutils.length (Cardnum), "*", "******")); } /*** [Company bank account number] Company account Bank line number, show the top two, the other with asterisks hidden, 1 asterisks per digit < example:12********>*/ Public StaticString Cnapscode (FinalString Code) { if(Stringutils.isblank (code)) {return""; } returnStringutils.rightpad (Stringutils.left (Code, 2), Stringutils.length (code), "*"); }}
4. Testing
public class Test { private static final Logger Logger=loggerfactory.getlogger (Test.class public static void main (string[] args) {User user =new User (); User.setname ( "Zhang San" "18666218777" [email protected] "
Results
{"Email": "z******* @qq. com", "name": "Zhang *", "phone": "18******77"}
Data masking in Java logs