• Home
• io.github.shuigedeng
• taotao-boot-starter-sensitive
• 2024.12
• source code
• SensitiveJsonSerializer.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.taotao.boot.sensitive.desensitize.SensitiveJsonSerializer Maven / Gradle / Ivy

/*
 * Copyright (c) 2020-2030, Shuigedeng ([email protected] & https://blog.taotaocloud.top/).
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.taotao.boot.sensitive.desensitize;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.BeanProperty;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.ser.ContextualSerializer;
import com.taotao.boot.common.holder.UserContextHolder;
import com.taotao.boot.common.model.BaseSecurityUser;
import com.taotao.boot.sensitive.enums.SensitiveStrategy;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;

import java.io.IOException;
import java.util.Objects;

/**
 * 敏感信息序列化时 过滤
 *
 * @author shuigedeng
 * @version 2022.06
 * @since 2022-07-06 14:37:50
 */
public class SensitiveJsonSerializer extends JsonSerializer
        implements ContextualSerializer, ApplicationContextAware {

    private SensitiveStrategy strategy;

    // 系统配置
    private DesensitizeProperties desensitizeProperties;

    @Override
    public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException {

        // 字段序列化处理
        gen.writeString(strategy.desensitizer().apply(value));
    }

    @Override
    public JsonSerializer createContextual(SerializerProvider prov, BeanProperty property)
            throws JsonMappingException {

        // 判定是否 需要脱敏处理
        if (desensitization()) {
            // 获取敏感枚举
            Sensitive annotation = property.getAnnotation(Sensitive.class);

            // 如果有敏感注解，则加入脱敏规则
            if (Objects.nonNull(annotation)
                    && Objects.equals(String.class, property.getType().getRawClass())) {
                this.strategy = annotation.strategy();
                return this;
            }
        }
        return prov.findValueSerializer(property.getType(), property);
    }

    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        desensitizeProperties = applicationContext.getBean(DesensitizeProperties.class);
    }

    /** 是否需要脱敏处理 */
    private boolean desensitization() {

        // 当前用户
        BaseSecurityUser baseSecurityUser = UserContextHolder.getUser();

        // 默认脱敏
        if (baseSecurityUser == null) {
            return true;
        }

        if (baseSecurityUser.getType() == 2) {
            return desensitizeProperties.getSensitiveLevel() == 2;
        }

        if (baseSecurityUser.getType() == 1) {
            return desensitizeProperties.getSensitiveLevel() >= 1;
        }

        return false;
    }
}