实现原理:拦截ResultSetHandler 的返回结果集,对其脱敏处理
1. 首先定义一个注解,用来标注哪些字段需要脱敏
@Retention(RetentionPolicy.RUNTIME) @Target({ElementType.FIELD}) public @interface DataHide { }
2. 定义一个数据实体DO
@TableName("person")
@Data
public class PersonDO {
@TableId
private Integer id;
private String firstName;
@DataHide // 要做脱敏的字段
private String lastName;
}
3. 写一个插件(拦截器)
/** * @author yangxj * @date 2020-08-10 11:31 * <p> * 数据脱敏拦截器 */ @Component @Intercepts(@Signature(type = ResultSetHandler.class, method = "handleResultSets", args = Statement.class)) public class DataHidePlugin implements Interceptor { @Override public Object intercept(Invocation invocation) throws Throwable { List result = (List) invocation.proceed(); return dataHide(result); }
@SuppressWarnings("unchecked") private List dataHide(List result) { if (result.isEmpty()) return result; Class<?> clazz = result.get(0).getClass(); // 基本类型或者基本类型的包装类型跳过 if (isWrapClass(clazz)) return result; // 获取字段开始处理 Field[] fields = clazz.getDeclaredFields(); for (Field field : fields) { // 包含脱敏注解字段做脱敏处理 if (field.isAnnotationPresent(DataHide.class)) { result.forEach(originData -> doHide(originData, field)); } } return result; } private boolean isWrapClass(Class<?> clazz) { try { return clazz.isPrimitive() || ((Class) clazz.getField("TYPE").get(null)).isPrimitive(); } catch (Exception e) { return false; } } private void doHide(Object originData, Field field) { try { field.setAccessible(true);
//TODO 具体脱敏规则自行实现... field.set(originData, "**" + field.get(originData) + "**"); } catch (Exception e) { } } @Override public Object plugin(Object target) { return Plugin.wrap(target, this); } @Override public void setProperties(Properties properties) { } }
5. over