背景
照着这篇文章Springboot敏感字段脱敏敲了一下例子,然后有一些需要注意的地方,这里记录一下。
代码
首先是需要引入的依赖项,如下:
implementation ':assertj-core:3.21.0'
implementation ':spring-aspects:5.3.13'
implementation ':jasypt-spring-boot-starter:3.0.4'
implementation ':fastjson:1.2.78'
implementation ':jackson-databind:2.13.0'
testImplementation ':spring-boot-starter-test'
implementation ':spring-aop:5.3.14'
配置文件里还需要配置一下:
jasypt.encryptor.password: 71144850f4fb4cc55fc0ee6935badddf
然后其他代码看原博客就可以。
改进
这里主要写一下,改动了的地方,也就是EncryptHandler的handler方法,因为这个handler方法这能处理参数或者返回值为具体对象,也就是UserVo的情况,处理不了List<UserVo>的情况,下面直接上上代码:
private Object handler(Object obj, EncryptConstant type) throws IllegalAccessException {
if (Objects.isNull(obj)) {
return null;
}
//判断是否是list
Class cls2 = obj.getClass();
if (cls2.isAssignableFrom(ArrayList.class)
||cls2.isAssignableFrom(List.class)
||cls2.isAssignableFrom(LinkedList.class)){
List<Object> list= (List<Object>) obj;
list.forEach(object->{
try {
processObj(object,type);
} catch (IllegalAccessException e) {
e.printStackTrace();
}
});
}else {
processObj(obj,type);
}
return obj;
}
private void processObj(Object obj, EncryptConstant type) throws IllegalAccessException {
Field[] fields = obj.getClass().getDeclaredFields();
for (Field field : fields) {
boolean hasSecureField = field.isAnnotationPresent(EncryptField.class);
if (hasSecureField) {
field.setAccessible(true);
String realValue = (String) field.get(obj);
String value;
if (DECRYPT.equals(type)) {
value = stringEncryptor.decrypt(realValue);
} else {
value = stringEncryptor.encrypt(realValue);
}
field.set(obj, value);
}
}
}