SoFunction
Updated on 2025-04-12

Detailed explanation of data desensitization in SpringBoot

Data desensitization processing in Spring Boot

Today we will discuss how to perform data desensitization in Spring Boot.

1. Introduction

Data desensitization refers to partial or complete masking of sensitive data to protect data privacy.

In practical applications, we often need to desensitize sensitive data in logs, API responses or databases, such as ID number, mobile phone number, email address, etc.

Spring Boot provides powerful framework support, allowing us to easily implement data desensitization.

2. Data desensitization scenarios

Common data desensitization scenarios include:

  • Logging: Prevent sensitive information from leaking in the log.
  • API Response: Protect user privacy and prevent sensitive information from being exposed to clients.
  • Database storage: Desensitize data before storage to ensure data security.

3. Definition of desensitization annotations

Let's first define an annotation@SensitiveData, used to mark fields that require desensitization.

package ;

import ;
import ;
import ;
import ;

@Retention()
@Target()
public @interface SensitiveData {
    SensitiveType value();
}

At the same time, we define an enumSensitiveTypeto indicate different types of desensitization.

package ;

public enum SensitiveType {
    CHINESE_NAME, ID_CARD, PHONE_NUMBER, EMAIL
}

4. Implement a desensitization processor

Next, we implement a desensitization processorSensitiveDataSerializer, used to mark@SensitiveDataThe annotated fields are desensitized.

package ;

import ;
import ;
import ;
import ;
import ;

import ;

public class SensitiveDataSerializer extends JsonSerializer<String> {

    @Override
    public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
        SensitiveData sensitiveData = ().getAnnotation();
        if (sensitiveData != null) {
            SensitiveType type = ();
            switch (type) {
                case CHINESE_NAME:
                    (maskChineseName(value));
                    break;
                case ID_CARD:
                    (maskIdCard(value));
                    break;
                case PHONE_NUMBER:
                    (maskPhoneNumber(value));
                    break;
                case EMAIL:
                    (maskEmail(value));
                    break;
                default:
                    (value);
            }
        } else {
            (value);
        }
    }

    private String maskChineseName(String name) {
        if (() <= 1) {
            return "*";
        }
        return (0) + "*".repeat(() - 1);
    }

    private String maskIdCard(String idCard) {
        return ("(\\d{4})\\d{10}(\\d{4})", "$1******$2");
    }

    private String maskPhoneNumber(String phoneNumber) {
        return ("(\\d{3})\\d{4}(\\d{4})", "$1****$2");
    }

    private String maskEmail(String email) {
        int atIndex = ("@");
        if (atIndex <= 1) {
            return "*".repeat(atIndex) + (atIndex);
        }
        return (0) + "*".repeat(atIndex - 1) + (atIndex);
    }
}

5. Configure Jackson

In order for Jackson to use our desensitization processor during serialization, we need to make relevant configurations.

package ;

import ;
import ;
import ;
import ;
import ;

@Configuration
public class JacksonConfig {

    @Bean
    public ObjectMapper objectMapper() {
        ObjectMapper objectMapper = new ObjectMapper();
        SimpleModule module = new SimpleModule();
        (, new SensitiveDataSerializer());
        (module);
        return objectMapper;
    }
}

6. Use desensitization annotations

Now we can use it on fields that need to be desensitized@SensitiveDataannotation. For example:

package ;

import ;
import ;

public class User {

    private String username;

    @SensitiveData(SensitiveType.CHINESE_NAME)
    private String realName;

    @SensitiveData(SensitiveType.ID_CARD)
    private String idCard;

    @SensitiveData(SensitiveType.PHONE_NUMBER)
    private String phoneNumber;

    @SensitiveData()
    private String email;

    // Getters and Setters
}

7. Controller example

Finally, we write a controller to test the data desensitization function.

package ;

import ;
import ;
import ;

@RestController
public class UserController {

    @GetMapping("/user")
    public User getUser() {
        User user = new User();
        ("johndoe");
        ("Zhang San");
        ("123456789012345678");
        ("13800138000");
        ("johndoe@");
        return user;
    }
}

Start the Spring Boot app and access it/userAt the endpoint, you can see that the sensitive data in the returned JSON has been desensitized.

Summarize

This article introduces how to perform data desensitization in Spring Boot. Through custom annotations and Jackson configuration, we can easily desensitize sensitive data and protect user privacy.

In practical applications, we can flexibly adjust the desensitization strategy according to specific needs to ensure data security.

The above is personal experience. I hope you can give you a reference and I hope you can support me more.