Learn to mask a string or number with a mask character except by displaying the last 4 characters at the end. This masking is generally seen in financial applications where we want to mask the account number or SSN to avoid displaying the NPI (Non-public personal information) data.
If we need to mask the data in the log files, then consider using the inbuilt masking feature in logback.
1. Using Regular Expression
The simplest solution for masking a string except the last N digits is using the regex with String.replaceAll() function. The replaceAll() function replaces each matching substring with the given replacement string.
In the following code, regex matches each character in the string except the last 4 characters. We can apply this regex for any number of characters. Note that if the string length is less than 4, the original string remains unchanged.
public static String maskString(String input) {
if(input == null) {
return "NULL";
}
return input.replaceAll(".(?=.{4})", "x");
}
Let us test the above function.
Assertions.assertEquals("xxxxx6789", maskString("123456789"));
Assertions.assertEquals("6789", maskString("6789"));
Assertions.assertEquals("789", maskString("789"));
Assertions.assertEquals("", maskString("")); //empty string
Assertions.assertEquals("NULL", maskString(null)); //null
If we want to mask a formatted string, we can tweak the regex accordingly. For example, the following function will only convert the alphanumeric characters in a formatted string except for the last 4 characters. So if the string is a formatted account number or SSN, it skips the hyphens in the formatted string.
public static String maskString(String input) {
if(input == null) {
return "NULL";
}
return input.replaceAll("[^-](?=.{4})", "x");
}
Let us test the above function for formatted strings as well.
Assertions.assertEquals("xxx-xxx-7890", maskString("123-456-7890"));
Assertions.assertEquals("xxxxx6789", maskString("123456789"));
2. Append the Last 4 Chars to Custom Masked String
In this method, we are free to create the custom mask string having only mask characters in any format. Later, we append the last 4 chars of the input string into the mask string.
In the following example, we are using String.repeat() method that creates a string by repeating itself a specified number of times. Then we append the last 4 chars of the input string.
public static String maskString(String input) {
if(input == null) {
return "NULL";
}
int maskLength = input.length() - 4;
if (maskLength <= 0)
return input; //string less than 4 chars
return "x".repeat(maskLength) + input.substring(maskLength);
}
Let us test the above function.
Assertions.assertEquals("xxxxx6789", maskString("123456789"));
Assertions.assertEquals("789", maskString("789"));
Assertions.assertEquals("", maskString("")); //empty string
Assertions.assertEquals("NULL", maskString(null)); //null
Note that for formatted strings, we must create the custom formatted mask string according to requirements.
3. Conclusion
In this Java string tutorial, we learned to mask a given string with the specified mask character except for the last 4 characters of the input string. We learned to mask the string using regular expressions and by creating custom masks.
Happy Learning !!
Comments