Add a new annotation processor for Jackson like a annotation attached for sensitive data.

MyJacksonAnnotationProcessorMain.java

import java.io.IOException;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.util.Map;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.introspect.Annotated;
import com.fasterxml.jackson.databind.introspect.NopAnnotationIntrospector;
import com.fasterxml.jackson.databind.ser.std.StdSerializer;

public final class MyJacksonAnnotationProcessorMain {
    public static void main(String[] args) throws JsonProcessingException {
        // トラブルを避けるために、他の箇所で使っている ObjectMapper とは別に用意する。
        ObjectMapper logObjectMapper = new ObjectMapper()
                .registerModule(new SensitiveFieldMaskingModule());

        FooRequest fooRequest = new FooRequest("ログに残していいやつ", "ログに残すのダメなやつ");

        System.out.println("シリアライズ結果: " + logObjectMapper.writeValueAsString(fooRequest));
        System.out.println("Map へ変換結果:  " + logObjectMapper.convertValue(fooRequest, Map.class));
    }

    @lombok.Value
    static class FooRequest {
        /** 隠す必要無いプロパティ */
        private final String userId;

        /** センシティブな情報 */
        @Sensitive
        private final String token;
    }

    @Retention(RetentionPolicy.RUNTIME)
    @Target(ElementType.FIELD)
    @interface Sensitive {
    }

    static class SensitiveFieldMaskingModule extends Module {
        @Override
        public String getModuleName() {
            return getClass().getSimpleName();
        }

        @Override
        public Version version() {
            return Version.unknownVersion();
        }

        @Override
        public void setupModule(SetupContext context) {
            context.insertAnnotationIntrospector(new SensitiveFieldMaskingAnnotationIntrospector());
        }
    }

    static class SensitiveFieldMaskingAnnotationIntrospector extends NopAnnotationIntrospector {
        private static final long serialVersionUID = -4171975975956047379L;

        @Override
        public Object findSerializer(Annotated am) {
            if (am.hasAnnotation(Sensitive.class)) {
                return SensitiveFieldMaskingSerializer.class;
            }
            return null;
        }
    }

    static class SensitiveFieldMaskingSerializer extends StdSerializer<Object> {
        private static final long serialVersionUID = 3888199957574169748L;

        protected SensitiveFieldMaskingSerializer() {
            super(Object.class);
        }

        @Override
        public void serialize(Object value, JsonGenerator gen, SerializerProvider provider) throws IOException {
            // 適当に置換する処理
            if (value instanceof Number) {
                gen.writeNumber(0);
            } else if (value instanceof String) {
                gen.writeString("Hidden: Sensitive string");
            } else {
                gen.writeNull();
            }
        }
    }
}