GSON序列化-如何从序列化中排除某些字段，但不进行反序列化

Question

If I have a type "Person", and it has multiple fields, including "password", then how do I tell GSON that I want accept the password field when it's passed in, but not to pass it back out?

Specifically, in this case, it's because my web front end can be used to update the password and send it to the Java side,, but I never want to send the password back to the front end (for obvious security reasons).

Answer 1

I am not sure you can do it with Gson, but you could with Genson . Put @JsonIgnore(deseriaize=true) on your getPassword method.

Or if you want genson to use only fields instead of public getter/setter and fields, configure it like that:

Genson genson = new Genson.Builder()
      .setUseGettersAndSetters(false)
      .setFieldVisibility(VisibilityFilter.DEFAULT)
      .create();

In that case put the annotation on the field.

Answer 2

You can deserialize your class as usual (since you want to deserialize all the fields) and write a custom serializer that excludes the password. Something like this:

public class PersonSerializer implements JsonSerializer<Person> {

  @Override
  public JsonElement serialize(Person src, Type typeOfSrc, JsonSerializationContext context)
  {
    JsonObject obj = new JsonObject();
    obj.addProperty("name", src.name);
    obj.addProperty("gender", src.gender);
    obj.addProperty("age", src.age);
    //And all the other fields but the password...

    return obj;
  }
}

Then you just need to register the serializer with:

GsonBuilder gson = new GsonBuilder();
gson.registerTypeAdapter(Person.class, new PersonSerializer());

And finally serialize your object as usual with gson.toJson method...

I'm not sure if it's the best approach, but it's pretty straightforward... Otherwise you can take a look at Gson's excusion strategies ...