默认情况下,不要在实体类中公开字段,使用 Spring Data Rest 和 Jpa
[英]By default, don't expose field in Entity class, using Spring Data Rest and Jpa
问题描述
I have an entity class Account.
我有一个实体类帐户。 It has a bunch of fields.它有一堆字段。 Most of them for now are exposed in REST calls except where I explicitly ignore the password field with @JsonIgnore , but I will be adding more fields and I don't want to forget adding @JsonIgnore to something new that shouldn't be exposed.目前,它们中的大多数都在 REST 调用中公开,除非我使用@JsonIgnore显式忽略密码字段,但我将添加更多字段,并且我不想忘记将 @JsonIgnore 添加到不应公开的新内容中。
Can I invert the exposure, so that I explicitly have to enable fields to be exported, with the default being that it won't be exposed?我可以反转曝光,以便我明确地启用要导出的字段,默认情况下它不会被公开吗?
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import lombok.Data;
import lombok.ToString;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.fasterxml.jackson.annotation.JsonIgnore;
@Data
@ToString(exclude = "password")
@Entity
public class Account {
public static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();
private @Id @GeneratedValue Long id;
private String name;
@JsonIgnore private String password;
private String[] roles;
public void setPassword(String password) {
this.password = PASSWORD_ENCODER.encode(password);
}
protected Account() {}
public Account(String name, String password, String... roles) {
this.name = name;
this.setPassword(password);
this.roles = roles;
}
}
Using Spring Data REST here, so everything else that is there is just repositories, there is no extra layer to do something smart.在这里使用 Spring Data REST,所以其他一切都只是存储库,没有额外的层来做一些聪明的事情。
1 个解决方案
解决方案1
2 2018-03-03 12:32:29
There is two main ways to get the "white-list" properties effect in Jackson library Jackson库中获得“白名单”属性效果的主要方式有两种
First Way:第一种方式:
Remove @Data annotation from your Account class and add getters only to fields you want to expose.从您的Account类中删除@Data注释,并仅将 getter 添加到您想要公开的字段。 To make sure that properties without getters will not be excludes add @JsonIgnoreProperties(ignoreUnknown=true) to your Account class为确保不排除没有 getter 的属性,将@JsonIgnoreProperties(ignoreUnknown=true)到您的Account类
Second Way:第二种方式:
Wrap your Account class with AccountForJson class.用AccountForJson类包装您的Account类。 for example :例如 :
public class AccountForJson {
private Account account;
public MyClassForJson(Account accountToWrapped) {
this.account = accountToWrapped;
}
/**
* Example of property that you want to expose
*/
public String getName() {
return this.account.getName();
}
}
ps : there is an open issuse in Jackson github repository for that feature, here is the link for watching that issuse - Add @JsonIncludeProperties(propertyNames) (reverse of @JsonIgnoreProperties ) ps:在Jackson github 存储库中有一个针对该功能的开放问题,这是观看该问题的链接 -添加@JsonIncludeProperties(propertyNames) ( @JsonIgnoreProperties反向)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.