[英]Hide sensitive data in an association relationship in java @JsonProperty
How can I hide some sensitive data on this example.如何在此示例中隐藏一些敏感数据。 I'm testing APIs in rest client (Postman), when I call Api List of Bills, I want to hide some data.我正在 rest 客户端(邮递员)中测试 API,当我调用 Api 账单列表时,我想隐藏一些数据。 In BillsDto I want to hide username, password and user age fields.在 BillsDto 中,我想隐藏用户名、密码和用户年龄字段。 Is it possible to do this in my BillsDto class (not in UserDto).是否可以在我的 BillsDto class 中执行此操作(而不是在 UserDto 中)。 I know I can hide some fields using @JsonProperty but how to do it for some fields belonging to another class?我知道我可以使用@JsonProperty 隐藏一些字段,但是如何隐藏属于另一个 class 的某些字段?
***BillsDto***
public class BillsDto {
private String numberBills;
private double amount;
private Date deadlinePayment
private UserDto user; // try to hide username, password, age from BillsDto
}
***UserDto***
public class UserDto {
private String number_id;
private String username;
private String password;
private String firstName;
private String lastName;
private String age;
}
I know I can hide some fields using
@JsonProperty
but how to do it for some fields belonging to another class?我知道我可以使用@JsonProperty
隐藏一些字段,但是如何隐藏属于另一个 class 的一些字段?
The fact that you're using UserDto
as a nested object somewhere, doesn't change the serialization policy that you can express through data binding annotations in the UserDto
.您在某处将UserDto
用作嵌套 object 的事实不会更改您可以通过UserDto
中的数据绑定注释表达的序列化策略。
If you can change UserDto
, apply @JsonProperty
with it's property access
set to JsonProperty.Access.WRITE_ONLY
on the fields want to hide during serialization.如果您可以更改UserDto
,请在序列化期间要隐藏的字段上应用@JsonProperty
并将其属性access
设置为JsonProperty.Access.WRITE_ONLY
。
public class UserDto {
private String number_id;
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String username;
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String password;
private String firstName;
private String lastName;
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String age;
}
If for some reason, you want to achieve this by editing BillsDto
only, then you can implement a custom serializer for UserDto
and apply it by making use of the @JsonSerialize
.如果出于某种原因,您只想通过编辑BillsDto
来实现此目的,那么您可以为 UserDto 实现自定义序列化程序并通过使用UserDto
@JsonSerialize
它。 But to ensure that you're not disclosing the sensitive data somewhere, it would be better to apply this policy in one place - in the UserDto
, because you or one of your colleagues might simply forget to @JsonSerialize
in some of the classes which uses UserDto
.但是为了确保您不会在某处泄露敏感数据,最好在一个地方应用此策略 - 在UserDto
中,因为您或您的一位同事可能只是忘记在某些使用的类中使用@JsonSerialize
UserDto
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.