java @JsonProperty 中的关联关系中隐藏敏感数据
[英]Hide sensitive data in an association relationship in java @JsonProperty
问题描述
How can I hide some sensitive data on this example.
如何在此示例中隐藏一些敏感数据。 I'm testing APIs in rest client (Postman), when I call Api List of Bills, I want to hide some data.我正在 rest 客户端(邮递员)中测试 API,当我调用 Api 账单列表时,我想隐藏一些数据。 In BillsDto I want to hide username, password and user age fields.在 BillsDto 中,我想隐藏用户名、密码和用户年龄字段。 Is it possible to do this in my BillsDto class (not in UserDto).是否可以在我的 BillsDto class 中执行此操作(而不是在 UserDto 中)。 I know I can hide some fields using @JsonProperty but how to do it for some fields belonging to another class?我知道我可以使用@JsonProperty 隐藏一些字段,但是如何隐藏属于另一个 class 的某些字段?
***BillsDto***
public class BillsDto {
private String numberBills;
private double amount;
private Date deadlinePayment
private UserDto user; // try to hide username, password, age from BillsDto
}
***UserDto***
public class UserDto {
private String number_id;
private String username;
private String password;
private String firstName;
private String lastName;
private String age;
}
1 个解决方案
解决方案1
0 2022-11-25 04:20:23
I know I can hide some fields using
@JsonPropertybut how to do it for some fields belonging to another class?@JsonProperty隐藏一些字段,但是如何隐藏属于另一个 class 的一些字段?
The fact that you're using UserDto as a nested object somewhere, doesn't change the serialization policy that you can express through data binding annotations in the UserDto .您在某处将UserDto用作嵌套 object 的事实不会更改您可以通过UserDto中的数据绑定注释表达的序列化策略。
If you can change UserDto , apply @JsonProperty with it's property access set to JsonProperty.Access.WRITE_ONLY on the fields want to hide during serialization.如果您可以更改UserDto ,请在序列化期间要隐藏的字段上应用@JsonProperty并将其属性access设置为JsonProperty.Access.WRITE_ONLY 。
public class UserDto {
private String number_id;
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String username;
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String password;
private String firstName;
private String lastName;
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String age;
}
If for some reason, you want to achieve this by editing BillsDto only, then you can implement a custom serializer for UserDto and apply it by making use of the @JsonSerialize .如果出于某种原因,您只想通过编辑BillsDto来实现此目的,那么您可以为 UserDto 实现自定义序列化程序并通过使用UserDto @JsonSerialize它。 But to ensure that you're not disclosing the sensitive data somewhere, it would be better to apply this policy in one place - in the UserDto , because you or one of your colleagues might simply forget to @JsonSerialize in some of the classes which uses UserDto .但是为了确保您不会在某处泄露敏感数据,最好在一个地方应用此策略 - 在UserDto中,因为您或您的一位同事可能只是忘记在某些使用的类中使用@JsonSerialize UserDto 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.