Hide/Mask Confidential Data In Spring REST Response
Question
I am creating a rest service using Spring REST+Spring Security. In few services I need to Hide/Mask data in response.
For example, I don't want anybody to see a user's password. So the password field should be empty or should not be present in response. I am using same DTO in request and list response. That's why could not remove attribute from DTO.
Similarly, account number should be masked as xxx-xxx-xxx-123 .
Is there any way in spring to achieve this? Or any common solution that could be applied on all entities/controller when ResponseEntity is returned (like Interceptor )?
2 answers
solution1
2 2015-01-12 11:00:41
In this case, you could use either @JsonIgnore, as already suggested, or projections. If you need more controle over response, you could implement your own Serializers as well.
solution2
-1 2015-08-22 05:53:45
If you want to mask only selected field, during logging and keep other field values as is. you can try this.
https://github.com/senthilaru/sp-util
<dependency> <groupId>com.immibytes</groupId> <artifactId>sp-utils</artifactId> <version>1.0.0-RELEASE</version> </dependency>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.