stackoom
  简体   繁体   中英

Omit password field from User response using Grails Spring Security Plugin Core & REST

 原文  2017-01-25 00:32:58       json/ grails/ plugins/ spring-security/ response

Question

I am using Grails 3.2.4 and the Grails Spring Security Plugin Core & REST. When a request is made to User#index , I use 

params.max = Math.min(max ?: 10, 100)
respond User.list(params), model: [userCount: User.count()]

The response is something like: 

[
  {
    "id": 3,
    "accountExpired": false,
    "accountLocked": false,
    "enabled": true,
    "password": "$2a$10$fdWi7i48Kw5tnpzsjKMUMOQDx7nhglp9tRtDaJHTAi5qOTdIL0t3u",
    "passwordExpired": false,
    "username": "me"
  },
  {
    "id": 4,
    "accountExpired": false,
    "accountLocked": false,
    "enabled": true,
    "password": "$2a$10$3uFrDjJ8AwMsdMbKhExece6cJtQ4DS2e1/jFMIdDHrmqgDGpBgkS2",
    "passwordExpired": false,
    "username": "master"
  },
  // ...

How can I customize this response and eliminate the password field, for example?

2 answers

solution1
 3  2017-01-25 02:08:03

There are couple of ways to achieve this but the simplest would be to register a bean of type JsonRenderer in resources.groovy as below: 

import grails.rest.render.json.JsonRenderer

beans = {
    userRenderer(JsonRenderer, User) {
        excludes = ['password']
    }
}

Refer https://docs.grails.org/latest/guide/webServices.html#renderers for additional ways.

solution2
 1  2017-01-26 17:59:22

If you are using the JSON-VIEWS feature in your project and your controller inherits from RestfulController you could also do the following:

Note: I am assuming that your user class is named User

First try and use the command 

grails generate-views [yourpackage.]security.User

where [yourpackage.] is optional and represents the name of the package where you created your User class when you executed the s2-quickstart command.

If the generation of the views was succesful, you will find a directory named user in \\grails-app\\views with the following files

  • _user.gson
  • index.gson
  • show.gson

These should be your json views for User. Open _user.gson . It should have content like the following 

import [yourpackage.]security.User

model {
    User user
}

json g.render(user)

edit the code so that it excludes password from the json render 

import [yourpackage.]security.Usuario

model {
    User user
}

json g.render(user, [excludes: ['password']) //This is where you exclude password

This might seem a bit more complicated than editing the beans, but in my opinion, it might be easier to look for a related view, than check the resources.groovy if someone else wants to edit the project.

For more information on this check the grails reference to json views

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Omit struct field in JSON response Grails 3.2.9: Spring Rest Docs using Rest Assured giving Payload Handling Exception: com.fasterxml.jackson.core.JSONParseException grails spring security rest status 401 redirect to controller's action to throw custom error message How to omit a field in JSON returned value in Spring Securing jQuery calls to Spring MVC REST API using Spring Security How to extract data from JSON response coming from external REST API using RestTemplate in Spring Boot? How can I change the default REST validation response from HTML to JSON when using Spring? Rest api using Spring boot not returning data to client via angular: yields 404 response from browser get request failing while using grails-json-rest-api-plugin Using values from a rest.response
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM