stackoom
  简体   繁体   中英

Hide sensitive data in an association relationship in java @JsonProperty

 原文  2022-11-25 04:00:27       java/ json/ spring-boot/ spring-data-jpa/ jackson

Question

How can I hide some sensitive data on this example. I'm testing APIs in rest client (Postman), when I call Api List of Bills, I want to hide some data. In BillsDto I want to hide username, password and user age fields. Is it possible to do this in my BillsDto class (not in UserDto). I know I can hide some fields using @JsonProperty but how to do it for some fields belonging to another class?

***BillsDto***

public class BillsDto {

private String numberBills;
private double amount;
private Date deadlinePayment
private UserDto user;  // try to hide username, password, age from BillsDto

}


***UserDto***

public class UserDto {

private String number_id;
private String username;
private String password;
private String firstName;
private String lastName;
private String age;
}

1 answers

solution1
 0  2022-11-25 04:20:23

I know I can hide some fields using @JsonProperty but how to do it for some fields belonging to another class?

The fact that you're using UserDto as a nested object somewhere, doesn't change the serialization policy that you can express through data binding annotations in the UserDto .

If you can change UserDto , apply @JsonProperty with it's property access set to JsonProperty.Access.WRITE_ONLY on the fields want to hide during serialization.

public class UserDto {
    private String number_id;
    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
    private String username;
    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
    private String password;
    private String firstName;
    private String lastName;
    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
    private String age;
}

If for some reason, you want to achieve this by editing BillsDto only, then you can implement a custom serializer for UserDto and apply it by making use of the @JsonSerialize . But to ensure that you're not disclosing the sensitive data somewhere, it would be better to apply this policy in one place - in the UserDto , because you or one of your colleagues might simply forget to @JsonSerialize in some of the classes which uses UserDto .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JsonProperty in java Java - store sensitive data How to hide a JsonProperty in the DTO? Sensitive data in java heap dumps owasp sensitive data prevention in java Encrypting sensitive application data in Java Spring Data Rest - How to have an association relationship How to “hide” sensitive system properties like passwords set by Java applications? Passing sensitive data from C to Java Storing/Reading sensitive data from Java program
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM