I am using Jackson to serial objects to save on Mongo DB (via Jango). These objects have a password hash, which I want to store on the database.
I also have a REST API that will return those items. When objects are sorted through the REST API, they will include the password hash. Despite having communication over HTTPS, it seems like a security risk to me. How can I stop serialization of password hash through the REST API, but not for the firmness of the database? Is there anything like the conditional ordering of the field?
@JsonView may be tailored to your needs.
// Definitions: Class view {Fixed square public {} Fixed class internal public {}} Public class user {// name is public @ JSonView (visible. Name; // only hash password for internal use @JsonView (see internal.clash) string hash password; } In your REST API, you can specify:
public class resources {@JsonView (see public category) @GET @Produces (MediaType .APPLICATION_JSON) Public listing & lt; Users & gt; GetElements () {/ some some registrar comes back; }} The user's "name" property will only be included in the response to the above API.
Note: If there is no app annotation, then the view identified by object means classified: that is, which is included in all the views.
When DB is serialized, you can do it:
objectMapper.viewWriter (see.inientalclass) .writeValue (outside, Bean instance) ; This will include all the user's properties.
More info here:
Comments
Post a Comment