Reputation: 2742
Jackson and JsonIgnore to hide secret fields
I'm trying to use a combination of dropwizard + morphia + jackson (dropwizard's default), but I can't get @JsonIgnore or @JsonIgnoreProperties to work. I've tried @JsonIgnoreProperties over the class definition for properties I don't want to be exposed (password and salt) to consumers of my API, I've also tried @JsonIgnore over the field declarations themselves as well as over every permutation of getter and setter... Kind of at a loss now.
edit: here's the model:
@Entity(value = "user", noClassnameStored = true)
@Indexes({
@Index(fields = {
@Field(value = "email", type = IndexType.ASC)},
options = @IndexOptions(unique = true, sparse = true)
)
})
public class User {
@Id
private ObjectId id = new ObjectId();
@JsonProperty
private String email;
@JsonProperty
private byte[] password;
@JsonProperty
private byte[] salt = SecurityUtils.getSalt();
@Reference
private Person person = new Person();
public String getId() {
return id.toHexString();
}
public void setId(ObjectId id) {
this.id = id;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
@JsonIgnore
public byte[] getPassword() {
return password;
}
@JsonIgnore
public void setPassword(String password) {
this.password = SecurityUtils.hashPassword(password.toCharArray(), this.getSalt());
}
@JsonIgnore
public byte[] getSalt() {
return salt;
}
@JsonIgnore
public void setSalt(byte[] salt) {
this.salt = salt;
}
public Person getPerson() {
return person;
}
public void setPerson(Person person) {
this.person = person;
}
}
In addition to the above I've tried defining the class using @JsonIgnoreProperties({"password", "salt"} public class User..., as well as having @JsonIgnore only over the getters, setters, etc.
I'm using morphia v1.2.1 to persist. Right now I have a basic DAO that's extending morphia's BasicDAO and mostly just proxying at the moment. Can post snippets of that code if it'll help.
Upvotes: 1
Views: 1393
Answers (1)
Reputation: 77054
password and salt are both labeled @JsonProperty, which takes precedence over the ignore on the setter and getter. I think if you remove the JsonPropety annotation (or replace it with JsonIgnore), those fields you want ignored will actually be ignored.
Upvotes: 2
Related Questions
- Want to hide some fields of an object that are being mapped to JSON by Jackson
- JSON by Jackson: hide field name but keep the value
- Use JsonView to selectively hide fields
- Hide some fields dynamically before marshalling (java to json)
- Hiding protected fields from Jackson serialization
- Java Jackson JSON without POJOs
- Hide JSON fields
- Hide JSON fields in Jersey RESTful
- Dropwizard hiding field in json
- Hiding Jackson type info on certain (fields) situations?