CODEWITHSUNDEEP
jsongrailspluginsspring-securityresponse
nbkhope
nbkhope

Reputation: 7474

Omit password field from User response using Grails Spring Security Plugin Core & REST

I am using Grails 3.2.4 and the Grails Spring Security Plugin Core & REST. When a request is made to User#index, I use 

params.max = Math.min(max ?: 10, 100)
respond User.list(params), model: [userCount: User.count()]

The response is something like:

[
  {
    "id": 3,
    "accountExpired": false,
    "accountLocked": false,
    "enabled": true,
    "password": "$2a$10$fdWi7i48Kw5tnpzsjKMUMOQDx7nhglp9tRtDaJHTAi5qOTdIL0t3u",
    "passwordExpired": false,
    "username": "me"
  },
  {
    "id": 4,
    "accountExpired": false,
    "accountLocked": false,
    "enabled": true,
    "password": "$2a$10$3uFrDjJ8AwMsdMbKhExece6cJtQ4DS2e1/jFMIdDHrmqgDGpBgkS2",
    "passwordExpired": false,
    "username": "master"
  },
  // ...

How can I customize this response and eliminate the password field, for example?

Upvotes: 0

Views: 230

Answers (2)

Omar Yafer
Omar Yafer

Reputation: 863

If you are using the JSON-VIEWS feature in your project and your controller inherits from RestfulController you could also do the following:

Note: I am assuming that your user class is named User

First try and use the command 

grails generate-views [yourpackage.]security.User

where [yourpackage.] is optional and represents the name of the package where you created your User class when you executed the s2-quickstart command.

If the generation of the views was succesful, you will find a directory named user in \grails-app\views with the following files

  • _user.gson
  • index.gson
  • show.gson

These should be your json views for User. Open _user.gson. It should have content like the following

import [yourpackage.]security.User

model {
    User user
}

json g.render(user)

edit the code so that it excludes password from the json render

import [yourpackage.]security.Usuario

model {
    User user
}

json g.render(user, [excludes: ['password']) //This is where you exclude password

This might seem a bit more complicated than editing the beans, but in my opinion, it might be easier to look for a related view, than check the resources.groovy if someone else wants to edit the project.

For more information on this check the grails reference to json views

Upvotes: 1

dmahapatro
dmahapatro

Reputation: 50285

There are couple of ways to achieve this but the simplest would be to register a bean of type JsonRenderer in resources.groovy as below:

import grails.rest.render.json.JsonRenderer

beans = {
    userRenderer(JsonRenderer, User) {
        excludes = ['password']
    }
}

Refer https://docs.grails.org/latest/guide/webServices.html#renderers for additional ways.

Upvotes: 3

Related Questions