DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

How are you handling the data revolution? We want your take on what's real, what's hype, and what's next in the world of data engineering.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

SBOMs are essential to circumventing software supply chain attacks, and they provide visibility into various software components.

Related

  • Upgrade Guide To Spring Boot 3.0 for Spring Data JPA and Querydsl
  • Less Code With Spring Data Rest
  • Calling Stored Procedures With IN and OUT Parameters From Spring Data JPA
  • Spring Data: Easy MongoDB Migration Using Mongock

Trending

  • Jakarta EE 11 and the Road Ahead With Jakarta EE 12
  • Rust: The Must-Adopt Language for Modern Software Development
  • Top NoSQL Databases and Use Cases
  • Designing Microservices Architecture With a Custom Spring Boot Starter and Auto-Configuration Framework
  1. DZone
  2. Data Engineering
  3. Data
  4. Data Hiding Using JsonIgnore and Spring Data JPA

Data Hiding Using JsonIgnore and Spring Data JPA

Take a look at a couple of annotations you can use to hide fields from a Jackson parser. We cover how to do it and the security concerns involved.

By 
Martin Farrell user avatar
Martin Farrell
·
Jun. 20, 17 · Tutorial
Likes (3)
Comment
Save
Tweet
Share
80.4K Views

Join the DZone community and get the full member experience.

Join For Free

Data hiding using JsonIgnore and Spring Data JPA is achieved using two approaches:

  • @JsonIgnore and @JsonIgnoreProperties
  • Repository Detection Strategies

This post considers @JsonIgnore and @JsonIgnoreProperties.

Code

The code is available at:

  • https://github.com/farrelmr/introtospringdatarest/tree/4.0.0.
  • https://github.com/farrelmr/introtospringdatarest/releases/tag/4.0.0.

Code Changes

I’ve added an extra table to for this example:

@Entity
public class Secrets {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private long id;
    private String mySecrets;
    public String getMySecrets() {
        return mySecrets;
    }
    public void setMySecrets(String mySecrets) {
        this.mySecrets = mySecrets;
    }
}


With its associated repository:

@PreAuthorize("hasRole('ROLE_USER')")
    public interface SecretsRepository extends CrudRepository<Secrets, Long> {
}


Running the Code

I have left the security from the last tutorial, Securing Spring Data REST with PreAuthorize, in place – but we can run this code using:

mvnw spring-boot:run


We can then call rest/profile to see the two exposed repositories:

curl - u user: user - X GET http: //localhost:8080/rest/profile
    {
        "_links": {
            "self": {
                "href": "http://localhost:8080/rest/profile"
            },
            "secrets": {
                "href": "http://localhost:8080/rest/profile/secrets"
            },
            "parkrunCourses": {
                "href": "http://localhost:8080/rest/profile/parkrunCourses"
            }
        }
    }


And calling the secrets REST endpoint:

curl - u user: user - X GET http: //localhost:8080/rest/secrets/1
    {
        "mySecret": "I want to hide this",
        "_links": {
            "self": {
                "href": "http://localhost:8080/rest/secrets/1"
            },
            "secret": {
                "href": "http://localhost:8080/rest/secrets/1"
            }
        }
    }


This post looks at techniques I can use to not expose the SecretRepository

@JsonIgnore and @JsonIgnoreProperties

The purpose of @JsonIgnore and @JsonIgnoreProperties is to hide attributes from the Jackson parser by instructing it to ignore these fields.

Usage is simply a matter of tagging the attribute with the @JsonIgnore.

@Entity
public class Secret {
    //
    @JsonIgnore
    private String mySecret;
    //
}


Or we can achieve the same using @JsonIgnoreProperties annotation:

curl - u user: user - X GET http: //localhost:8080/rest/secrets/1
    {
        "_links": {
            "self": {
                "href": "http://localhost:8080/rest/secrets/1"
            },
            "secret": {
                "href": "http://localhost:8080/rest/secrets/1"
            }
        }
    }


With either of these changes, we can then call our secrets REST endpoint, and the mySecret field is no longer exposed:

curl - u user: user - X GET http: //localhost:8080/rest/secrets/1
    {
        "_links": {
            "self": {
                "href": "http://localhost:8080/rest/secrets/1"
            },
            "secret": {
                "href": "http://localhost:8080/rest/secrets/1"
            }
        }
    }

Conclusion

@JsonIgnore or @JsonIgnoreProperties simply hides the field from the Jackson parser. This is good for hiding small pieces of information. The downside is we still have an exposed endpoint due to the default Repository Detection Strategies.

Spring Data Data (computing) Spring Framework

Published at DZone with permission of Martin Farrell, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Upgrade Guide To Spring Boot 3.0 for Spring Data JPA and Querydsl
  • Less Code With Spring Data Rest
  • Calling Stored Procedures With IN and OUT Parameters From Spring Data JPA
  • Spring Data: Easy MongoDB Migration Using Mongock

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • [email protected]

Let's be friends: