问题描述
我在模型中有一些字段,当登录用户具有角色 ROLE_ADMIN
时,我只想返回该字段。我可以使用 @JsonIgnore
,但这会为所有人隐藏它。如何让它动态隐藏?
你应该使用技术来实现它 - 它允许选择一组不同的字段以编程方式进行序列化。它也受到的支持/ p>
考虑你有一个类 Model
,它有两个属性: commonField
哪些应该适用于所有人, secretField
哪些应该只适用于某些用户。您应该创建一个视图层次结构(任何类都可以工作)并使用 @JsonView
注释指定哪个视图在哪个视图中可用
package com.stackoverflow.jsonview;
import com.fasterxml.jackson.annotation.JsonView;
public class Model {
public static class Public {}
public static class Secret extends Public {}
@JsonView(Public .class)
private String commonField;
@JsonView(Secret.class)
private String secretField;
public Model(){
}
public Model(String commonField,String secretField){
this.commonField = commonField;
this.secretField = secretField;
}
public String getCommonField(){
return commonField;
}
public void setCommonField(String commonField){
this.commonField = commonField;
}
public String getSecretField(){
return secretField;
}
public void setSecretField(String secretField){
this.secretField = secretField;
}
}
现在您可以指定视图了想要在具体中使用 ObjectMapper
package com.stackoverflow.jsonview;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Test;
import static org.junit.Assert。*;
/ **
* /
公共类ModelTest {
@Test
public void testSecretField()抛出JsonProcessingException {
模型模型=新模型(commonField,secretField);
assertEquals({\commonField \:\commonField \,\secretField \:\secretField \},新的ObjectMapper()。writerWithView(模型.Secret.class).writeValueAsString(模型));
assertEquals({\commonField \:\commonField \},new ObjectMapper()。writerWithView(Model.Public.class).writeValueAsString(model));
}
}
我不确定你是否可以使用declaratie方法让spring根据开箱即用的用户角色选择正确的视图,所以你可能需要写一些这样的代码:
@RequestMapping(/ data)
public String getData(HttpServletRequest request){
Model model = service.getModel();
ObjectMapper objectMapper = new ObjectMapper();
objectMapper = request.isUserInRole(ROLE_ADMIN)? objectMapper.writerWithView(Model.Secret.class):objectMapper.writerWithView(Model.Public.class);
返回objectMapper.writeValueAsString(model);
}
I have some fields in a model that I only want to be returned when the logged in user has the role ROLE_ADMIN
. I can use @JsonIgnore
but that hides it for everyone. How can I make it hide dynamically?
You should use Jackson Json Views technology to acheive it - it allows to choose a different set of fields to be serialized programatically. It is also supported by Spring
Consider you have a class Model
with two properties: commonField
which should be available for everyone and secretField
which should be available only for certain users. You should create an hierarchy of views (any classes would work) and specify which field is available in which view using @JsonView
annotation
package com.stackoverflow.jsonview;
import com.fasterxml.jackson.annotation.JsonView;
public class Model {
public static class Public {}
public static class Secret extends Public {}
@JsonView(Public.class)
private String commonField;
@JsonView(Secret.class)
private String secretField;
public Model() {
}
public Model(String commonField, String secretField) {
this.commonField = commonField;
this.secretField = secretField;
}
public String getCommonField() {
return commonField;
}
public void setCommonField(String commonField) {
this.commonField = commonField;
}
public String getSecretField() {
return secretField;
}
public void setSecretField(String secretField) {
this.secretField = secretField;
}
}
Now you can specify the view you want to use in concrete ObjectMapper
package com.stackoverflow.jsonview;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*/
public class ModelTest {
@Test
public void testSecretField() throws JsonProcessingException {
Model model = new Model("commonField","secretField");
assertEquals("{\"commonField\":\"commonField\",\"secretField\":\"secretField\"}", new ObjectMapper().writerWithView(Model.Secret.class).writeValueAsString(model));
assertEquals("{\"commonField\":\"commonField\"}", new ObjectMapper().writerWithView(Model.Public.class).writeValueAsString(model));
}
}
I am not sure if you can use declaratie approach to make spring choose the right view based on user role out of the box, so probably you will have to write some code like this:
@RequestMapping("/data")
public String getData(HttpServletRequest request) {
Model model = service.getModel();
ObjectMapper objectMapper = new ObjectMapper();
objectMapper = request.isUserInRole("ROLE_ADMIN") ? objectMapper.writerWithView(Model.Secret.class) : objectMapper.writerWithView(Model.Public.class);
return objectMapper.writeValueAsString(model);
}
这篇关于根据用户角色反序列化JSON字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!