问题描述
建议
我想要达到的目的是能够接收用户的密码以便存储它,但同时制作确保存储的(加密)密码没有被序列化并发送回客户端。
我在这里做错了什么?
使用Jackson版本2.9.0时,以下内容适用于我:
@NoArgsConstructor
@AllArgsConstructor
public class Credentials {
private String username;
私有字符串密码;
public String getUsername(){
return username;
}
public void setUsername(String username){
this.username = username;
}
@JsonProperty(access = Access.WRITE_ONLY)
public String getPassword(){
return password;
}
public void setPassword(String password){
this.password = password;
}
}
...以及正在运行的测试示例......
@Test
public void jsonIgnoreSerialization()throws Exception {
ObjectMapper objectMapper = new ObjectMapper();
String serialized = objectMapper.writeValueAsString(new Credentials(user,pass));
assertThat(序列化).isEqualTo({\username \:\user \});
凭证凭证= objectMapper.readValue({\username \:\user \,\password \:\pass \} ,Credentials.class);
assertThat(credentials.getUsername())。isEqualTo(user);
assertThat(credentials.getPassword())。isEqualTo(pass);
}
为简单起见,构造函数是来自和断言来自。
你可以尝试一下吗?
As suggested here I've tried to use @JsonIgnore
and @JsonProperty
(from import com.fasterxml.jackson.annotation.*;
) on the password
and passwordSalt
fields of my AppUser
.
@Entity
@Table(name = "app_user")
public class AppUser extends AbstractTimestampEntity {
// ..
@JsonIgnore
public String getPassword() {
return password;
}
@JsonProperty
public void setPassword(String password) {
this.password = password;
}
@JsonIgnore
public String getPasswordSalt() {
return passwordSalt;
}
@JsonProperty
public void setPasswordSalt(String passwordSalt) {
this.passwordSalt = passwordSalt;
}
}
However, for some reason the two fields are always null
. As I try to "register" a user, the JSON I am sending is not getting de-serialized completely. password
is set to null
:
What I want to achieve is to be able to receive the user's password in order to store it, but at the same time make sure that the stored (encrypted) password is not being serialized and sent back to the client as well.
What am I doing wrong here?
With Jackson version 2.9.0 the following works for me:
@NoArgsConstructor
@AllArgsConstructor
public class Credentials {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@JsonProperty(access = Access.WRITE_ONLY)
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
…and a running test example…
@Test
public void jsonIgnoreSerialization() throws Exception {
ObjectMapper objectMapper = new ObjectMapper();
String serialized = objectMapper.writeValueAsString(new Credentials("user", "pass"));
assertThat(serialized).isEqualTo("{\"username\":\"user\"}");
Credentials credentials = objectMapper.readValue("{\"username\":\"user\",\"password\":\"pass\"}", Credentials.class);
assertThat(credentials.getUsername()).isEqualTo("user");
assertThat(credentials.getPassword()).isEqualTo("pass");
}
For the sake of simplicity the constructors are the ones from Lombok and the assertions come from AssertJ.
Can you give this a try?
这篇关于@JsonProperty / @JsonIgnore在write-only属性上没有按预期工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!