杰克逊@JsonIgnore基于春季安全角色的领域 [英] Jackson @JsonIgnore fields based on spring security roles
问题描述
在我的所有Spring REST Web应用程序中,我有很多域对象和DTO。
In all of my Spring REST Web application, I have a lot of domain objects and DTOs.
我需要根据以下内容过滤一些域对象或DTO字段发出请求的用户的spring安全角色。我希望Jackson根据尝试访问资源的用户的Spring GrantedAuthorities角色过滤输出JSON以允许/禁止特定的类字段序列化。
I need to filter some domain object or DTOs fields based on the spring security roles of the user who makes the request. I want Jackson to filter the output JSON to allow/disallow specific class fields to be serialized , based on the Spring GrantedAuthorities roles of the user who tries to access the resource.
我不能为每个不同的视图组合创建新的DTO,因为它会很乱。
I can't create new DTO for every different view combination because it would be a mess.
我找到了这个解决方案:
Spring 3.2:基于Spring Security过滤Jackson JSON输出角色
但它不起作用,过滤器仅在第一个用户登录时应用一次。然后所有其他用户获得相同的过滤,无论他们的角色是什么。
I have found this solution :
Spring 3.2: Filtering Jackson JSON output based on Spring Security role
But it doesn't work, the filter is only applied once, when the first user logins. Then all the other users obtain the same filtering , no matter what their role is.
在这篇博客文章中,我无法比Ray Holland更好地解释我的问题:
http://jackson-users.ning.com/forum / topics / jackson-custom-serialization
这是我试图解决几天的完全相同的问题。
I cannot explain my problem better than Ray Holland on this blog post :
http://jackson-users.ning.com/forum/topics/jackson-custom-serialization
This is the exact same problem I'm trying to solve for a few days.
到目前为止我找不到干净的方法。
I couldn't find a clean way to do that so far.
推荐答案
最好在spring项目中使用 @JsonView ( example )
It's better to use @JsonView in spring project (example)
如果 @JsonView 还不够,没有简单的解决方案。定义特定的类(接口)来实现 @JsonIgnoreProperties 和 @JsonFilter 是不可避免的(
拿一个看看杰克逊:有条件地跳过对象)
If @JsonView isn't enough, there isn't easy solution. It is unavoidable to define specific class(interface) to implement @JsonIgnoreProperties and @JsonFilter (
take a look Jackson: Skip Objects Conditionally )
这篇关于杰克逊@JsonIgnore基于春季安全角色的领域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
