根据用户角色反序列化JSON字段 [英] Deserialise JSON fields based on user role

查看:148
本文介绍了根据用户角色反序列化JSON字段的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在模型中有一些字段,当登录用户具有角色 ROLE_ADMIN 时,我只想返回该字段。我可以使用 @JsonIgnore ,但这会为所有人隐藏它。如何让它动态隐藏?

解决方案

你应该使用 Jackson Json Views 技术来实现它 - 它允许选择一组不同的字段以编程方式进行序列化。它也受到 Spring 的支持/ p>

考虑你有一个类 Model ,它有两个属性: commonField 哪些应该适用于所有人, secretField 哪些应该只适用于某些用户。您应该创建一个视图层次结构(任何类都可以工作)并使用 @JsonView 注释指定哪个视图在哪个视图中可用

  package com.stackoverflow.jsonview; 
 
 import com.fasterxml.jackson.annotation.JsonView; 
 
 public class Model {
 
 public static class Public {} 
 public static class Secret extends Public {} 
 
 @JsonView(Public .class)
 private String commonField; 
 
 @JsonView(Secret.class)
 private String secretField; 
 
 public Model(){
} 
 
 public Model(String commonField,String secretField){
 this.commonField = commonField; 
 this.secretField = secretField; 
} 
 
 public String getCommonField(){
 return commonField; 
} 
 
 public void setCommonField(String commonField){
 this.commonField = commonField; 
} 
 
 public String getSecretField(){
 return secretField; 
} 
 
 public void setSecretField(String secretField){
 this.secretField = secretField; 
} 
 
}

现在您可以指定视图了想要在具体中使用 ObjectMapper 

  package com.stackoverflow.jsonview; 
 
 import com.fasterxml.jackson.core.JsonProcessingException; 
 import com.fasterxml.jackson.databind.ObjectMapper; 
 import org.junit.Test; 
 
 import static org.junit.Assert。*; 
 
 / ** 
 * / 
公共类ModelTest {
 
 @Test 
 public void testSecretField()抛出JsonProcessingException {
模型模型=新模型(commonField,secretField); 
 assertEquals({\commonField \:\commonField \,\secretField \:\secretField \},新的ObjectMapper()。writerWithView(模型.Secret.class).writeValueAsString(模型)); 
 assertEquals({\commonField \:\commonField \},new ObjectMapper()。writerWithView(Model.Public.class).writeValueAsString(model)); 
} 
 
}

我不确定你是否可以使用declaratie方法让spring根据开箱即用的用户角色选择正确的视图,所以你可能需要写一些这样的代码:

  @RequestMapping(/ data)
 public String getData(HttpServletRequest request){
 Model model = service.getModel(); 
 ObjectMapper objectMapper = new ObjectMapper(); 
 objectMapper = request.isUserInRole(ROLE_ADMIN)? objectMapper.writerWithView(Model.Secret.class):objectMapper.writerWithView(Model.Public.class); 
返回objectMapper.writeValueAsString(model); 
}


I have some fields in a model that I only want to be returned when the logged in user has the role ROLE_ADMIN. I can use @JsonIgnore but that hides it for everyone. How can I make it hide dynamically?

解决方案

You should use Jackson Json Views technology to acheive it - it allows to choose a different set of fields to be serialized programatically. It is also supported by Spring

Consider you have a class Model with two properties: commonField which should be available for everyone and secretField which should be available only for certain users. You should create an hierarchy of views (any classes would work) and specify which field is available in which view using @JsonView annotation

package com.stackoverflow.jsonview;

import com.fasterxml.jackson.annotation.JsonView;

public class Model {

    public static class Public {}
    public static class Secret extends Public {}

    @JsonView(Public.class)
    private String commonField;

    @JsonView(Secret.class)
    private String secretField;

    public Model() {
    }

    public Model(String commonField, String secretField) {
        this.commonField = commonField;
        this.secretField = secretField;
    }

    public String getCommonField() {
        return commonField;
    }

    public void setCommonField(String commonField) {
        this.commonField = commonField;
    }

    public String getSecretField() {
        return secretField;
    }

    public void setSecretField(String secretField) {
        this.secretField = secretField;
    }

}

Now you can specify the view you want to use in concrete ObjectMapper

package com.stackoverflow.jsonview;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Test;

import static org.junit.Assert.*;

/**
 */
public class ModelTest {

    @Test
    public void testSecretField() throws JsonProcessingException {
        Model model = new Model("commonField","secretField");
        assertEquals("{\"commonField\":\"commonField\",\"secretField\":\"secretField\"}", new ObjectMapper().writerWithView(Model.Secret.class).writeValueAsString(model));
        assertEquals("{\"commonField\":\"commonField\"}", new ObjectMapper().writerWithView(Model.Public.class).writeValueAsString(model));
    }

}

I am not sure if you can use declaratie approach to make spring choose the right view based on user role out of the box, so probably you will have to write some code like this:

@RequestMapping("/data")
public String getData(HttpServletRequest request) {
    Model model = service.getModel();
    ObjectMapper objectMapper = new ObjectMapper();
    objectMapper = request.isUserInRole("ROLE_ADMIN") ? objectMapper.writerWithView(Model.Secret.class) : objectMapper.writerWithView(Model.Public.class);
    return objectMapper.writeValueAsString(model);
}

这篇关于根据用户角色反序列化JSON字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆