Jackson how to prevent field serialization

Question

I have an entity class with a password field  class User       private String password         setter  getter      I want this field to be skipped during serialization  But it should still be able to deserialize  This is needed  so that the client can send me a new password  but is not able to read the current one  How do I accomplish this with Jackson

User · Answer

Jackson has a class named SimpleBeanPropertyFilter that helps to filter fields during serialization and deserialization; not globally. I think that's what you wanted.

@JsonFilter("custom_serializer")
class User {
    private String password;

    //setter, getter..
}

Then in your code:

String[] fieldsToSkip = new String[] { "password" };

ObjectMapper mapper = new ObjectMapper();

final SimpleFilterProvider filter = new SimpleFilterProvider();
filter.addFilter("custom_serializer",
            SimpleBeanPropertyFilter.serializeAllExcept(fieldsToSkip));

mapper.setFilters(filter);

String jsonStr = mapper.writeValueAsString(currentUser);

This will prevent password field to get serialized. Also you will be able to deserialize password fields as it is. Just make sure no filters are applied on the ObjectMapper object.

ObjectMapper mapper = new ObjectMapper();
User user = mapper.readValue(yourJsonStr, User.class);    // user object does have non-null password field

User · Answer

The easy way is to annotate your getters and setters    Here is the original example modified to exclude the plain text password  but then annotate a new method that just returns the password field as encrypted text   class User        private String password       public void setPassword String password            this password   password              JsonIgnore     public String getPassword             return password              JsonProperty  password       public String getEncryptedPassword                encryption logic

User · Answer

Aside from  JsonIgnore  there are a couple of other possibilities    Use JSON Views to filter out fields conditionally  by default  not used for deserialization  in 2 0 will be available but you can use different view on serialization  deserialization   JsonIgnoreProperties on class may be useful

User · Answer

Illustrating what StaxMan has stated  this works for me  private String password    JsonIgnore public String getPassword         return password      JsonProperty public void setPassword String password        this password   password

User · Answer

set variable as    JsonIgnore  This allows variable to get skipped by json serializer

User · Answer

Starting with Jackson 2 6  a property can be marked as read- or write-only  It s simpler than hacking the annotations on both accessors and keeps all the information in one place   public class User        JsonProperty access   JsonProperty Access WRITE ONLY      private String password

User · Answer

You can mark it as  JsonIgnore   With 1 9  you can add  JsonIgnore for getter   JsonProperty for setter  to make it deserialize but not serialize

User · Answer

transient is the solution for me  thanks  it s native to Java and avoids you to add another framework-specific annotation

User · Answer

One should ask why you would want a public getter method for the password  Hibernate  or any other ORM framework  will do with a private getter method  For checking whether the password is correct  you can use  public boolean checkPassword String password     return this password equals anyHashingMethod password

[java] Jackson: how to prevent field serialization

Examples related to java

Examples related to json

Examples related to jackson