When developing an interface, we often want to filter fields that are not returned to the front end.
For example, the front end needs to query a User, but the User class usually has a password field. We don’t want to return the password field to the front end. What should we do? The perfect solution is to use the Jackson dependency.
But first we need to know some basics.
1. What is serialization/deserialization
We need to use the Serializable interface for both front and back objects, indicating that instances of this class can be serialized and deserialized.
Java instances usually exist in memory, and if you want to transfer the object over the network or to store it locally, you must serialize the object. Serialization means that an in-memory object data is converted into a transferable storage form, such as a string, etc.
In Spring Boot, the front end usually passes an object to the back end in JSON format (for example, User login, the front end assembles the User information into JSON and passes it to the back end, which parses the User object), and the back end (Spring Boot) parses the JSON as an object/instance, which is the deserialization process. (JSON string ->Java object)
Sometimes the front end needs to send a request to the back end query object (such as the front end lookup list), then the back end will go to the database after receiving the request, and the queried data is assembled into Java objects, and then these Java objects are converted into JSON string form and returned to the front end, which is the serialization process. (Java object ->JSON string)
Serialization and deserialization are more than that. The above is a brief overview of the common object transfer methods in Spring Boot. That’s all we need to know.
2. Configure Jackson to filter some unnecessary fields
Add Maven dependencies to dependencies
<dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> The < version > 2.12.4 < / version > < / dependency >Copy the code
Annotations are then used to filter out unwanted fields.
For example, in the User class, we can ignore certain fields using the @jsonIgnore annotation, which is annotated on the attributes of the class, for example:
import com.fasterxml.jackson.annotation.JsonIgnore; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import java.io.Serializable; /** * User */ @get@set@noargsconstructor public class User implements Serializable {** * id */ private int id; /** * username */ private String username; @jsonignore private String PWD; @jsonignore private String PWD; }Copy the code
You can see that the PWD password field is tagged with @jsonignore so that the PWD field is ignored for serialization and deserialization.
Here’s the problem. This does solve the problem of filtering out the password field when the front-end queries the user, but also filters out the password field when the front-end sends the user information (when the user is logged in and registered) when the back-end deserializes the user.
In fact, we usually use the @jsonIgnoreProperties annotation more. This annotation is more powerful. It is annotated on the class and has the following properties:
- Value: indicates the field name. The value is an array, indicating the field to be filtered
- IgnoreUnknown: Ignores unknown attributes. If this parameter is set to true, unknown attributes are ignored
- AllowGetters: Allows ignored fields to be serialized, default disallowed. When set to true, the fields configured to filter above are also serialized
- AllowSetters: Allow ignored fields to be deserialized, default disallowed. When set to true, the fields configured to filter above are deserialized
For the above User class, the backend still needs to read and deserialize the PWD field when the User logs in and registers (i.e. the front-end sends data to the back-end), and filters out the PWD field when the front-end queries the User (the back-end returns data to the front-end). The @jsonignoreProperties configuration is as follows:
import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import java.io.Serializable; / / @getter@setter@noargsconstructor @jsonIgnoreProperties (allowSetters = true, value = {"pwd"}) public class User implements Serializable { /** * id */ private int id; /** * username */ private String username; /** * Private String PWD; /** private String PWD; }Copy the code
You can see that our annotations configure the filter PWD field and allow it to be deserialized. This accomplishes simply not transferring the password field to the front end.