Spring Boot Filtering
In this tutorial, we will discuss about the filtering of properties in pojos and their implementation using spring boot. In some cases, we don't send the complete information to the client like confidential information such as passwords, licence etc in order to avoid any vulnerability of the system. Filtering of data is required in such cases. In spring boot, filtering can be of two types:
- Static filtering
- Dynamic filtering
Spring Boot - Static Filtering:
Let us create a class Airline under the package com.tutorial.studytonight.pojo
public class Airline {
private String name;
@JsonIgnore //annotation used to ignore the field
private String license;
private LocalDate establishedDate;
public Airline(String name,String license,LocalDate establishedDate){
this.name = name;
this.license = license;
this.establishedDate = establishedDate;
}
//Setters and Getters
}
Let us change the ResourceController.java as follows:
@RestController
public class ResourceController {
@GetMapping("/staticFiltering")
public Airline staticFiltering() {
LocalDate establishedDate=LocalDate.parse("1888-09-04");
AirlineairLine = new Airline("Super Aviation","AS23OIP8", establishedDate );
return airLine;
}
}
We annotated the field license with @JsonIgnore
in Airline.java so that the field gets ignored when sent to the client. Start the application to test this API.
The above figure displays the static filtering request sent and the response body has no field of "license" as it was annotated with @JsonIgnore
in the pojo class.
Spring Boot - Dynamic Filtering:
We can implement dynamic level of filtering by modifying the Airline.java and ResourceController.java respectively as shown below:
@JsonFilter("dynamicfilter")
public class Airline {
private String name;
private String license;
private LocalDate establishedDate;
public Airline(String name, String license, LocalDate establishedDate){
this.name = name;
this.license = license;
this.establishedDate = establishedDate;
}
//Setters and Getters
}
@RestController
public class ResourceController {
@GetMapping("/dynamicFiltering")
public MappingJacksonValue dynamicFiltering() {
LocalDate date = LocalDate.parse("1888-09-04");
SimpleBeanPropertyFilter propertyFilter = SimpleBeanPropertyFilter.filterOutAllExcept("license");
// Adding filter using a id name
FilterProvider filter = new SimpleFilterProvider().addFilter("dynamicfilter", propertyFilter);
Airline airLine = new Airline("Super Aviation", "AS23", date);
// Setting a filter
MappingJacksonValue value = new MappingJacksonValue(airLine);
value.setFilters(filter);
return value;
}
}
The SimpleBeanPropertFilter
is the class which provides methods such as filterOutAllExcept
which is used to filter the fields in the pojo. The field license was passed as the argument in the above method which means to filter all the fields except license.
The FilterProvider
is another class which adds the SimpleBeanPropertyFilter
with a unique id name naming dynamicfilter
in the above code.
Notice that the above pojo is also annotated with @JsonFilter
passing the same Id name as dynamicfilter
.
The MappingJacksonValue
will be deserialized to return the response to the client. Start the application to test.
The above figure displays the GET request sent for dynamic filtering. Observe that all the fields were filtered except license field as the SimpleBeanPropertyFilter method filterOutAllExcept was set on this field.
Conclusion: In this way, filtering of the confidential information can be done from sending to the client using spring boot.