Don’t expose more than you think needs exposing. If a certain property on an object is not useful to a consumer and internal to your business, then don’t return it. Sometimes you may like to reuse the same form class for receiving request data in multiple handlers/controllers. For example, say you have this for user registration: UserForm where the user registration handler looks as below: Now, say you have another handler for users, looking as below: updating Noticed the same above? userForm Consequently, someone can call the end-point with the unrequired fields(i.e. email & password), thus injecting those into your form! So to prevent it, we can use annotation. @JsonView What is @JsonView and how to use it? We can use @JsonView to limit or control fields display for different users. To prevent injection discussed above, first define a marker interface as below: Then, in annotate with the fields you want to receive when updating: userForm, @JsonView(UpdateUser.class) Finally, use the same annotation in the handler, as below: That’s all you need to prevent the injection. Conclusion: This is very useful particularly when you are reusing the domain classes as forms. For example, if you reuse a User domain class as the form and then save it straight to the database, you can get hacked. When registering, what if a malicious user adds an id or a createdDate field, which gets injected instead of auto-generated? Take a few minutes and ponder the question before you jump to a conclusion. I hope you learned something from this article. Thanks for reading, and happy coding!. Do share your feedback and suggestions in the comments section below.

Different

Read My Stories

Too Long; Didn't Read

In your car, at home, or at work — Bosch technology shapes many areas of life.

Avoid security loopholes using @JsonView

Too Long; Didn't Read

Companies Mentioned

Parul Dhingra

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Avoid security loopholes using @JsonView

Too Long; Didn't Read

Companies Mentioned

Parul Dhingra

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES