Only using @JsonIgnore during serialization, but not deserialization
Solution 1
Exactly how to do this depends on the version of Jackson that you're using. This changed around version 1.9, before that, you could do this by adding @JsonIgnore
to the getter.
Which you've tried:
Add @JsonIgnore on the getter method only
Do this, and also add a specific @JsonProperty
annotation for your JSON "password" field name to the setter method for the password on your object.
More recent versions of Jackson have added READ_ONLY
and WRITE_ONLY
annotation arguments for JsonProperty
. So you could also do something like:
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
private String password;
Docs can be found here.
Solution 2
In order to accomplish this, all that we need is two annotations:
@JsonIgnore
@JsonProperty
Use @JsonIgnore
on the class member and its getter, and @JsonProperty
on its setter. A sample illustration would help to do this:
class User {
// More fields here
@JsonIgnore
private String password;
@JsonIgnore
public String getPassword() {
return password;
}
@JsonProperty
public void setPassword(final String password) {
this.password = password;
}
}
Solution 3
Since version 2.6: a more intuitive way is to use the com.fasterxml.jackson.annotation.JsonProperty
annotation on the field:
@JsonProperty(access = Access.WRITE_ONLY)
private String myField;
Even if a getter exists, the field value is excluded from serialization.
JavaDoc says:
/**
* Access setting that means that the property may only be written (set)
* for deserialization,
* but will not be read (get) on serialization, that is, the value of the property
* is not included in serialization.
*/
WRITE_ONLY
In case you need it the other way around, just use Access.READ_ONLY
.
Solution 4
In my case, I have Jackson automatically (de)serializing objects that I return from a Spring MVC controller (I am using @RestController with Spring 4.1.6). I had to use com.fasterxml.jackson.annotation.JsonIgnore
instead of org.codehaus.jackson.annotate.JsonIgnore
, as otherwise, it simply did nothing.
Solution 5
Another easy way to handle this is to use the argument allowSetters=true
in the annotation. This will allow the password to be deserialized into your dto but it will not serialize it into a response body that uses contains object.
example:
@JsonIgnoreProperties(allowSetters = true, value = {"bar"})
class Pojo{
String foo;
String bar;
}
Both foo
and bar
are populated in the object, but only foo is written into a response body.
chubbsondubs
Updated on July 21, 2022Comments
-
chubbsondubs almost 2 years
I have a user object that is sent to and from the server. When I send out the user object, I don't want to send the hashed password to the client. So, I added
@JsonIgnore
on the password property, but this also blocks it from being deserialized into the password that makes it hard to sign up users when they don't have a password.How can I only get
@JsonIgnore
to apply to serialization and not deserialization? I'm using Spring JSONView, so I don't have a ton of control over theObjectMapper
.Things I've tried:
- Add
@JsonIgnore
to the property - Add
@JsonIgnore
on the getter method only
- Add