Explain Codes LogoExplain Codes Logo

Ignore fields from Java object dynamically while sending as JSON from Spring MVC

java
json-engineering
spring-mvc
best-practices
Nikita BarsukovbyNikita BarsukovยทFeb 23, 2025
โšกTLDR

Where a dynamic approach is needed for excluding fields of a Java object, you can use Jackson's @JsonFilter with SimpleBeanPropertyFilter. This allows field serialization to be controlled at runtime.

Example:

@JsonFilter("DynamicFilter")
public class User {
    private int id;
    private String name;
    private String password; // Sorry password, but you're getting filtered out! ๐Ÿ™Š
    // getters and setters

}

@RestController
public class UserController {
    @Autowired
    private ObjectMapper mapper;

    @GetMapping("/user/{id}")
    public String getUser(@PathVariable int id) throws JsonProcessingException {
        User user = userService.getUserById(id); // Just imagine we have a userService that does all the DB stuff ๐Ÿ˜‰
        FilterProvider filters = new SimpleFilterProvider()
            .addFilter("DynamicFilter", SimpleBeanPropertyFilter.serializeAllExcept("password")); // Password? Nah, we don't do that here
        return mapper.writer(filters).writeValueAsString(user);
    }
}

Just as simple as that, implement @JsonFilter on the class you wish to control and then setup the filter on your ObjectMapper specifying the fields to leave out during JSON serialization.

Creating and applying dynamic filters

Using JsonView to handle user access levels

Different perspectives of your data model can be created using @JsonView annotations. This approach offers flexibility to reveal or conceal specific fields based on the user's role.

Combining JsonFilter and MappingJacksonValue for fine-tuning

For an extra layer of control, consider using MappingJacksonValue coupled with @JsonFilter. This combination allows filters to be applied case-by-case, providing a powerful tool to customize JSON responses dynamically per request.

Considering security and external libraries

Apart from the above, there's the "spring-json-view" library which can be used for dynamic field exclusion. However, when you choose to go dynamic, it's important to consider the security aspects, especially with sensitive fields.

Comprehending and applying @Document

When working with document databases, using @Document can simplify how your JSON fields are organized. This can be a handy tool when trying to map complex models, translations, and JSON document structures.

Testing to assure exclusion quality

For reliable results, consider writing tests to ensure your dynamic exclusion is working as expected. The behavior of the exclusion mechanism should be validated across various scenarios, especially where conditional logic is dependent on dynamic parameters like user roles.

Utilizing annotations for customized JSON output

Achieving static field exclusion with @JsonIgnoreProperties

You can statically ignore multiple fields at the class level using the @JsonIgnoreProperties annotation.

@JsonIgnoreProperties({"password", "secretQuestion"})
public class User {
    //...
}

Enabling field-level exclusion with @JsonProperty.Access

In cases where a field should be included during deserialization but excluded during serialization, @JsonProperty.Access might be your best friend:

public class User {
    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
    private String password; // Ssshhh, it's a secret! ๐Ÿ”’
    //...
}

Using @JsonProperty for custom field names

With @JsonProperty, you can easily modify your JSON field names without changing your actual domain model:

public class User {
    @JsonProperty("user_identifier")
    private int id;
    //...
}

Transforming data with ModelMapper

If your application calls for converting domain models to a Data Transfer Object (DTO), using a library like ModelMapper can facilitate presenting only the required data in the JSON output, minimizing field exposure.

Achieving practical performance and flexibility

Balancing performance and data manipulation

When handling large JSON responses, consider performance implications aside from just ease of use. Using benchmarks, assess the right solutions that meet your application's performance needs.

Simplifying with view classes

Create different view classes based on access levels to improve the readability and maintainability of your JSON serialization logic. It's always a good idea to keep your code safe for future developers!

Extensibility to accommodate future requirements

Lastly, devise your exclusion strategies in a way that they can be easily extended. You never know when a new requirement would pop up, so it's wise to future-proof your JSON structures to accommodate changes easily.

explain-codes / Java / Ignore fields from Java object dynamically while sending as JSON from Spring MVC
๎“ขLinked

Different names of JSON property during serialization and deserialization

๏”

Infinite Recursion with Jackson JSON and Hibernate JPA issue

๏”

Only using @JsonIgnore during serialization, but not deserialization

๏”

Jackson with JSON: Unrecognized field, not marked as ignorable

๏”

Jackson: how to prevent field serialization

๏”

Jackson overcoming underscores in favor of camel-case

๏”

How can I tell jackson to ignore a property for which I don't have control over the source code?

๏”
Creating and applying dynamic filtersUtilizing annotations for customized JSON outputAchieving practical performance and flexibility
๎“ขLinked

Different names of JSON property during serialization and deserialization

๏”

Infinite Recursion with Jackson JSON and Hibernate JPA issue

๏”

Only using @JsonIgnore during serialization, but not deserialization

๏”

Jackson with JSON: Unrecognized field, not marked as ignorable

๏”

Jackson: how to prevent field serialization

๏”

Jackson overcoming underscores in favor of camel-case

๏”

How can I tell jackson to ignore a property for which I don't have control over the source code?

๏”