Don’t expose more than you think needs exposing. If a certain property on an object is not useful to a consumer and internal to your business, then don’t return it. Sometimes you may like to reuse the same form class for receiving request data in multiple handlers/controllers. For example, say you have this for user registration: UserForm where the user registration handler looks as below: Now, say you have another handler for users, looking as below: updating Noticed the same above? userForm Consequently, someone can call the end-point with the unrequired fields(i.e. email & password), thus injecting those into your form! So to prevent it, we can use annotation. @JsonView What is @JsonView and how to use it? We can use @JsonView to limit or control fields display for different users. To prevent injection discussed above, first define a marker interface as below: Then, in annotate with the fields you want to receive when updating: userForm, @JsonView(UpdateUser.class) Finally, use the same annotation in the handler, as below: That’s all you need to prevent the injection. Conclusion: This is very useful particularly when you are reusing the domain classes as forms. For example, if you reuse a User domain class as the form and then save it straight to the database, you can get hacked. When registering, what if a malicious user adds an id or a createdDate field, which gets injected instead of auto-generated? Take a few minutes and ponder the question before you jump to a conclusion. I hope you learned something from this article. Thanks for reading, and happy coding!. Do share your feedback and suggestions in the comments section below.

Different

The Guide To Core Redux Concepts

Read My Stories

Too Long; Didn't Read

Make resilience your competitive advantage

Avoid security loopholes using @JsonView

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

The Guide To Core Redux Concepts

The Noonification: Reduce Javascript: Master the Basics (1/11/2023)

The Noonification: Satoshi Might Be a Bitcoin ETF Skeptic (1/13/2024)

The Noonification: Small Puddle of Freedom (11/25/2022)

The Noonification: How to Use AI for Your B2B Marketing (11/11/2022)

The Guide To Core Redux Concepts

The Noonification: Reduce Javascript: Master the Basics (1/11/2023)

The Noonification: Satoshi Might Be a Bitcoin ETF Skeptic (1/13/2024)

The Noonification: Small Puddle of Freedom (11/25/2022)

The Noonification: How to Use AI for Your B2B Marketing (11/11/2022)

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps