I am using Jackson to serialize POJOs to JSON before saving them to the database. For security reasons, I need to encrypt properties marked with the annotation, @Confidential. The fields (properties) that need to be encrypted need not be top-level fields and could be deeply nested.
For example, consider the following POJOs. homeAddress and age of the person need to be encrypted (they are not the top-level fields of the Neighborhood class).
@Serializable
private class Neighborhood {
private String name;
private Collection<Person> people;
}
@Serializable
public class Person {
private String name;
@Confidential
private int age;
@Confidential
private Address homeAddress;
}
@Serializable
public class Address {
private String streetAddress;
private String city;
private String state;
private int zip;
}
I am thinking of writing an annotation processor that creates a field registry. The registry will be created using reflection and will walk all classes marked with @Serializable annotation. The registry will have information about which fields need to be encrypted and which need not.
Now, after the Neighborhood POJO is serialized to JSON, I should be able to walk to the JSON and look up the fields in the field registry and do the needful. However, I do not know what to do if the properties are collections (i.e. Lists and Maps) and the generic type information is lost.
Questions:
-
Is there a better and simpler approach than the one that I described? If yes, what's that approach?
-
If there isn't a better approach, how do I process collections (lists and maps).
Aucun commentaire:
Enregistrer un commentaire