Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add @JsonIncludeProperties(propertyNames) (reverse of @JsonIgnoreProperties) #1296

Closed
cowtowncoder opened this issue Jul 14, 2016 · 33 comments · Fixed by #2771
Closed

Add @JsonIncludeProperties(propertyNames) (reverse of @JsonIgnoreProperties) #1296

cowtowncoder opened this issue Jul 14, 2016 · 33 comments · Fixed by #2771
Labels
most-wanted Tag to indicate that there is heavy user +1'ing action
Milestone

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Jul 14, 2016

In some/many cases it'd be easier to just name properties to include, reverse of @JsonIgnoreProperties. And similarly, it should be possible to define baselines by type as well as property overrides; and if ever we support inheritance-merging in class hierarchy, use similar merging strategies (merge vs replace).

NOTE: for this (2.12.0) implementation, no merging exists for class annotations -- sub-class definitions will always simply replace super-class/super-interface definitions. Similarly there is no way to specify inclusions using "ConfigOverride" system, although ignoral is possible. Latter would likely be relatively easy to implement (so feel free to file a follow-up request); former (annotation merging) is a more difficult ask (but likewise feel free to file a feature request).

@cowtowncoder cowtowncoder changed the title Support @JsonInclude(propertyNames) if added as annotations Add @JsonIncludeProperties(propertyNames) (reverse of @JsonIgnoreProperties) Oct 5, 2016
@SUGE2016
Copy link

SUGE2016 commented Aug 3, 2017

what is the solution? finally

@lukaszlenart
Copy link

It would be nice to have something like this where I can allow only a given class type hierarchy to be serializable/deserializable without defining all the properties.

@cowtowncoder
Copy link
Member Author

@lukaszlenart Huh? I am not sure what you mean. Jackson can use fields as properties as well as getters; visibility level needed is configurable and just defaults to public.

@lukaszlenart
Copy link

Sorry for that :( What I meant is that I would like to allow serialise/deserialise only given classes, create a whitelist not blacklisting as you do now. Something like we have for XStream where only selected classes can be serialised/deserialised to/from XML.

@cowtowncoder
Copy link
Member Author

Ok. I guess I understand what you are asking, but not necessarily what the benefit would be.
For common cases, starting with declared root type to deserialize (or type of instance to serialize), then following property types works well. So what would be the benefit of having to whitelist all types accepted? (assuming that would include "well-known" types like String, boolean/Boolean, all number + wrapper types, various Collection, Map types and so forth).

For what it is worth you could implement something like this by sub-classing isIgnorableType() of [Jackson]AnnotationIntrospector; it is method called to hande @JsonIgnoreType annotation.

Anyway: assuming idea would seem useful, maybe you could file another issue for it as it is distinct from this one. Implementation could be quite simple -- I assume registering a handler, with "simple" implementation (direct type lookup), would suffice.

@lukaszlenart
Copy link

I thought that I have posted an answer but it's gone :(

Anyway, having a whitelist is far safer than blocking the whole world. This gives more control and allows users precisely filter which classes can serialize/deserialize.

Your suggestion with overriding [Jackson]AnnotationIntrospector won't work because to keep backward compatibility at some point I have to call super.isIgnoreableType() which allows any type except those marked with @JsonIgnoreType.

I'm going to open an issue to support whitelisting.

Thank you for your work and support!

@cowtowncoder
Copy link
Member Author

@lukaszlenart Safer, certainly, but also much more work for common cases where safety is not an issue (caller is trusted).

But just wrt this issue, I think it makes sense to separate what is requested here (which is not related to filtering by type), and then type restrictions -- while they may sometimes be used for some purpose, I assume more often they are not. There are legit reasons for both. So it's good to have separate issues for mostly separate discussions.

Thank you for opening the new issue.

@lukaszlenart
Copy link

It would be a nice addition for those who need to expose public APIs.

@Bas83
Copy link

Bas83 commented Mar 6, 2018

Would love this as well.

@claytonfbell
Copy link

Agree, this would be very useful for exposing public APIs.

@cowtowncoder
Copy link
Member Author

Anyone with an itch is totally free to work on this.
Would need to go in 3.0 (new annotations not allowed in patch release), in master.

@sunphy
Copy link

sunphy commented Apr 2, 2018

Yes,@JsonIncludeProperties(propertyNames) is very useful!

@nnurmano
Copy link

nnurmano commented Apr 12, 2018

I support this feature as well

@jhordies
Copy link

I would also love to see this implemented. It would be much safer especially when a developer would add a sensitive field in a referenced class without checking where it could be exposed through an api.

@ssamayoa
Copy link

ssamayoa commented Oct 1, 2018

I also need @JsonIncludeProperties(propertyNames)
Not only for sensitive fields but also for complex entity objects in which normally you don't need other than few properties, example:

@Entity
public class Customer {
...
private SalesMan salesMan;
...
@ManyToOne
@JsonIncludeProperties({"id", "name"})
public SalesMan getSalesMan() {
  return salesMan;
}

@cowtowncoder cowtowncoder added 2.10 and removed 2.9 labels Oct 1, 2018
@cowtowncoder
Copy link
Member Author

Yes, I think this is a highly wanted feature. I hope it could get implemented for 2.10. The big challenge is that by now all the code associated with discovery (and suppression) of properties is rather large and changes in place can easily cause problems in others. This is true especially here as we would be added a complementary system which counteracts main suppression-based mechanisms.

@yonetmen
Copy link

This will be very useful if implemented. Gonna help us to avoid all those custom serializer classes.

@nejeoui
Copy link

nejeoui commented Feb 15, 2019

This will come very handy especially for annotating JPA associations

@Vynny
Copy link

Vynny commented Mar 16, 2019

Would really like this feature! It would help clean up some of my models significantly.

@anz000
Copy link

anz000 commented Apr 2, 2019

I echo the feature request.

@ghost
Copy link

ghost commented Apr 14, 2019

@JsonIncludeProperties(propertyNames) is a must-have IMO.

@vishalg0wda
Copy link

vishalg0wda commented Jul 15, 2019

Need this for a usecase that involves isolating PII in the POJO. While this is possible with jsonignoreproperties, we would like to exclude all by default to guard against future modifications to the POJO.

@AkashNeil
Copy link

I agree; this feature will be extremely useful.

@diegomors
Copy link

Please!!!

@Sdwz
Copy link

Sdwz commented Sep 27, 2019

+1

1 similar comment
@biwano
Copy link

biwano commented Oct 23, 2019

+1

@backoon
Copy link

backoon commented Nov 13, 2019

+1. This will be very useful.

@ghost
Copy link

ghost commented Nov 25, 2019

+1

1 similar comment
@PunKHS
Copy link

PunKHS commented Dec 5, 2019

+1

@cowtowncoder
Copy link
Member Author

At this point it has been established that users would find such annotation/property useful; locking comments as further +1s are just noise.

@FasterXML FasterXML locked as too heated and limited conversation to collaborators Dec 5, 2019
@cowtowncoder cowtowncoder added 2.11 and removed 2.10 labels Dec 5, 2019
@cowtowncoder cowtowncoder added 2.12 and removed 2.11 labels Mar 26, 2020
@cowtowncoder cowtowncoder added the most-wanted Tag to indicate that there is heavy user +1'ing action label Apr 7, 2020
@cowtowncoder cowtowncoder linked a pull request Jul 17, 2020 that will close this issue
@cowtowncoder
Copy link
Member Author

Being worked on as #2771, planning to get included in 2.12.

@cowtowncoder cowtowncoder added this to the 2.12.0 milestone Jul 24, 2020
@cowtowncoder
Copy link
Member Author

Merged; will do a bit of refactoring on naming and perhaps the way related pieces (ignore vs include sets) are handled. Will be included in 2.12.0.

@cowtowncoder
Copy link
Member Author

Was included in 2.12.0; outlined as one of 5 "Most Wanted" new features.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
most-wanted Tag to indicate that there is heavy user +1'ing action
Projects
None yet
Development

Successfully merging a pull request may close this issue.