In the process of use, there will always be
1. A property (such as Password)
is ignored during serialization 2. A property (such as HashedPassword) is ignored during deserialization.
In fact, it corresponds to the Bean, which is the Setter/Getter method of the class.
Jackson provides the @Jsonignore annotation to ignore a property of a bean during (deserialization) serialization. In Jackson 1.9, the semantics of @Jsonignore has changed, as follows:
Before 1.9:
Adding @Jsonignore annotation to the Setter method does not affect the call of the Getter method
After 1.9:
Adding @Jsonignore to the Setter method will cause the entire Properties are ignored during serialization.
https://stackoverflow.com/questions/12505141/only-using-jsonignore-during-serialization-but-not-deserialization
So after 1.9 you need to use other methods to set whether a property needs (deserialization):
@JsonProperty(access = Access.WRITE_ONLY)
Determine whether the current property needs automatic serialization/deserialization by setting the access attribute of JsonProperty.
WRITE_ONLY: Only do deserialization.
READ_ONLY: Only do serialization operations.
The problem now is that the 2.8.7 version of jackson databind (start.spring.io is automatically introduced when Spring-Web-Starter is introduced, and the version is Spring Boot 1.5.X-RELEASE), when using READ_ONLY, it does not ignore the reverse Serialization operation, check it should be a bug of jackson databind:
https://github.com/FasterXML/jackson-databind/issues/95
https://github.com/FasterXML/jackson-databind/issues/935
Although The bug has been closed, but there still seems to be a problem. At this time, the following Work around is mentioned in 935:
@JsonIgnoreProperties(value="some_field", allowGetters = true, allowSetters = false)
Adding the above annotation to the class works fine.
Note: It is not solved perfectly, it seems that JsonIgnoreProperties and JsonIgnore cannot coexist, so if a class has both shielded get methods and shielded set methods, I don't know what to do.
Also https://github.com/FasterXML/jackson-databind /issues/1805 is a relatively new bug to track.
Update, the problem has been found. Since jackson will automatically USE_GETTERS_AS_SETTERS when dealing with collection and map, it will cause problems. Quoting its own comment on github:
quote
wwwcomy commented 4 minutes ago • edited
Facing the same problem, in issue #935, seems only simple types were handled correctly.
I looked into the code, the issue was caused by some special logic for USE_GETTERS_AS_SETTERS, in BeanDeserializerFactory Line 565 (version 2.8.10):
By default USE_GETTERS_AS_SETTERS is enabled, so, although the Collection member was defined Access as "READ_ONLY", still, it is set as a property in the builder instance.
My work around is using (for spring boot applications) spring.jackson.mapper.USE_GETTERS_AS_SETTERS=false
However, I'm not sure this behavior is a bug or not, @cowtowncoder please help to clarify.
Facing the same problem, in issue #935, seems only simple types were handled correctly.
I looked into the code, the issue was caused by some special logic for USE_GETTERS_AS_SETTERS, in BeanDeserializerFactory Line 565 (version 2.8.10):
if (propDef.hasSetter()) {
JavaType propertyType = propDef.getSetter().getParameterType(0);
prop = constructSettableProperty(ctxt, beanDesc, propDef, propertyType);
} else if (propDef.hasField()) {
JavaType propertyType = propDef.getField().getType();
prop = constructSettableProperty(ctxt, beanDesc, propDef, propertyType);
} else if (useGettersAsSetters && propDef.hasGetter()) {
/* May also need to consider getters
* for Map/Collection properties; but with lowest precedence
*/
AnnotatedMethod getter = propDef.getGetter();
// should only consider Collections and Maps, for now?
Class<?> rawPropertyType = getter.getRawType();
if (Collection.class.isAssignableFrom(rawPropertyType)
|| Map.class.isAssignableFrom(rawPropertyType)) {
prop = constructSetterlessProperty(ctxt, beanDesc, propDef);
}
}
By default USE_GETTERS_AS_SETTERS is enabled, so, although the Collection member was defined Access as "READ_ONLY", still, it is set as a property in the builder instance.
My work around is using (for spring boot applications) spring.jackson.mapper.USE_GETTERS_AS_SETTERS=false
However, I'm not sure this behavior is a bug or not, @cowtowncoder please help to clarify.