I am using Spring Boot 1.3.3.RELEASE and Spring Data Rest for a project in which I want a WRITE_ONLY password field. That is...you can perform a POST with this field set, and it will be deserialized and usable within an event handler annotated with @HandleBeforeCreate. However, this field will only ever be used on creation, and after that it should never show up anywhere, hence WRITE_ONLY. I have tried solutions like this...
public class Person {
@JsonIgnore
String password;
@JsonIgnore
public String getPassword() {
return password;
}
@JsonProperty("password")
public void setPassword(String password) {
this.password = password;
}
}
and this...
public class Person {
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
String password;
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
but it seems like as soon as @JsonIgnore or @JsonProperty make an appearance in any form or combination, Spring Data Rest stops deserializing the password field and I can no longer access it in my @HandleBeforeCreate annotated method.
This seems to contradict similar advice given here:
It also occurred to me that a projection could easily solve this problem, but it is my understanding that there is no way to provide a default projection for repositories, so the password field would show up unless a user included ?projection=noPassword in their request, which is not what I want.
I just want to use the password field during creation via POST, and have it be utterly forgotten about afterwards, never to be rendered again.
Is a bug filing in order, or have I overlooked something?
