Hiding information for a particular user

Question

I am using RESTFUL webservices using Spring framework.Some information is displayed on the user interface using the data returned by webservices. There is a webservice, which gets the usernames and their roles from the database. For a particular user , I would like to have all the webservices display data in the form of ####,#### for first name,lastname ; ##/##/#### for date of birth etc. Since I am using JDBC to connect to the database, here's what I was thinking of doing:

Should I consider passing an additional parameter (maybe sending a value 0 or 1 ; 0 for all other users and 1 for user for which I want to hide the information) to each and every GET webservice so that when it comes to getting data from the database in the JDBC code part,I could check whether the flag is set to 1 or 0 and based on this, I could do something like this in the JDBC code :

// Code for a case when flag is set to `0`. Hence retrieving information from the database.

    while(rs.next()) {

                    EmployeeList    empList  = new EmployeeList();
                    empList.setEmpId(empId);
                    empList.setEmployeeName(rs.getString("name"));
                    employeeList.add(empList);

                }

// Code for a case when flag is set to `1`. Hence hiding information and not retrieving information from the database.

 while(rs.next()) {

                    EmployeeList    empList  = new EmployeeList();
                    empList.setEmpId(empId);
                    empList.setEmployeeName("####,######");
                    employeeList.add(empList);

                }

I am wondering, if this is an appropriate way to achieve my task or is there some other way around?

Edit:More clarifications on my requirements:

I am using jqxWidget in the UI to display the information I am getting from a RESTFUL webservice in JSON format. For example, let's consider this example and the screenshot for better understanding of my requirement:

1) Let's say I am getting all the information from the JSON response which I am populating in the jQXWidget as shown in the screenshot above.

2) In the above widget, I would like to hide say for example, First Name, Last Name and Quantity like the following:

First Name = XXXXX
Last Name  = XXXXX
Quantity   = ####

In my application, if a user clicks on a particular row , a new page is displayed with some additional information. After click, new sets of web services are called and those web services takes First Name, Last Name and Quantity as input parameters. My concern is that, if I somehow replace the First Name with XXXXX, Last Name with XXXXX and Quantity with #### using any approach, when a user clicks on any of the row of the widget, the next set of web services
are going to get XXXX and #### as input and eventually will fail. Please correct me if my understanding until this point is not correct. Thanks

I am using Spring 4.2.5 version.

You are describing profiing/granting. You should represent the functionalities as grants and assign them (or not) to the users. — NiVeR, May 21 '18 at 16:33
@NiVeR I didn't quite understand. Could you elaborate please? Thanks — Coder, May 21 '18 at 16:34

score 0 · Answer 1 · answered May 21 '18 at 16:36

0

This depends on what sort of information hiding you want to achieve. Typically you shouldn't do this manually.

You can use, for example, role-based authorization. Exact details depends on the web-service framework you are using.

For spring MVC, you can use something similar to this:

Custom authorization in Spring MVC

answered May 21 '18 at 16:36

Amila

5,195
1
27
46

Thanks. I have updated my post to clarify what information I am trying to hide. Could you please take a look and see if the Spring based approach is still a good idea to use? Thanks – Coder Jun 14 '18 at 15:58

Hiding information for a particular user

1 Answers1