0

I am using GSON to parse a Java bean and pass the JSON string to some javascript. There is an item with sensitive data included in the bean, its not a major security risk, but something i'd rather not be able to be seen in the browser by anyone with a tool such as firebug. This particular variable, I don't need to use in the javascript code.

Is there a way to just skip it when parsing the JSON string from the bean and not include it in the string at all.

Maybe I need to create the JSON string and then remove it before I send back to the client?

ryandlf
  • 27,155
  • 37
  • 106
  • 162
  • let me know if my previous answer does not work for you. See here: http://stackoverflow.com/a/4803346/298455 – Nishant Feb 03 '12 at 05:36

1 Answers1

0

I don't know GSON particularly, so they may have an option for this. If I were them, I would skip transient fields.

The easiest thing however if your bean is not complex is to clone/copy it and then remove the sensitive data from the bean in java. That's got to be easier than trying to edit the JSON after the fact.

Gus
  • 6,719
  • 6
  • 37
  • 58
  • just checked, and it looks like they do the expected thing (skip transients)... http://sites.google.com/site/gson/gson-user-guide – Gus Feb 03 '12 at 05:31
  • I didn't know about transient fields. Thanks! – ryandlf Feb 03 '12 at 05:33
  • The one gotcha of course is if your bean is also serialized in some other way (such as a session on server reboot), you might not want to loose the info, and therefore not want to use the transient flag. http://stackoverflow.com/questions/910374/why-does-java-have-transient-variables – Gus Feb 03 '12 at 05:37
  • In this case it is fine, because the data is being set on the bean by default through the constructor from a static string. – ryandlf Feb 03 '12 at 05:44