How to implement field level access control for a caller based REST service?

Question

How to implement field level access control for a caller based REST service?

I have a requirement to limit the attributes in a REST response to callers. Consider the answer in JSON format.

Example: for a given REST endpoint, the default response is similar to

 {
    "id" : "111"
    "name" : "John"
    "age" : "30"
 }

For “Caller 1,” the answer should look like

 {
    "id" : "111"
    "name" : "John"
    "age" : "null"
 }

For “Caller 2,” the answer should be similar to

{
    "id" : "111"
    "name" : "null"
    "age" : "30"
}

In the JSONs answers above, “null” means that such attributes are not displayed to such callers.

I am looking for a way to implement to control the REST response to the caller.

+4

java rest

udayanga Mar 17 '16 at 19:59

source share

2 answers

Yoram · Answer 1 · 2016-03-17T20:34:10+0000

(REST API, DB, User Role layer ..). , - REST. , .

, , Jello Framework ( ). Jello , ( , , , ) , API REST.

- , "" . Jello :

public class Person extends JelloEntity {
   @Expose @KeyElement 
   Integer  id;

   @Expose 
   String name;

   @Expose({Role.OWNER, Role.ADMIN}) 
   Integer age;
}

Bhushan Bhangale · Answer 2 · 2016-03-17T20:25:35+0000

, .

. , . , , .

/ . JSON.

How to implement field level access control for a caller based REST service?

More articles: