Make the combination of @JSONVIEW and @SecureField work

gsmet · Nov 2, 2022 · 58c1565 · 58c1565
1 parent 204ea11
commit 58c1565
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 1 deletion.
diff --git a/...ent/src/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/MultipartTest.java b/...ent/src/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/MultipartTest.java
@@ -25,7 +25,7 @@ public class MultipartTest {
                 @Override
                 public JavaArchive get() {
                     return ShrinkWrap.create(JavaArchive.class)
-                            .addClasses(FormData.class, Person.class, MultipartResource.class)
+                            .addClasses(FormData.class, Person.class, Views.class, MultipartResource.class)
                             .addAsResource(new StringAsset("quarkus.http.body.delete-uploaded-files-on-end=true\n"),
                                     "application.properties");
                 }

diff --git a/...deployment/src/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/Person.java b/...deployment/src/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/Person.java
@@ -2,6 +2,8 @@
 
 import javax.validation.constraints.NotBlank;
 
+import com.fasterxml.jackson.annotation.JsonView;
+
 import io.quarkus.resteasy.reactive.jackson.SecureField;
 
 public class Person {
@@ -12,6 +14,9 @@ public class Person {
     @SecureField(rolesAllowed = "admin")
     private String last;
 
+    @JsonView(Views.Private.class)
+    public int id = 0;
+
     public String getFirst() {
         return first;
     }
@@ -27,4 +32,12 @@ public String getLast() {
     public void setLast(String last) {
         this.last = last;
     }
+
+    public int getId() {
+        return id;
+    }
+
+    public void setId(int id) {
+        this.id = id;
+    }
 }
diff --git a/...rc/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/SimpleJsonResource.java b/...rc/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/SimpleJsonResource.java
@@ -69,6 +69,30 @@ public Person getSecurePerson() {
         return getPerson();
     }
 
+    @JsonView(Views.Public.class)
+    @EnableSecureSerialization
+    @GET
+    @Path("secure-person-with-public-view")
+    public Person getSecurePersonWithPublicView() {
+        return getPerson();
+    }
+
+    @JsonView(Views.Public.class)
+    @EnableSecureSerialization
+    @GET
+    @Path("uni-secure-person-with-public-view")
+    public Uni<Person> getUniSecurePersonWithPublicView() {
+        return Uni.createFrom().item(getPerson());
+    }
+
+    @JsonView(Views.Private.class)
+    @EnableSecureSerialization
+    @GET
+    @Path("secure-person-with-private-view")
+    public Person getSecurePersonWithPrivateView() {
+        return getPerson();
+    }
+
     @EnableSecureSerialization
     @GET
     @Path("secure-uni-person")

diff --git a/...nt/src/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/SimpleJsonTest.java b/...nt/src/test/java/io/quarkus/resteasy/reactive/jackson/deployment/test/SimpleJsonTest.java
@@ -313,6 +313,21 @@ public void testSecurePerson() {
         doTestSecurePerson("/simple", "/secure-person");
     }
 
+    @Test
+    public void testSecurePersonWithPrivateView() {
+        doTestSecurePerson("/simple", "/secure-person-with-private-view");
+    }
+
+    @Test
+    public void testSecurePersonWithPublicView() {
+        doTestSecurePersonWithPublicView("/simple", "/secure-person-with-public-view");
+    }
+
+    @Test
+    public void testUniSecurePersonWithPublicView() {
+        doTestSecurePersonWithPublicView("/simple", "/uni-secure-person-with-public-view");
+    }
+
     @Test
     public void testSecurePersonFromAbstract() {
         doTestSecurePerson("/other", "/abstract-with-security");
@@ -336,6 +351,19 @@ private void doTestSecurePerson(String basePath, final String path) {
                 .header("transfer-encoding", nullValue())
                 .header("content-length", notNullValue())
                 .body(containsString("Bob"))
+                .body(containsString("0"))
+                .body(not(containsString("Builder")));
+    }
+
+    private void doTestSecurePersonWithPublicView(String basePath, final String path) {
+        RestAssured.get(basePath + path)
+                .then()
+                .statusCode(200)
+                .contentType("application/json")
+                .header("transfer-encoding", nullValue())
+                .header("content-length", notNullValue())
+                .body(containsString("Bob"))
+                .body(not(containsString("0")))
                 .body(not(containsString("Builder")));
     }
 

diff --git a/...asy/reactive/jackson/runtime/serialisers/FullyFeaturedServerJacksonMessageBodyWriter.java b/...asy/reactive/jackson/runtime/serialisers/FullyFeaturedServerJacksonMessageBodyWriter.java
@@ -63,6 +63,10 @@ public void writeResponse(Object o, Type genericType, ServerRequestContext conte
                 if (customSerializationValue != null) {
                     ObjectWriter objectWriter = perMethodWriter.computeIfAbsent(methodId,
                             new MethodObjectWriterFunction(customSerializationValue, genericType, effectiveMapper));
+                    Class<?> jsonViewValue = ResteasyReactiveServerJacksonRecorder.jsonViewForMethod(methodId);
+                    if (jsonViewValue != null) {
+                        objectWriter = objectWriter.withView(jsonViewValue);
+                    }
                     objectWriter.writeValue(stream, o);
                     return;
                 }