File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to obfuscate or mask returned data?

 
Michael Staszewski
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd like to mask certain data that is returned by my web service. For example, suppose I have a routine to return a user profile having a specified email address. The user profile may contain information that is to be hidden from all other users other than the owner of the profile, birth date for instance.

If I have a routine defined as...



I'd like to do something like the following psuedocode.

if UserRequestingProfileIsNotUserOwningFoundProfile and UserProfile.HideBirthdate then
UserProfile.Birthdate = null;

I have logic already to determine whether or not the user requesting the resource is entitled to see all data so we can skip that part, but when I do UserProfile.Birthdate = SomeOtherValue the underlying database storing the userprofile data is updated. I'd like to modify the return value and not update the underlying data.

Any help is much appreciated.

Thanks,
Michael
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?

Another approach is to encrypt, or obfuscate in some way, certain fields in a servlet filter or handler.
Handlers are for SOAP web services (JAX-WS).
Regretfully, JAX-RS does not seem to have any specification for interceptors, though there are work done in this area.
See: http://bill.burkecentral.com/2011/05/24/interceptors-in-jax-rs-2-0/
So I guess that a servlet filter is the only option with a RESTful web service. Do correct me if I am wrong!
Best wishes!
 
Michael Staszewski
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?


I have not. At the moment I'm still learning this stuff and am unsure how to create a userprofile object in such a manner, but I'll look into it.

So I guess that a servlet filter is the only option with a RESTful web service.


Thanks. I'll look into this route as well.

Thanks,
Michael
 
Michael Staszewski
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?


I had actually moved away from this topic for a few days and intended on coming back to it, but I stumbled across something in my research that looks like it fits the bill... at least for my needs.



This will detach the specified object from the entity manager so that future changes to it are not persisted. In my use case I want to tweak the data returned via GET so I don't see any problems with first detaching the objects I wish to modify. If there are any best practices out there that suggest detachment is not the preferred method of obfuscation or hiding data then please correct me.

Thanks,
Michael
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
As far as I am concerned, this is a perfectly reasonable solution.
Interesting to hear about the follow-up on the problem!
Thanks for sharing.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic