This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes How to obfuscate or mask returned data? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "How to obfuscate or mask returned data?" Watch "How to obfuscate or mask returned data?" New topic
Author

How to obfuscate or mask returned data?

Michael Staszewski
Greenhorn

Joined: Oct 10, 2011
Posts: 16
I'd like to mask certain data that is returned by my web service. For example, suppose I have a routine to return a user profile having a specified email address. The user profile may contain information that is to be hidden from all other users other than the owner of the profile, birth date for instance.

If I have a routine defined as...



I'd like to do something like the following psuedocode.

if UserRequestingProfileIsNotUserOwningFoundProfile and UserProfile.HideBirthdate then
UserProfile.Birthdate = null;

I have logic already to determine whether or not the user requesting the resource is entitled to see all data so we can skip that part, but when I do UserProfile.Birthdate = SomeOtherValue the underlying database storing the userprofile data is updated. I'd like to modify the return value and not update the underlying data.

Any help is much appreciated.

Thanks,
Michael
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?

Another approach is to encrypt, or obfuscate in some way, certain fields in a servlet filter or handler.
Handlers are for SOAP web services (JAX-WS).
Regretfully, JAX-RS does not seem to have any specification for interceptors, though there are work done in this area.
See: http://bill.burkecentral.com/2011/05/24/interceptors-in-jax-rs-2-0/
So I guess that a servlet filter is the only option with a RESTful web service. Do correct me if I am wrong!
Best wishes!


My free books and tutorials: http://www.slideshare.net/krizsan
Michael Staszewski
Greenhorn

Joined: Oct 10, 2011
Posts: 16
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?


I have not. At the moment I'm still learning this stuff and am unsure how to create a userprofile object in such a manner, but I'll look into it.

So I guess that a servlet filter is the only option with a RESTful web service.


Thanks. I'll look into this route as well.

Thanks,
Michael
Michael Staszewski
Greenhorn

Joined: Oct 10, 2011
Posts: 16
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?


I had actually moved away from this topic for a few days and intended on coming back to it, but I stumbled across something in my research that looks like it fits the bill... at least for my needs.



This will detach the specified object from the entity manager so that future changes to it are not persisted. In my use case I want to tweak the data returned via GET so I don't see any problems with first detaching the objects I wish to modify. If there are any best practices out there that suggest detachment is not the preferred method of obfuscation or hiding data then please correct me.

Thanks,
Michael
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
As far as I am concerned, this is a perfectly reasonable solution.
Interesting to hear about the follow-up on the problem!
Thanks for sharing.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to obfuscate or mask returned data?
 
Similar Threads
Code review
populating forms, sry :(
Help me with byte and bits
GUI Design
tips on cleanup of memory