Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error on serialization with @JsonIdentityInfo on partial encrypted class #4

Open
kecksk0enig opened this issue Feb 1, 2019 · 0 comments

Comments

@kecksk0enig
Copy link

kecksk0enig commented Feb 1, 2019

Hi!
I have a class which has some properties annotated with @Encrypt.
Also I want to use @JsonIdentityInfo(generator = JSOGGenerator.class) annotation on classes to handle potential circular references and also minimising JSON output.

However the conjunction may result in Objects whcih have id X to be decrypted, and later be referenced by another cleartext property as "@ref":X. This reference cannot be resolved until deserialized.

Since the encrypted part should not be accesible /manipulatable in the frontend (e.g. a browser) but the visible properties of the response should be visible this is an issue.

{
"@id" : "1",
"somEncryptedProperty" : {
"iv" : "OgEe3ag[....]sbQ==",
"salt" : "gHnRbP[....]41MpFOgA=",
"value" : "m/Xw9/hMG4[....]WO58LYVrDsmU="
},
"broken_visibleProperty" : {
"@ref" : "5"
},
"somOtherEncryptedThing" : {
"iv" : "OgEe[....]EnsbQ==",
"salt" : "H8N[....]pFOgA=",
"value" : "ltDDA/RnYT9szpCZklXYwA8XbQ0Rcvtxy1sV[....]3PzVXs"
},
"somthing_visible" : {
"@id" : "7",
"event" : null,
"id" : "_eeClIR47EemIFYn30KSx0A",
"inputs" : { }
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant