Spring 3.2: Filtering Jackson JSON output based on Spring Security role

Question

Is there any good way to filter JSON output based on Spring Security roles? I\'m looking for something like @JsonIgnore, but for role, like @HasRole(\"ROLE_ADMIN\"). How sho

Answer 1

Althou it is possible to write custom JSON processing filter (e.g. based on JSON Pointers), it will be a little bit complex to do.

The simplest way is to create your own DTO and map only those properties, which the user is authorized to get.