I am writing a multi-user application in which requests for a given resource (for example /people/4) return different levels of detail depending on the user performing the request (for example, user 4 or the support representative of the entire resource, while other users will not see certain fields, such as the user's email address).
Spring HATEOAS has full support for link building, but the main interface ResourceAssemberprovides only one adapter method that accepts a domain object and returns a resource object without any additional parameters (such as the current Spring Security User), and neither provide ResourceSupportnor Resource<T>means for filtering returned fields.
The approach I'm leaning towards now has an implementation toResourcefor ResourceAssembler<Customer, CustomerResource>manually digging out Spring’s current security credentials and applying filtering at this point, essentially manually writing a multi-stage copy constructor that will add public fields and then friend fields and then private fields to the resource object .
Is there a more integrated, especially declarative way to handle the task, or is this the best solution available now? Will this approach integrate with the Spring Data REST data controller, or will I have to override the swap, etc., if I want to handle the assembly myself?
source
share