When implementing a rest backend, you may be looking for a way to hide the variables of an entity based on the logged in user’s role.

Here’s a sample entity. Movie

It has id, year, length, title, subject, actor, actress, director variables.

And in my application, I have two user roles which are admin and user.

I want admin to see all variables of the Movie. But I want user to see only year, title, subject variables.

Here’s how to filter variables..

In the Movie entity we have @JsonFilter annotation. This is a Jackson feature. You can check here for more details about it.

This entity is processed in the controller as follows.

Our controller method (getMovies) at Line 12 is executed when we request GET /movies from browser.
This method is returning MappingJacksonValue in the response.

There are two String arrays which contain the set of variable names for the limited version and the all version.

In controller method, we inject the current logged. @AuthenticatedUser TutorialUser user . Check here for the details of this implemantation.

All we do here is (Line 16 – 17) select the String array based on user role, and set as a filter for our MappingJacksonValue object.

You can check the sample project at my github.

Run the app. Open the page at http://localhost:8080
user/pass = admin/admin and user/user

If you log in with admin, you’ll see this page where all the variables exist in the table.

when you log in with user, you’ll see

Have fun!.