codesqueak
Error on serialization with @JsonIdentityInfo on partial encrypted class
Hi! I have a class which has some properties annotated with @Encrypt. Also I want to use @JsonIdentityInfo(generator = JSOGGenerator.class) annotation on classes to handle potential circular references and also minimising JSON output.
However the conjunction may result in Objects whcih have id X to be decrypted, and later be referenced by another cleartext property as "@ref":X. This reference cannot be resolved until deserialized.
Since the encrypted part should not be accesible /manipulatable in the frontend (e.g. a browser) but the visible properties of the response should be visible this is an issue.
{ "@id" : "1", "somEncryptedProperty" : { "iv" : "OgEe3ag[....]sbQ==", "salt" : "gHnRbP[....]41MpFOgA=", "value" : "m/Xw9/hMG4[....]WO58LYVrDsmU=" }, "broken_visibleProperty" : { "@ref" : "5" }, "somOtherEncryptedThing" : { "iv" : "OgEe[....]EnsbQ==", "salt" : "H8N[....]pFOgA=", "value" : "ltDDA/RnYT9szpCZklXYwA8XbQ0Rcvtxy1sV[....]3PzVXs" }, "somthing_visible" : { "@id" : "7", "event" : null, "id" : "_eeClIR47EemIFYn30KSx0A", "inputs" : { } } }
