Spring Boot and Jackson: How to Ignore Specific Properties During Serialization and Deserialization

Some properties deserve no attention.

And when you're serializing or deserializing them with Jackson in your Spring Boot application, you just want to ignore them.

For example, you might store the user's password. But you don't want to serialize it and send it across the network even if it's encrypted and you're using HTTPS.

You'd prefer to keep that kind of info on the server side with very few exceptions (like when the user wants to change the password).

Fortunately, it's easy to tell Jackson to ignore specific properties during the serialization and deserialization process. In this guide, I'll show you how to do it.

With @JsonIgnore

My favorite way is with the @JsonIgnore annotation.

Let's see it in action. Start by creating an Employee class:

public class Employee {

    private String id;    
    private String lastName;
    private String firstName;
    private String password;
    
    public String getLastName() {
        return lastName;
    }

    public void setLastName(String lastName) {
        this.lastName = lastName;
    }

    public String getFirstName() {
        return firstName;
    }

    public void setFirstName(String firstName) {
        this.firstName = firstName;
    }

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }
    
    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String toString() {
        return ReflectionToStringBuilder.toString(this);
    }
}

That class has no annotations so all properties will get included during the serialization process.

Here's some code that handles that:

ObjectMapper mapper = new ObjectMapper();            

Employee employee = new Employee();
employee.setId("A17");
employee.setFirstName("Frank");
employee.setLastName("Smith");
employee.setPassword("password");

System.err.println(mapper.writerWithDefaultPrettyPrinter().writeValueAsString(employee));

And that gives us this output:

{
  "id" : "A17",
  "lastName" : "Smith",
  "firstName" : "Frank",
  "password" : "password"
}

As you can see, the user's password is right there in clear text in all it's glory.

That's not what we're looking for. Let's ignore that property.

Add this annotation:

...
    @JsonIgnore
    private String password;
...

Now rerun the serialization code again and you'll see this result:

{
  "id" : "A17",
  "lastName" : "Smith",
  "firstName" : "Frank"
}

Brilliant! That's exactly what you're looking for.

But what about deserialization? Does this fix work in both directions?

One way to find out. Test it with this code:

ObjectMapper mapper = new ObjectMapper();  
            
String json = "{\r\n"
        + "  \"id\" : \"A17\",\r\n"
        + "  \"lastName\" : \"Smith\",\r\n"
        + "  \"firstName\" : \"Frank\",\r\n"
        + "  \"password\" : \"password\"\r\n"
        + "}";
            
Employee employee = mapper.readerFor(Employee.class).readValue(json);
System.err.println(employee);

And that will give you the following output:

Employee@3d680b5a[firstName=Frank,id=A17,lastName=Smith,password=<null>]

Note that password is null.

So yeah, it works in both directions.

Of course, the second example isn't really in line with the use case I outlined at the beginning of this guide. But at least you can see that it works during the deserialization process as well.

With @JsonIgnoreProperties

You could also accomplish the same thing with @JsonIgnoreProperties.

Use that annotation at the top of the whole class like so:

@JsonIgnoreProperties({"password"})
public class Employee {

    private String id;    
    private String lastName;
    private String firstName;    
    private String password;
...

If you need to ignore multiple properties, separate them with a comma inside the curly braces.

Run the serialization and deserialization code above with the updated Employee class and you'll see the same results.

With @JsonIgnoreType

You could also choose to ignore an entire type in your serialization/deserialization process with @JsonIgnoreType.

In that case, you'd just annotate the whole type you're trying to ignore.

However, I don't think there are too many use cases for that.

Wrapping It Up

There you go: a couple of great ways to ignore properties during the Jackson serialization and deserialization process.

Feel free to apply what you've learned here in your own Spring Boot applications.

Have fun!

Photo by Ketut Subiyanto from Pexels