Rest Assured – @JsonIgnore Annotation in Jackson API

In API testing with REST Assured, dealing with JSON responses and requests is a common task. To simplify JSON serialization and deserialization, the Jackson API plays a crucial role. One of its powerful features is the @JsonIgnore annotation, which allows us to exclude certain fields from being serialized or deserialized.

In this blog post, we’ll explore how @JsonIgnore can be used effectively when working with REST Assured and Jackson, and we’ll walk through an example to demonstrate its functionality.


What is @JsonIgnore?

The @JsonIgnore annotation is part of the Jackson Databind library. It tells the Jackson processor to ignore the annotated field during JSON serialization and deserialization.

  • Serialization: Excluded fields will not be included in the JSON output.
  • Deserialization: Excluded fields will not be populated even if present in the JSON input.

This is particularly useful when:

  • You want to avoid exposing sensitive information in API responses.
  • You need to filter out unnecessary fields to minimize payload size.
  • You need custom handling for specific fields.

Example Use Case

Imagine we have an API response containing user details. Let’s say the password field is sensitive, and we don’t want it to appear in JSON serialization.

Step 1: Create a POJO

import com.fasterxml.jackson.annotation.JsonIgnore;

public class User {
    private String name;
    private String email;

    @JsonIgnore
    private String password;

    // Getters and Setters
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getEmail() {
        return email;
    }
    public void setEmail(String email) {
        this.email = email;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
}

In this POJO:

  • The password field is annotated with @JsonIgnore, meaning it will be excluded during JSON processing.

Step 2: Serialize the Object

Using Jackson's ObjectMapper, you can serialize the User object:

import com.fasterxml.jackson.databind.ObjectMapper;


public class JsonIgnoreExample {

    public static void main(String[] args) throws Exception {

        User user = new User();

        user.setName("John Doe");

        user.setEmail("john.doe@example.com");

        user.setPassword("securePassword123");


        ObjectMapper objectMapper = new ObjectMapper();

        String json = objectMapper.writeValueAsString(user);


        System.out.println("Serialized JSON: " + json);

    }

}

Output:

{
  "name": "John Doe",
  "email": "john.doe@example.com"
}

Notice how the password field is excluded from the serialized JSON.


Step 3: Deserialize the JSON

When deserializing, the password field will also be ignored:

public class JsonIgnoreExample {

    public static void main(String[] args) throws Exception {

        String json = "{\"name\":\"John Doe\",\"email\":\"john.doe@example.com\",\"password\":\"ignored\"}";


        ObjectMapper objectMapper = new ObjectMapper();

        User user = objectMapper.readValue(json, User.class);


        System.out.println("Deserialized User: ");

        System.out.println("Name: " + user.getName());

        System.out.println("Email: " + user.getEmail());

        System.out.println("Password: " + user.getPassword()); // null

    }

}

Output:

Deserialized User: 
Name: John Doe
Email: john.doe@example.com
Password: null

Using @JsonIgnore in REST Assured

When testing APIs with REST Assured, you can use the same User POJO to verify responses or send requests. Here’s an example of how to use it in a test:

import io.restassured.RestAssured;

import io.restassured.http.ContentType;


import static io.restassured.RestAssured.given;


public class RestAssuredExample {

    public static void main(String[] args) {

        User user = new User();

        user.setName("Jane Doe");

        user.setEmail("jane.doe@example.com");

        user.setPassword("hiddenPassword");


        RestAssured.baseURI = "https://api.example.com";


        given()

            .contentType(ContentType.JSON)

            .body(user)

        .when()

            .post("/users")

        .then()

            .statusCode(201)

            .log().all();

    }

}

Here, the password field is excluded from the serialized payload sent to the API.


Key Considerations

  1. Flexibility: Use @JsonIgnore when you want a field to be ignored globally. For more control, consider @JsonIgnoreProperties or @JsonInclude.
  2. Testing: Ensure the field exclusion aligns with your API specifications and use case requirements.
  3. Security: Avoid exposing sensitive information like passwords or tokens unnecessarily.

Followers