-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ExclusionStrategy cannot depend on threadlocal #2205
Comments
Is this about field or type exclusions?
In both cases, once As workaround for the type exclusions you could probably write a custom Out of curiosity, could you share a bit more information about how exactly you are using the |
Thanks for the explanation, @Marcono1234 , this confirms my findings so far. To illustrate my problem, suppose i would like to expose certain DTO fields based on whether the user is authenticated or not.
`public class MyDto {
}`
`public class AuthenticationBasedFieldExclusionStrategy implements ExclusionStrategy {
} |
In a Spring environment (or equivalent), it is common practice to implement security by checking on the current security context, which is a threadlocal object. Gson exclusion strategies are only evaluated once, it seems. I understand this is a performance concern, but would appreciate if this could be made configurable. At the minimum a warning could be placed on the ExclusionStrategy interface.
The text was updated successfully, but these errors were encountered: