Getting Started
This guide adds Ihawu to a Spring Boot application and masks a field end to end.
-
Add the starter. It pulls
ihawu-coretransitively, so it’s the only dependency you add.implementation("org.ihawu:ihawu-spring-boot-starter:0.1.0")<dependency><groupId>org.ihawu</groupId><artifactId>ihawu-spring-boot-starter</artifactId><version>0.1.0</version></dependency> -
Annotate your response type and mark the sensitive fields’ resource.
@IhawuResource("employee")data class EmployeeResponse(val id: String,val fullName: String,val email: String,val salary: Double,val socialSecurityNumber: String,) -
Define a policy. Supply a
ResourcePolicyProviderbean with per-role rules (or bind them from configuration).@Beanfun resourcePolicyProvider() =ResourcePolicyProvider {listOf(ResourcePolicy(resourceName = "employee",roleFieldPolicies = mapOf("MANAGER" to listOf(FieldPolicy("socialSecurityNumber", MaskingStrategy.REDACT, "***-**-****"),),"EMPLOYEE" to listOf(FieldPolicy("salary", MaskingStrategy.HIDE),FieldPolicy("socialSecurityNumber", MaskingStrategy.HIDE),),),),)} -
Call the endpoint. The same handler now returns different fields per role — a
MANAGERsees a redacted SSN; anEMPLOYEEsees neither salary nor SSN; an unconfigured role sees the full record (masking is a denylist).
A runnable example
Section titled “A runnable example”The repository ships a complete, runnable sample under samples/spring-boot-sample — a secured
endpoint, three roles, and an integration test that pins each role’s masked JSON. It’s the fastest way
to see Ihawu working against a live HTTP endpoint.
Next steps
Section titled “Next steps”- Understand the model in How Ihawu Works.
- Browse the full API in the Dokka reference.