I implemented a basic JPA authentication following this tutorial.
I wanted to create an endpoint /mydetails
to display user information (profile info).
What I've tried:
@GetMapping("/mydetails")
public Optional<User> getUser(HttpServletRequest request) {
Optional<User> foundUser = Optional.ofNullable(userRepo.getUserByUsername(request.getUserPrincipal().getName()));
return foundUser;
}
Outcome:
{
"id":1,
"username":"[email protected]",
"password":"$2a$10$7YzUO6scaC06LV6IgOsSXetFm4/U0WM.UZykhRfQcJBzKacyZFMK",
"first_name":"John",
"last_name":"Walker",
"organization_name":"ABC",
"role":"Admin",
"credibility_rating":"100"
}
The problem is that this literally takes out all the information and I want everything except the password.
How could I stop the response from sending the password information?
I am totally new to Spring and have not used Java for many years.
Any insight would be highly appreciated.
CodePudding user response:
It seems you are talking about a REST controller that returns JSON. With the default configuration, Spring Boot uses Jackson to transform objects to JSON. The most simple fix would be to tell Jackson to ignore the password
field in your User
class:
public class User {
...
@JsonIgnore
private String password;
...
}
See this article for more information.