Open
Description
This is more of a question.
I do not want the password of user available in controller. After making the following change to the controller, I see the password of the User returned.
@RestController
public class GreetingController {
private static final String template = "Hello, %s! your password is %s";
private final AtomicLong counter = new AtomicLong();
@RequestMapping("/greeting")
public Greeting greeting(@AuthenticationPrincipal User user) {
return new Greeting(counter.incrementAndGet(), String.format(template, user.getName(),user.getPassword()));
}
}
In order to avoid password, I add the following in the User Entity.
@Entity
public class User {
......
@NotEmpty
@JsonIgnore
private String password;
......
}
I still see the password returned. Any help here will be very useful.
Thanks