I have a user entity:
public class SpringUsers implements Serializable {
private String password;
@Basic
@Column(name = "password")
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
And its repository:
public interface SpringUsersRepository extends CrudRepository<SpringUsers, Integer> {
SpringUsers findByUsername(String username);
List<SpringUsers> findByUserId(Integer userId);
}
And I have a controller method that should get a list of all registered users with the same userId (internally used) as the authenticated user:
public List<SpringUsers> getRegisteredUsers() {
CustomUserDetails authenticatedUserDetails = getCustomUserDetails();
List<SpringUsers> registered = springUsersRepository.findByUserId(
authenticatedUserDetails.getUserMyId());
return registered.stream().map(v -> {
v.setPassword(null);
return v;
}).collect(Collectors.toList());
}
I do not want to pass the password (even if it is encrypted) to the external interface - so I pass it to users and set the password to null, as you can see above.
However, I wonder if it’s possible to simply not include the user password in the query result in the first place?
Version Information:
Spring boot 1.4.0 & Hibernate 5.0.9.Final