Omit password field while retrieving User entity

Question

I've a User entity.

public class User {
    private String username;
    private String password;

    private String firstname;
    private String lastname;
    /* Other user attributes */
    /* Getters and Setters */
}r

I need to send this user to view layer to display user info but I don't want password field to be sent to view layer for security concerns.

Currenlty, I am not using DTOs.

How can I omit password field while retrieving User entity from database?

Basically, how can I filter password field from User entity while sending to view layer?

My application is built with spring-data-jpa and spring-mvc.

Well . . . your first problem is that you're storing the password. That's an issue right off the bat. — Aurand, May 26 '14 at 04:14
Thanks for your response. How else can it be done? Can you provide some guidance? — TheKojuEffect, May 26 '14 at 04:21
This question is a start: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords (yes, it's php, no, it doesn't matter). — Aurand, May 26 '14 at 04:50

score 0 · Accepted Answer · answered May 26 '14 at 06:50

0

You may want to use JPA-Projections Example . Spring may have similar feature..

answered May 26 '14 at 06:50

user1493834

756
4
11
25

Omit password field while retrieving User entity

1 Answers1