Is Spring Boot emptying "password" fields in the request?
Is Spring by default filtering out a field called "password" from the request? it is always null. I think I read something about that before. But how can I disable it for this specific endpoint?
The screenshot shows the request on the right and the debugger output on the left for the SingUpRequest. password is always empty and I don't understand why. I'm just starting with Spring, trying to get out of the PHP world.
Controller Signature:
@PostMapping("/sign-up")
public String SignUp(
@RequestBody SignUpRequest signUp
)
public class SignUpRequest {
public Account account;
public Organization organization;
public UserProfile userProfile;
public Account getAccount() {
return account;
}
public void setAccount(Account account) {
this.account = account;
}
public Organization getOrganization() {
return organization;
}
public void setOrganization(Organization organization) {
this.organization = organization;
}
public UserProfile getUserProfile() {
return userProfile;
}
public void setUserProfile(UserProfile userProfile) {
this.userProfile = userProfile;
}
}
Account Entity:
@Entity
@Table(name = "accounts")
public class Account {
@Id()
public String accountId;
@NotBlank(message = "Email is required")
public String email;
@NotBlank(message = "A password is required")
public String password;
public String confirmPassword;
public String test;
public String emailVerificationToken;
public LocalDateTime emailVerificationTokenExpiresAt;
public void setEmail(String email) {
this.email = email;
}
public String getEmail() {
return email;
}
public String setPassword(String password) {
return password;
}
public String getPassword() {
return password;
}
public void setEmailVerificationToken(String emailVerificationToken) {
this.emailVerificationToken = emailVerificationToken;
}
public String getEmailVerificationToken() {
return emailVerificationToken;
}
public void setEmailVerificationTokenExpiresAt(LocalDateTime emailVerificationTokenExpiresAt) {
this.emailVerificationTokenExpiresAt = emailVerificationTokenExpiresAt;
}
public LocalDateTime getEmailVerificationTokenExpiresAt() {
return emailVerificationTokenExpiresAt;
}
public boolean checkIfEmailVerificationTokenIsExpired() {
return LocalDateTime.now().isAfter(emailVerificationTokenExpiresAt);
}
@Override
public String toString() {
return "Account{" +
"accountId='" + accountId + '\'' +
", email='" + email + '\'' +
", password='" + password + '\'' +
", emailVerificationToken='" + emailVerificationToken + '\'' +
", emailVerificationTokenExpiresAt=" + emailVerificationTokenExpiresAt +
'}';
}
}
The JSON I'm sending via Postman:
{
"account": {
"email": "fk@kreative-design.net",
"password": "password",
"confirmPassword": "password",
"test": "test"
},
"organization": {
"name": "Phauthentic"
},
"userProfile": {
"firstName": "Florian",
"lastName": "Krämer"
}
}
Solution
Well, a Getter is a Getter, and a Setter should act like a Setter. Try this:
@Entity
@Table(name = "accounts")
public class Account {
@Id()
public String accountId;
@NotBlank(message = "Email is required")
public String email;
@NotBlank(message = "A password is required")
public String password;
public String confirmPassword;
public String test;
public String emailVerificationToken;
public LocalDateTime emailVerificationTokenExpiresAt;
public void setEmail(String email) {
this.email = email;
}
public String getEmail() {
return email;
}
public void setPassword(String password) {
this.password = password;
}
public String getPassword() {
return password;
}
public void setEmailVerificationToken(String emailVerificationToken) {
this.emailVerificationToken = emailVerificationToken;
}
public String getEmailVerificationToken() {
return emailVerificationToken;
}
public void setEmailVerificationTokenExpiresAt(LocalDateTime emailVerificationTokenExpiresAt) {
this.emailVerificationTokenExpiresAt = emailVerificationTokenExpiresAt;
}
public LocalDateTime getEmailVerificationTokenExpiresAt() {
return emailVerificationTokenExpiresAt;
}
public boolean checkIfEmailVerificationTokenIsExpired() {
return LocalDateTime.now().isAfter(emailVerificationTokenExpiresAt);
}
@Override
public String toString() {
return "Account{" +
"accountId='" + accountId + '\'' +
", email='" + email + '\'' +
", password='" + password + '\'' +
", emailVerificationToken='" + emailVerificationToken + '\'' +
", emailVerificationTokenExpiresAt=" + emailVerificationTokenExpiresAt +
'}';
}
}
Note the difference in the setPassword method.
Also, you're mixing up the access types of the related fields. Eg. for confirmPassword there are no Getter/Setter in place, so the ORM falls back to direct field reflection settlement. Use either the one or the other. When there is no specific reason to go with Getter/setter, add @Access(AccessType.FIELD) to the class. Otherwise provide Getter/Setter for all fields. Anyhow, try to stay consistent.
- spring cache - Null key returned for cache operation
- Different / better approaches for calling python function from Java
- Calling Python Functions from Java (Without Jython, because it is too slow.)
- How do I resolve ClassNotFoundException?
- How to call a java function from python/numpy?
- Calling Java from Python
- Calling Java from Python
- adding custom objects to a list field inside a custom object
- What are Java command line options to set to allow JVM to be remotely debugged?
- Syntax to move backwards in LinkedList?
- Unhandled Exception in Java
- Immutable array in Java
- Final arguments in interface methods - what's the point?
- Does VaadinSession automatically start a session after entering the url in the browser?
- print a LinkedList list in order, forward and backwards
- Serialization of anonymous class in Java
- How can I resize a rectangular image to a square image while maintaining aspect ratio in Java?
- Calling Python in Java?
- How to convert an html String to a PDF InputStream?
- Please explain this very confusing way String intern works
- Jackson XML parsing, two wrappers have the same child element
- Why I get error transaction is in progress when my listener phase AFTER_COMMIT
- How can I call a Go function from Java using the Java native interface?
- How to remove single character from a String by index
- Why are some Android APKs JAR archives and some are ZIP?
- How to include the SPI "uses" and/or "provides" section for a module with Javadoc?
- okhhtp3 mockserver java.lang.NoClassDefFoundError: okhttp3/internal/concurrent/TaskRunner$RealBackend
- Not able to use Coil library in Android View project with mixed Java-Kotlin code
- Oracle testcontainer is not starting in the pipeline
- Creating Model on GRCC TCG