Custom annotation for Confidential data

Question

I am creating an application where I am planning to take confidential data of the user. But for debugging issues I am planning to log the values like for which username there is an issue. But dont want to log their passwords.

I have this sample code:

StringBuffer errorBuilder = new StringBuffer();
violations.forEach(v -> errorBuilder.append("\r\n\"")
                            .append(v.getPropertyPath())
                            .append("\": ")
                            .append(v.getMessage())
                            .append(" -- ")
                            .append(v.getInvalidValue())); // Avoid print here
return errorBuilder.toString();

This is the sample class

@Getter
@Setter
public class UserCredentials {
    @NotNull
    @Size(min=5, max=15)
    private String username;

    @NotNull
    @Pattern(regex=Constants.Regex.PASSWORD)
    private String password;

    @NotNull
    @Pattern(regex=Constants.Regex.DOB)
    private String dob;

    @NotNull
    @Pattern(regex=Constants.Regex.EMAIL)
    private String email;
}

There are two ways which I thought: To place a the "password" in a list and check if getPropertyPath contains values from the list and avoid printing invalidValue.

But is there any annotation or can there be any annotation like @Confidential where I can avoid printing this value.

I will not mind creating a custom annotation. I thought this way it is much cleaner and I dont have to write everytime the fieldname which I am checking as Confidential in the list.

I thought of doing this way:

StringBuffer errorBuilder = new StringBuffer();
violations.forEach(v -> {
if (v.getPropertyPath() has annotation @Confidential) { // Looking for this.
    errorBuilder.append("\r\n\"")
                                .append(v.getPropertyPath())
                                .append("\": ")
                                .append(v.getMessage())
} else {
     errorBuilder.append("\r\n\"")
                                .append(v.getPropertyPath())
                                .append("\": ")
                                .append(v.getMessage())
                                .append(" -- ")
                                .append(v.getInvalidValue()));
}
});
return errorBuilder.toString();

Any thoughts on how to create this annotation and check these scenarios?

Answer 1

Thinking of a work around --

On my POJOs, I have placed an exception on toString().

@Getter
@Setter
@ToString(exclude="password")
public class UserCredentials {
    @NotNull
    @Size(min=5, max=15)
    private String username;

    @NotNull
    @Pattern(regex=Constants.Regex.PASSWORD)
    private String password;

    @NotNull
    @Pattern(regex=Constants.Regex.DOB)
    private String dob;

    @NotNull
    @Pattern(regex=Constants.Regex.EMAIL)
    private String email;
}

And placed only this logic:

StringBuffer errorBuilder = new StringBuffer();
violations.forEach(v -> {
    errorBuilder.append("\r\n\"")
                                .append(v.getPropertyPath())
                                .append("\": ")
                                .append(v.getMessage())
});
return errorBuilder.toString();

And placing log for when I consume the POJO for validate and printing the error on validation (if there is an error) immediately after.