Sensitive Fields

Squizy supports marking entity fields as sensitive to protect confidential data such as passwords, personal identifiers, or financial information. Sensitive fields are always obfuscated when entities are fetched — regardless of the user's permissions.

How It Works

When a field is annotated with @SensitiveField, its value is masked in every response that returns the entity. This applies to all read operations: listings, tables, detail views, and API responses. The actual value is never included in standard entity queries.

java

@SquizyEntity
@Entity
public class Customer {

    @NotNull
    private String name;

    @SensitiveField
    private String taxId;

    @SensitiveField
    private String phoneNumber;

    // ...
}

In this example, taxId and phoneNumber are always returned as masked values — even for administrators.

Obfuscation Format

By default, sensitive fields are obfuscated using the DefaultObfuscator, which replaces the entire value with ****. This applies regardless of the original value's content or length.

The obfuscation behavior can be customized per field by providing a custom FieldObfuscator implementation via the obfuscatorClass attribute on @SensitiveField.

Revealing the Real Value

The fact that a user holds the readSensitive authority does not cause sensitive fields to be returned in clear text automatically. Instead, it grants access to a dedicated endpoint that retrieves the real value of a specific field:

http

GET /api/{entity}/{id}/properties/{property}

This endpoint is protected by the readSensitive authority (or a custom authority if defined on the field). Without the required authority, the request is rejected with 403 Forbidden.

UI Behavior

The UI adapts based on the user's permissions:

With readSensitive authority: A reveal button appears next to the obfuscated field. Clicking it makes a request to the property endpoint and displays the real value.
Without readSensitive authority: The field is displayed in its masked form with no option to reveal it.

This ensures that viewing sensitive data is always an explicit, auditable action rather than something that happens passively when loading a record.

Access Control

Reading sensitive field values requires the readSensitive authority for the entity. Custom per-field authorities can be defined using the authorityName parameter on @SensitiveField. See Authorities and @SensitiveField for details.

Sensitive Fields ​

How It Works ​

Obfuscation Format ​

Revealing the Real Value ​

UI Behavior ​