Skip to content
Don't expose your database IDs on front end.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Build status on Codacy Badge


Undisclose IDs with Obfuscated-IDs

Obfuscated-IDs is a java open-source library that allows you to easily avoid to expose the internal IDs of your database at web level.

Obfuscated-IDs is based on:


With a Spring Framework and Obfuscated-IDs i's possible to write a @Controller that automatically allows the code to use the real numeric ID while it is always shown in its disguised form at the outside. For instance, look at this @RestController.

    public class EchoController {

        public String getCode(@PathVariable AutoObfuscatedId obfuscatedUserId, @PathVariable String message) {
            long id =;
            // ...access the database with the numeric id
            User user = userRepo.findOne(id);
            return "User " + obfuscatedId + " says '" + message + "'";


It exposes a service that can be invoked like that...


But will return the corresponding numeric ID.

Quick Start

Add the following Maven dependency


[!] Please, check on Maven Central the latest version.

Configure an IdObfuscator.

public static IdObfuscator idObfuscator() {
    return new HashIdObfuscator();

Add a @RestControllerAdvice that enables the conversion of parameters of type AutoObfuscatedId.

public static class Advice {

    @Autowired IdObfuscator obfuscator;

    public void addSupportForObfuscatedId(WebDataBinder binder) {
        binder.registerCustomEditor(AutoObfuscatedId.class, new AutoObfuscatedIdSupport(obfuscator));


Write your controller.

@Autowired @Autowired IdObfuscator obfuscator;

public List<String> getUsers() {
    return asList(
        obfuscator.disguise( user1.getId() ),
        obfuscator.disguise( user2.getId() )

public String getUser(@PathVariable AutoObfuscatedId obfuscatedDbId) {


Maven GPG Plugin

Make sure GPG is correctly set up executing the following commnad.

mvn gpg:sign

If that returns this error...

gpg: no default secret key: unusable secret key
gpg: signing failed: unusable secret key

...then A GPG key is needed. If one is available you can import it with...

gpg --import ~/mygpgkey_pub.gpg
gpg --allow-secret-key-import --import ~/mygpgkey_sec.gpg

Rerun again mvn gpg:sign to check all is in place.

Sonatype OSS Repository Hosting

Make sure the Sonatype OSS Repository Hosting is properly set up checking that the Maven's settings.xml contains a reference to it.

cat ${user.home}/.m2/settings.xml

You should see something like that...


Deploy A New Release

To deploy it should be enough to issue the following commands.

mvn clean release:clean 
mvn release:prepare
mvn release:perform





You can’t perform that action at this time.