@@ -103,6 +103,11 @@ public ResponseEntity<JSONResponse> registerUserAccount(@Valid @RequestBody User
103103 log .error ("Unexpected error during registration." , ex );
104104 logAuditEvent ("Registration" , "Failure" , ex .getMessage (), null , request );
105105 return buildErrorResponse ("System Error!" , 5 , HttpStatus .INTERNAL_SERVER_ERROR );
106+ } finally {
107+ // Clear sensitive password data from memory
108+ if (userDto != null ) {
109+ userDto .clearPasswords ();
110+ }
106111 }
107112 }
108113
@@ -244,6 +249,11 @@ public ResponseEntity<JSONResponse> savePassword(@Valid @RequestBody SavePasswor
244249 log .error ("Unexpected error during password reset." , ex );
245250 logAuditEvent ("PasswordReset" , "Failure" , ex .getMessage (), null , request );
246251 return buildErrorResponse ("System Error!" , 5 , HttpStatus .INTERNAL_SERVER_ERROR );
252+ } finally {
253+ // Clear sensitive password data from memory
254+ if (savePasswordDto != null ) {
255+ savePasswordDto .clearPasswords ();
256+ }
247257 }
248258 }
249259
@@ -293,6 +303,11 @@ public ResponseEntity<JSONResponse> updatePassword(@AuthenticationPrincipal DSUs
293303 log .error ("Unexpected error during password update." , ex );
294304 logAuditEvent ("PasswordUpdate" , "Failure" , ex .getMessage (), user , request );
295305 return buildErrorResponse ("System Error!" , 5 , HttpStatus .INTERNAL_SERVER_ERROR );
306+ } finally {
307+ // Clear sensitive password data from memory
308+ if (passwordDto != null ) {
309+ passwordDto .clearPasswords ();
310+ }
296311 }
297312 }
298313
0 commit comments