Hi all, I did something wrong today in Grails which allowed to revel private info in a REST API. Basically I registered a json marshaller, and used { instead of [, and the whole application, configuration, environment variables, etc was printed out as JSON.

it.registerObjectMarshaller(AuditDetails) { audit ->
            def a = [
               system_id: audit.systemId,
               committer: audit.committer, // PartyProxy
               time_committed: {
                  value: audit.timeCommitted
               }
            ]
            if (audit.changeType) a << [changeType: audit.changeType.toString()] // TODO: transform to coded text
            return a
         }

that printed EVERYTHING out!

"time_committed": {
			"audit": {
				"_ref": "../..",
				"class": "com.cabolabs.ehrserver.openehr.common.generic.AuditDetails$HibernateProxy$quMc648M"
			},
			"delegate": {
				"delegate": {
					"delegate": {
						"PS": "/",
						"configurationService": {
							"applicationContext": {
								"active": true,
								"applicationListeners": [ ....