Hi!
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?
Another approach is to encrypt, or obfuscate in some way, certain fields in a
servlet filter or handler.
Handlers are for
SOAP web services (JAX-WS).
Regretfully, JAX-RS does not seem to have any specification for interceptors, though there are work done in this area.
See:
http://bill.burkecentral.com/2011/05/24/interceptors-in-jax-rs-2-0/
So I guess that a servlet filter is the only option with a RESTful web service. Do correct me if I am wrong!
Best wishes!