AntiPattern
Header-Based Auth Validation
untrusted-header-identity
User-supplied HTTP request headers drive auth/identity (e.g., IP/heartbeats) but the server cannot verify authenticity, so validation annotations miss gaps (class-level @Validated, empty-string @NotBlank) and misconfigurations return wrong errors.