0

Is there a way to mark certain properties not to retrieve at all?

I have a unique pepper row inside my user table and I don't want to load this pepper and the hashed password if a User is retrieved.

I don't have any needs for it on the remote client and so I want to make sure it is not accidently passed to it.

If i need to regenerate or change a password at the application server I can retrieve the pepper via a named query.

djmj
  • 5,579
  • 5
  • 54
  • 92
  • 1
    doesnt creating a dto for transfer which doesn't have a pepper and passwordhash solce your problem? – Firo Jul 15 '12 at 16:48
  • It would, but i am sending the Entity classes to the client. I currently set those values to null before sending. – djmj Jul 15 '12 at 17:28
  • sending entities causes problems sooner than you think ( http://stackoverflow.com/q/1688473/671619 ) and also viewdata is often different from entities – Firo Jul 15 '12 at 18:34
  • DTO's seem to be a good idea, and i will definetly consider using those in the client view (shop). But in my database back-end using entities saved a lot of programming time. – djmj Jul 18 '12 at 00:05

2 Answers2

1

You could possibly implement an Interceptor and override the onLoad Method: More Information on Hibernate Interceptors Here

I have used this strategy overriding the onFlushDirty and onSave Methods to update Timestamp fields. I have never used it during onLoad.

Here is an example Interceptor based on a similar one I have used (Not Tested):

public final class PepperInterceptor extends EmptyInterceptor {

    /** The Value to set as the Pepper field when loading from the DB. */
    private static final String DEFAULT_PEPPER = "[PROTECTED-PEPPER]";

    @Override
    public boolean onLoad(final Object entity, final Serializable id, final Object[] currentState,
            final Object[] previousState, final String[] propertyNames, final Type[] types) {


        if (entity instanceof User) {
            for (int i = 0; i < propertyNames.length; i++) {
                if (propertyNames[i].equalsIgnoreCase("pepper")) {
                    currentState[i] = DEFAULT_PEPPER;
                }
            }

            return true;
        }
        return super.onLoad(entity, id, currentState, previousState, propertyNames, types);
    }

}

EDIT:

Thinking about this further, you would have to ensure the value is never overwritten with the DEFAULT_PEPPER, possibly using something like updatable=false in the column definition of your Entity Class

edwardsmatt
  • 2,034
  • 16
  • 18
  • Will have a look at this but it looks pretty overhead especially if there are more Entities to control. +1 for the `update=false`! – djmj Jul 17 '12 at 23:54
0

Hibernate allows for overriding the generated sql as required.

http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Platform/5/html/Hibernate_Annotations_Reference_Guide/entity-hibspec-customsql.html

The @Loader annotation may be of use.

Alan Hay
  • 22,665
  • 4
  • 56
  • 110