1

I have a tlogin table in my DB which has got a primary key of String type, called Login. This key is not generated by Hibernate authomatically, as it is assigned by the application. Here it is the mapping:

<id name="_Login" column="Login" unsaved-value="null">
    <generator class="assigned" />
</id>

My problem comes when user logs in the application. Hibernate get and load methods seem to return an object with the key that user has typed into the log in form. I'm trying the following code:

@Override
public CLogin loadLogin(String userName) throws AccessException {
    try {
        Session sesion = this._dao.init();
        CLogin login = (CLogin) sesion.get(CLogin.class, userName);
        return login;
    } catch (HibernateException e) {
        throw new AccessException(e.getMessage(), e);
    }
}

Here for example even the username is stored as example@hotmail.com in the DB, if the end user logs with EXAMPLE@hotmail.com, it will retrieve the object from the DB, but with EXAMPLE@hotmail.com key. I want to permit the user access the app, but I want to get his username as it is stored in the DB.

Do I have to implement a criteria for that?

Aritz
  • 30,971
  • 16
  • 136
  • 217

2 Answers2

1

I would personally go for (as a namedQuery)

SELECT * FROM `table` WHERE LOWER(`Login`) = LOWER("EXAMPLE@hotmail.com")

but there are other ways.

See MySQL case insensitive select

Community
  • 1
  • 1
Scary Wombat
  • 44,617
  • 6
  • 35
  • 64
  • If I have to do that, I would try as an HQL query in order of SQL, to [avoid SQL injection](http://stackoverflow.com/questions/10122894/sql-injection-through-hibernate-criteria-session-saveobject). – Aritz Jun 06 '13 at 08:35
  • Sorry I could not tell if you were using JPA or not, but if so then I find that NamedQueries or PreparedStatements are a lot clean, and of course avoid SQL Injection. – Scary Wombat Jun 06 '13 at 08:44
  • Yeah, being the question about Hibernate itself, of course I use JPA access. Look at the final solution I achieved. Thanks anyway. – Aritz Jun 06 '13 at 10:40
0

I finally achieved to solve it using an Hibernate Criteria. I use an ilike restriction which is an insensitive type of like, in addition to MatchMode.Exact, which allows to filter only the exact matches.

That's how it works:

public CLogin loadLogin(String userName) throws AccessException {
        try {
            Session sesion = this._dao.init();
            CLogin login = (CLogin) sesion.createCriteria(CLogin.class).add(
                    Restrictions.ilike("_Login", userName.toLowerCase(), MatchMode.EXACT))
                    .uniqueResult();
            if (login == null) {
                throw new AccessException("User does not exist");
            }
            return login;
        } catch (HibernateException e) {
            throw new AccessException(e.getMessage(), e);
        }
    }
Aritz
  • 30,971
  • 16
  • 136
  • 217
  • I'm also torubling into this step. I fixed it by using namedQuery, but i dont want to write the custom method to get the user info or criteriaQuery . I want to know the reason why the default find() or get() method wont works in this. Can you help me out? – Dinesh ML Nov 26 '15 at 12:37