1

Lets say I have models Configuration and User. In Configuration I specify relation to User like this: @ManyToOne(fetch = FetchType.EAGER) @JoinColumn(name= "user") private User author;

And then when I want all configuration per specific user I get something like this: {"id":1,"key":"Layout","value":"boxed","author":{"id":1,"name":"Roy","login":"roy","password":"spring"}}

How can I protect

Admir Sabanovic
  • 645
  • 1
  • 11
  • 18
  • 2
    http://stackoverflow.com/questions/5115527/how-to-make-an-entity-read-only – fantarama Jul 13 '15 at 08:20
  • _from being read_ is what I dont understand.. I dont know why any one wud do that in Hibernate.. You can handle this at your app,s middleware – Viraj Nalawade Jul 13 '15 at 08:30
  • DO you instead what to encrypt the password or remove the entries from your JSON response??Please specify what are you using for Json parsing in that case.. – Viraj Nalawade Jul 13 '15 at 08:32

3 Answers3

1

I am not sure if this solves your problem. But it looks like typical need of View instead of direct table fetch.

In View you can control which all columns to be read or not to be read.

Atanu Pal
  • 135
  • 2
  • 11
0

There's no way of Hibernate-read protection. You can protect fileds from beeing updated or inserted using declarations (insertable = false, updatable = false). If you want not to give some fields to the user you should use high-level logic, like filtering fields in your Json.

Ermintar
  • 1,322
  • 3
  • 22
  • 39
  • Thank you. I found something about lazy fetching type where I could implement that or I should as u said do something before json return in controller. – Admir Sabanovic Jul 13 '15 at 10:48
  • @Admir Šabanović Lazy won't work with simple types or OneToOne references if they are marked as nullable. If nullable=false that might do the trick. – Ermintar Jul 13 '15 at 11:07
0

I have found solution. In entity class, if I join column I can simply put annotation @JsonIgnoreProperties({"prop1", "prop2"}), or if it is standard type property @JsonIgnore is enough.

Admir Sabanovic
  • 645
  • 1
  • 11
  • 18