Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hibernate: How to disable insert?

 
Hanna Habashy
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can insertion to a table be disabled?

I have some lookup tables that should be read only. Is there anyway to instruct hibernate to reject any attempt to insert into that table?

Thanks
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd do this at database level. Revoke insert permissions for your DataSource user on those tables.

All properties have insert and update attributes your can use too.
 
Hanna Habashy
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul:

I am disabling insert and update for all properties, but I was wondering if there is any other way to accomplish the same thing for the whole class.

Also, if all of the fields in the table are nullable (it shouldn't but if), the a user can still insert records, because primary key fields cannot be disabled for update and insert.
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, the only way Hibernate does an insert is if you create an instance of your class and it not have an id value. So where in your application code are you creating an instance of a read-only class and not loading it from the database?

Mark
 
Hanna Habashy
Ranch Hand
Posts: 532
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, the only way Hibernate does an insert is if you create an instance of your class and it not have an id value.

Not entirely true. If the class has its ID generation as 'assigned', then a user can assign an ID to an instance of a class, and ask Hibernate to save it.

So where in your application code are you creating an instance of a read-only class and not loading it from the database?


I am not worried about my code, I am worried about other developers' doing that. My API throws OperationNotSupportedException, if someone attempts to invoke the 'save()' method (provided in the api as one of CRUD operations).
However, I want to prevent any malicious attempts of one not using the api and writing his own code.

The project I am working on is a distribute jar file, which is going to be used among many applications. Possibly across multiple divisions, so I want to make sure that no one can insert in a table where he shouldn't.
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am not worried about my code, I am worried about other developers' doing that. My API throws OperationNotSupportedException, if someone attempts to invoke the 'save()' method (provided in the api as one of CRUD operations).
However, I want to prevent any malicious attempts of one not using the api and writing his own code.

Sounds like this needs to be prevented in the data model then. If another developer can write code not using the API you provide whether or not you can do this in Hibernate is neither here nor there. Revoke insert permissions on the entities you want to make read only.
 
Lakshmi Dasari
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use the tag mutable="false" in the class declaration of the hbm.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic