GeeCON Prague 2014*
The moose likes Object Relational Mapping and the fly likes Hibernate: How to disable insert? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Databases » Object Relational Mapping
Bookmark "Hibernate: How to disable insert?" Watch "Hibernate: How to disable insert?" New topic
Author

Hibernate: How to disable insert?

Hanna Habashy
Ranch Hand

Joined: Aug 20, 2003
Posts: 532
How can insertion to a table be disabled?

I have some lookup tables that should be read only. Is there anyway to instruct hibernate to reject any attempt to insert into that table?

Thanks


SCJD 1.4<br />SCJP 1.4<br />-----------------------------------<br />"With regard to excellence, it is not enough to know, but we must try to have and use it.<br />" Aristotle
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

I'd do this at database level. Revoke insert permissions for your DataSource user on those tables.

All properties have insert and update attributes your can use too.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Hanna Habashy
Ranch Hand

Joined: Aug 20, 2003
Posts: 532
Paul:

I am disabling insert and update for all properties, but I was wondering if there is any other way to accomplish the same thing for the whole class.

Also, if all of the fields in the table are nullable (it shouldn't but if), the a user can still insert records, because primary key fields cannot be disabled for update and insert.
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

Well, the only way Hibernate does an insert is if you create an instance of your class and it not have an id value. So where in your application code are you creating an instance of a read-only class and not loading it from the database?

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Hanna Habashy
Ranch Hand

Joined: Aug 20, 2003
Posts: 532
Well, the only way Hibernate does an insert is if you create an instance of your class and it not have an id value.

Not entirely true. If the class has its ID generation as 'assigned', then a user can assign an ID to an instance of a class, and ask Hibernate to save it.

So where in your application code are you creating an instance of a read-only class and not loading it from the database?


I am not worried about my code, I am worried about other developers' doing that. My API throws OperationNotSupportedException, if someone attempts to invoke the 'save()' method (provided in the api as one of CRUD operations).
However, I want to prevent any malicious attempts of one not using the api and writing his own code.

The project I am working on is a distribute jar file, which is going to be used among many applications. Possibly across multiple divisions, so I want to make sure that no one can insert in a table where he shouldn't.
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


I am not worried about my code, I am worried about other developers' doing that. My API throws OperationNotSupportedException, if someone attempts to invoke the 'save()' method (provided in the api as one of CRUD operations).
However, I want to prevent any malicious attempts of one not using the api and writing his own code.

Sounds like this needs to be prevented in the data model then. If another developer can write code not using the API you provide whether or not you can do this in Hibernate is neither here nor there. Revoke insert permissions on the entities you want to make read only.
Lakshmi Dasari
Ranch Hand

Joined: Mar 03, 2003
Posts: 35
You can use the tag mutable="false" in the class declaration of the hbm.


Lakshmi
 
GeeCON Prague 2014
 
subject: Hibernate: How to disable insert?