Currently I'm learning the Spring framework, mainly focusing on it's Security Module. I've watched some guides in connection with registration and login. I saw this common usage of transient keyword or @Transient annotation on the password field in the User class.
My dummy app is using Spring Boot + Spring MVC + Spring Security + MySQL.
I know that
Java's transient keyword is used to denote that a field is not to be serialized.
JPA's @Transient annotation...
...specifies that the property or field is not persistent. It is used to annotate a property or field of an entity class, mapped superclass, or embeddable class.
and the org.springframework.data.annotation's @Transient annotation...
Marks a field to be transient for the mapping framework. Thus the property will not be persisted and not further inspected by the mapping framework.
In my MySQL db I have my spring_demo schema which has 3 tables:
+-----------------------+
| Tables_in_spring_demo |
+-----------------------+
| role |
| user |
| user_role |
+-----------------------+
When I'm using the transient keyword on the password field int the User class, it would not be stored in the MySQL db. (example: test01)
mysql> select * from user;
+----+--------+------------------+----------+
| id | active | email | username |
+----+--------+------------------+----------+
| 1 | 1 | test01@gmail.com | test01 |
+----+--------+------------------+----------+
1 row in set (0,00 sec)
When I'm using the javax.persistence @Transient annotation on the password field in the User class, it also would not be stored in the MySQL db. (example: test02)
But... when I'm using the org.springframework.data.annotation @Transient annotation on the password field in the User class it does stored in the MySQL db. (example: test03) Why is that?
mysql> select * from user;
+----+--------+------------------+----------+--------------------------------------------------------------+
| id | active | email | username | password |
+----+--------+------------------+----------+--------------------------------------------------------------+
| 1 | 1 | test02@gmail.com | test02 | |
| 2 | 1 | test03@gmail.com | test03 | $2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO |
+----+--------+------------------+----------+--------------------------------------------------------------+
2 rows in set (0,00 sec)
My main questions are, when I'm using the spring.data based @Transient annotation the password field has persisted. Why? And why should I use any @Transient annotation on a password field?
Thank you for your guidance and help in advance!
See Question&Answers more detail:
os