Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
842 views
in Technique[技术] by (71.8m points)

jpa - @Transient annotation, @org.springframework.data.annotation.Transient annotation, transient keyword and password storing

Currently I'm learning the Spring framework, mainly focusing on it's Security Module. I've watched some guides in connection with registration and login. I saw this common usage of transient keyword or @Transient annotation on the password field in the User class.

My dummy app is using Spring Boot + Spring MVC + Spring Security + MySQL.

I know that

Java's transient keyword is used to denote that a field is not to be serialized.

JPA's @Transient annotation...

...specifies that the property or field is not persistent. It is used to annotate a property or field of an entity class, mapped superclass, or embeddable class.

and the org.springframework.data.annotation's @Transient annotation...

Marks a field to be transient for the mapping framework. Thus the property will not be persisted and not further inspected by the mapping framework.

In my MySQL db I have my spring_demo schema which has 3 tables:

+-----------------------+
| Tables_in_spring_demo |
+-----------------------+
| role                  |
| user                  |
| user_role             |
+-----------------------+

When I'm using the transient keyword on the password field int the User class, it would not be stored in the MySQL db. (example: test01)

mysql> select * from user;
+----+--------+------------------+----------+
| id | active | email            | username |
+----+--------+------------------+----------+
|  1 |      1 | test01@gmail.com | test01   |
+----+--------+------------------+----------+
1 row in set (0,00 sec)

When I'm using the javax.persistence @Transient annotation on the password field in the User class, it also would not be stored in the MySQL db. (example: test02)

But... when I'm using the org.springframework.data.annotation @Transient annotation on the password field in the User class it does stored in the MySQL db. (example: test03) Why is that?

mysql> select * from user;
+----+--------+------------------+----------+--------------------------------------------------------------+
| id | active | email            | username | password                                                     |
+----+--------+------------------+----------+--------------------------------------------------------------+
|  1 |      1 | test02@gmail.com | test02   |                                                              |
|  2 |      1 | test03@gmail.com | test03   | $2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO  |
+----+--------+------------------+----------+--------------------------------------------------------------+
2 rows in set (0,00 sec)

My main questions are, when I'm using the spring.data based @Transient annotation the password field has persisted. Why? And why should I use any @Transient annotation on a password field?

Thank you for your guidance and help in advance!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Within the Spring Framework you can use Mapping Framework to convert from one form to another. Say for example your spring java server side application needs send to user information to a client (webpage,mobile app) in JSON format.

@Entity
public class User {

@Id
private long id;

@Column(name = "username")
private String username;

@Column(name = "email")
private String email;

@Column(name = "password")
private String password;

}

Now to map this java entity object to JSON format you can either use a mapping framework (e.g jackson: com.fasterxml.jackson.databind.ObjectMapper) or do it manually.

The JSON format output that you would get when to convert user 2 object to JSON is:

{
   "id": 2,
   "email": "test03@gmail.com",
   "username": "test03",
   "password": "$2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO"
}

Now if you added :

@org.springframework.data.annotation.Transient
@Column(name = "password")
private String password;

and then used the Mapping Framwwork to again generate the JSON for the user 2 entity you would get:

{
   "id": 2,
   "email": "test03@gmail.com",
   "username": "test03",
}

Note the password field is missing from you JSON output. Thats because @org.springframework.data.annotation.Transient specifically states to the spring framework that the Object Mapper you are using should not include this value when converting from Java Object to JSON.

Also note if you attempted to persist the above entity into the database, it would still save it to the database because @org.springframework.data.annotation.Transient only applys to Object mapping frameworks not JPA.

So to recap:

transient is for all serializations (over the wire, saving to disk, saving to db)
javax.persistence.Transient is specifically for JPA DB serialization @org.springframework.data.annotation.Transient is for ObjectMapping Framework serializations used within Spring


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...