Reputation: 2535
Why does Hibernate persist an object of its own initiative?
I have to see the bottom of that. Here's a brief abstract: I have a Configuration model object which has some configuration settings along with a username and a password. Of course, the password is encrypted and I have to decrypt it to use it. Pragmatically, I load the Configuration object with Hibernate (the password is encypted), I get the password, I decrypt it, and I set the password attribute to the newly evaluated plaintext (I use the setter mothod). Please note that I never store the Configuration object again. The weird result is that I found the CONFIGURATIONS table updated with the password plaintext in the db! I guess the Hibernate caching system has a role in the mystery, but I must understand why and how.
The details in the following:
I use a Spring framework, version 3.1.2 RELEASE
servlet.xml
<!-- HIBERNATE -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>4.0.0.Final</version>
</dependency>
service
@Service("configurationManager")
public class ConfigurationManager {
//attributes and blah blah
public Configuration loadConfiguration()
{
//the Configuration's password attribute is encrypted in the db
Configuration configuration = configurationDao.load();
if(configuration!=null)
{
//...to use the password I must decrypt it
if(!(configuration.getPassword()==null || configuration.getPassword().isEmpty()))
{
String encryptedText = configuration.getPassword();
String decryptedText = credentialsManager.decrypt(encryptedText);
//after decrypting the password, I set the Configuration's password attribute to the plaintext password
//I'll never ever store the Configuration obj with the newly set password.
configuration.setPassword(decryptedText);
}
}
return configuration;
}
}
(maybe useless) clue: I notice this Hibernate behaviour since I started to use AOP for different purposes. I can't see a clear connection between the two things, but I report anyway it. I included these libs in the project:
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.7.2</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.7.2</version>
</dependency>
Upvotes: 1
Views: 101
Answers (1)
Reputation: 1648
When you load an object with hibernate, the instance is bound to the session you loaded it with, and keep track of all changes to it. When the session is eventually flushed (calling the appropriate method or internally due to FlushMode selection on the session behaviour) the changes are synchronized to the db.
Either do not change the object you loaded and store the unencrypted password in e.g. a nonpersistent attribute, or call evict to detach it from the session.
Edit: for some background info, see hibernate docs, and in particular section 11.1 - hibernate object states - you can see there that an object loaded from a session is in a Persisted state, and that changes are persisted when the work unit completes (i.e. the session is flushed.
Upvotes: 2
Related Questions
- Strange behavior of hibernate
- Why hibernate runs delete and insert commands for embaddable objects
- How is it possible for the detached entity to be a persistent object in hibernate?
- what is persistence in hibernate?
- Hibernate trying to persist same object twice
- Persists an object with Hibernate
- Java - Why does hibernate detects a dirty object though it is already saved?
- How does Hibernate keep track of object internally if no identifier is defined in the entity?
- Hibernate persistent object behavior
- Hibernate: Persisting Objects