bgraves
Reputation: 839
Spring Data JPA PageRequest order by Map value property
Simplified version of my problem: Suppose there are two entities, Fish and Chip.
Fish has a one-to-many relation to Chip modeled as a Map:
public class Fish {
@OneToMany
@JoinTable(name = "the_map",
joinColumns = @JoinColumn(name = "fish_id"),
inverseJoinColumns = @JoinColumn(name = "chip_id")
)
@MapKeyColumn(name = "the_key")
private Map<Integer, Chip> chipsMap;
}
The following HQL-Query produces valid SQL:
from Fish order by chipsMap[2].createDate
Trying the same with Spring Data
PageRequest pr = new PageRequest(0, 10,
Sort.Direction.ASC.fromString("chipsMap[2].createDate"));
fishRepository.findAll(pr);
throws
org.springframework.data.mapping.PropertyReferenceException:
No property chipsMap[2] found for type Fish!
Problem in Spring Data JPA? Or wrong syntax?
Upvotes: 3
Views: 1404
Answers (1)
Oliver Drotbohm
Reputation: 83051
As documented here, Sort needs a safe expression as it could potentially use unexposed properties and thus become a security problem. See this CVE for details.
If you know what you're doing and not using potentially malicious end user sort phrases, you can use JpaSort.unsafe(…).
Upvotes: 2
Related Questions
- Use OrderBy with JPARepository
- Spring data sort by nested property
- Sort based on property values in spring boot
- Order by clause query in Spring MVC with MapSqlParameterSource
- Spring JPA PageRequest ordering by a join column
- Spring repository pagerequest orderby string combination of multiple columns
- spring data sort by map-value within a given key
- Named query method to order a Page
- Order Page by different Date Properties with Spring Data
- Spring Data - Page Request - order by function