@Transient annotation, @org.springframework.data.annotation.Transient annotation, transient keyword and password storing
Asked Answered
N

1

27

Currently I'm learning the Spring framework, mainly focusing on it's Security Module. I've watched some guides in connection with registration and login. I saw this common usage of transient keyword or @Transient annotation on the password field in the User class.

My dummy app is using Spring Boot + Spring MVC + Spring Security + MySQL.

I know that

Java's transient keyword is used to denote that a field is not to be serialized.

JPA's @Transient annotation...

...specifies that the property or field is not persistent. It is used to annotate a property or field of an entity class, mapped superclass, or embeddable class.

and the org.springframework.data.annotation's @Transient annotation...

Marks a field to be transient for the mapping framework. Thus the property will not be persisted and not further inspected by the mapping framework.

In my MySQL db I have my spring_demo schema which has 3 tables:

+-----------------------+
| Tables_in_spring_demo |
+-----------------------+
| role                  |
| user                  |
| user_role             |
+-----------------------+

When I'm using the transient keyword on the password field int the User class, it would not be stored in the MySQL db. (example: test01)

mysql> select * from user;
+----+--------+------------------+----------+
| id | active | email            | username |
+----+--------+------------------+----------+
|  1 |      1 | [email protected] | test01   |
+----+--------+------------------+----------+
1 row in set (0,00 sec)

When I'm using the javax.persistence @Transient annotation on the password field in the User class, it also would not be stored in the MySQL db. (example: test02)

But... when I'm using the org.springframework.data.annotation @Transient annotation on the password field in the User class it does stored in the MySQL db. (example: test03) Why is that?

mysql> select * from user;
+----+--------+------------------+----------+--------------------------------------------------------------+
| id | active | email            | username | password                                                     |
+----+--------+------------------+----------+--------------------------------------------------------------+
|  1 |      1 | [email protected] | test02   |                                                              |
|  2 |      1 | [email protected] | test03   | $2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO  |
+----+--------+------------------+----------+--------------------------------------------------------------+
2 rows in set (0,00 sec)

My main questions are, when I'm using the spring.data based @Transient annotation the password field has persisted. Why? And why should I use any @Transient annotation on a password field?

Thank you for your guidance and help in advance!

Numerator answered 12/3, 2017 at 17:51 Comment(0)
S
46

Within the Spring Framework you can use Mapping Framework to convert from one form to another. Say for example your spring java server side application needs send to user information to a client (webpage,mobile app) in JSON format.

@Entity
public class User {

@Id
private long id;

@Column(name = "username")
private String username;

@Column(name = "email")
private String email;

@Column(name = "password")
private String password;

}

Now to map this java entity object to JSON format you can either use a mapping framework (e.g jackson: com.fasterxml.jackson.databind.ObjectMapper) or do it manually.

The JSON format output that you would get when to convert user 2 object to JSON is:

{
   "id": 2,
   "email": "[email protected]",
   "username": "test03",
   "password": "$2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO"
}

Now if you added :

@org.springframework.data.annotation.Transient
@Column(name = "password")
private String password;

and then used the Mapping Framework to again generate the JSON for the user 2 entity you would get:

{
   "id": 2,
   "email": "[email protected]",
   "username": "test03",
}

Note the password field is missing from you JSON output. Thats because @org.springframework.data.annotation.Transient specifically states to the spring framework that the Object Mapper you are using should not include this value when converting from Java Object to JSON.

Also note if you attempted to persist the above entity into the database, it would still save it to the database because @org.springframework.data.annotation.Transient only applys to Object mapping frameworks not JPA.

So to recap:

transient is for all serializations (over the wire, saving to disk, saving to db)
javax.persistence.Transient is specifically for JPA DB serialization @org.springframework.data.annotation.Transient is for ObjectMapping Framework serializations used within Spring

Sextuplet answered 12/3, 2017 at 21:35 Comment(2)
If the purpose is not to ignore that field while saving, you can use @Transient private transient String password;Promenade
I'm learning Spring and Spring Security right now and this was a tremendously helpful answer in its detail and clarity. Was going a little bonkers trying to figure out why my password field was not persisting to the db. Thank you!Ipoh

© 2022 - 2024 — McMap. All rights reserved.