1

I'm looking for a way to prevent objects from updating with spring-data. I've found some topics about this, but none of them have a solution.

I have an object, that can be created and read. That's it. I do not want to support modifications/updates. I manage/generate the database-id myself.

I would love to use org.springframework.data.repository.Repository interface (or JpaRepository/CrudRepository if I can somehow change the <S extends T> S save(S entity); logic to prevent update), because I love the clean findBy... interface notations.

The best solution I've found so far is to implement Persistable and overwrite the isNew(…) to always return true. But that's just crappy, because the object is not "new" if it's read-only.

Is there any clean way to achieve this?

Improve this question
10
  • Add updatable = false to every attribute of the entity. Then, calls to update will be ignored because the JPA provider will not detect any changes to persist. Commented Dec 27, 2017 at 7:36
  • Handy to know, thanks! But it still doesn't solve my problem (it will even make it worse): if a developer for example adds a property in a year, the behavior can suddenly chance. Commented Dec 27, 2017 at 12:28
  • Can you explain the problem a little better? Let's say that you have an entity Foo and its associated repository FooRepository. Do you want FooRepository to have no CUD (create, update, delete) methods (that is, only read methods), or do you want the methods to be there but have no effect when called? It will be useful if you can add the desired definition (what methods you want) for FooRepository to the question. Commented Dec 28, 2017 at 4:20
  • In my case, I want the Create and a couple of different Read methods. It should not be able to update or delete. If for example I add updatable=false to all properties, this would work fine and the app will never update the entity, even if save() is called. But imagine that a developer calls save() and half a year later he adds a property (without updatable=false), suddenly the behavior of save() changes. I would like to enforce that such errors on the long run are not possible, combined with strict methods that are allowed/prohibited on the DB, but still using the benefits of JPA. Commented Dec 28, 2017 at 10:30
  • Thomas, what will happen in the future can never be predicted. I could also imagine that some developer would add an association to the entity, make the association cascadable and then save the associated entity, cascading changes to your entity. From your description, it seems like you need an immutable entity, which is very easy to create by setting all properties in the constructor and not exposing any setters. But then again, some other developer may add setters a year down the line, add associations, make the associations cascadable...back to square-one. Commented Dec 28, 2017 at 11:07

1 Answer 1

Reset to default
1

You can, for example, simply use Repository event handler to restrict update and delete operations:

@RepositoryEventHandler(MyEntity.class) public class MyEntityEventHandler { @HandleBeforeSave public void handleUpdate(MyEntity entity) { throw new HttpRequestMethodNotSupportedException("Update") } @HandleBeforeDelete public void handleDelete(MyEntity entity) { throw new HttpRequestMethodNotSupportedException("Delete") } }
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Is there an alternative that does not use spring-data-rest?
I thought you are using SDR... But if you don't use it just don't implement update/delete controller methods... Or you need something else?
I'm using spring-data-jpa, not spring-data-rest. spring-data-rest is not an option, since it principles are completely the opposite of what we want to achieve. spring-data-rest is a layer above pring-data-jpa, which has the <S extends T> S save(S entity); in any of its repositories.
@ThomasStubbe So what you need?.. If you create public API yourself then you can block these operations in your custom controllers layer.
I'm looking for way to control the access (read, insert, update) to the database. Not for the customers, but for long lasting good design choices, so that fellow developers can easily choose the correct option. Repositories are nice because it's clean and fast development with less code. I'm looking for a way to configure them so that only the actions that are allowed are exposed. A separation of the insert and update is a must for example.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.