@Transient批注,@ org.springframework.data.annotation.Transient批注,临时关键字和密码存储 [英] @Transient annotation, @org.springframework.data.annotation.Transient annotation, transient keyword and password storing
问题描述
当前,我正在学习Spring框架,主要关注它的安全模块.我看过一些有关注册和登录的指南.我在 User 类的密码字段中看到了 transient 关键字或 @Transient 注释的这种常见用法.
Currently I'm learning the Spring framework, mainly focusing on it's Security Module. I've watched some guides in connection with registration and login. I saw this common usage of transient keyword or @Transient annotation on the password field in the User class.
我的虚拟应用程序正在使用Spring Boot + Spring MVC + Spring Security + MySQL.
My dummy app is using Spring Boot + Spring MVC + Spring Security + MySQL.
我知道
Java的 transient 关键字用于表示不对字段进行序列化.
Java's transient keyword is used to denote that a field is not to be serialized.
JPA的 @Transient注释 ...
...指定属性或字段不是持久性.它用于注释实体类,映射超类或可嵌入类的属性或字段.
...specifies that the property or field is not persistent. It is used to annotate a property or field of an entity class, mapped superclass, or embeddable class.
和org.springframework.data.annotation的 @Transient注释..
and the org.springframework.data.annotation's @Transient annotation...
将字段标记为映射框架的临时字段.因此,属性将不会保留,并且不会由映射框架进行进一步检查.
Marks a field to be transient for the mapping framework. Thus the property will not be persisted and not further inspected by the mapping framework.
在我的MySQL数据库中,我有spring_demo模式,该模式具有3个表:
In my MySQL db I have my spring_demo schema which has 3 tables:
+-----------------------+
| Tables_in_spring_demo |
+-----------------------+
| role |
| user |
| user_role |
+-----------------------+
当我在User类的密码字段上使用 transient 关键字时,它不会存储在MySQL数据库中. (例如:test01)
When I'm using the transient keyword on the password field int the User class, it would not be stored in the MySQL db. (example: test01)
mysql> select * from user;
+----+--------+------------------+----------+
| id | active | email | username |
+----+--------+------------------+----------+
| 1 | 1 | test01@gmail.com | test01 |
+----+--------+------------------+----------+
1 row in set (0,00 sec)
当我在User类的密码字段上使用 javax.persistence @Transient 批注时,它也不会存储在MySQL数据库中. (例如:test02)
When I'm using the javax.persistence @Transient annotation on the password field in the User class, it also would not be stored in the MySQL db. (example: test02)
但是...当我在User类的密码字段上使用 org.springframework.data.annotation @Transient 批注时,它确实存储在MySQL数据库中. (示例:test03)为什么?
But... when I'm using the org.springframework.data.annotation @Transient annotation on the password field in the User class it does stored in the MySQL db. (example: test03) Why is that?
mysql> select * from user;
+----+--------+------------------+----------+--------------------------------------------------------------+
| id | active | email | username | password |
+----+--------+------------------+----------+--------------------------------------------------------------+
| 1 | 1 | test02@gmail.com | test02 | |
| 2 | 1 | test03@gmail.com | test03 | $2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO |
+----+--------+------------------+----------+--------------------------------------------------------------+
2 rows in set (0,00 sec)
我的主要问题是,当我使用基于spring.data的@Transient批注时,密码字段仍然存在.为什么?为什么我应该在密码字段上使用任何@Transient注释?
感谢您的指导和事先帮助!
Thank you for your guidance and help in advance!
推荐答案
在Spring Framework中,您可以使用Mapping Framework将一种形式转换为另一种形式.假设您的Spring Java服务器端应用程序需要以JSON格式将用户信息发送到客户端(网页,移动应用程序).
Within the Spring Framework you can use Mapping Framework to convert from one form to another. Say for example your spring java server side application needs send to user information to a client (webpage,mobile app) in JSON format.
@Entity
public class User {
@Id
private long id;
@Column(name = "username")
private String username;
@Column(name = "email")
private String email;
@Column(name = "password")
private String password;
}
现在可以将此Java实体对象映射为JSON格式,您可以使用映射框架(例如jackson:com.fasterxml.jackson.databind.ObjectMapper),也可以手动进行.
Now to map this java entity object to JSON format you can either use a mapping framework (e.g jackson: com.fasterxml.jackson.databind.ObjectMapper) or do it manually.
将用户2对象转换为JSON时将获得的JSON格式输出为:
The JSON format output that you would get when to convert user 2 object to JSON is:
{
"id": 2,
"email": "test03@gmail.com",
"username": "test03",
"password": "$2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO"
}
现在,如果您添加了:
@org.springframework.data.annotation.Transient
@Column(name = "password")
private String password;
,然后使用Mapping Framwwork再次为您将获得的用户2实体生成JSON:
and then used the Mapping Framwwork to again generate the JSON for the user 2 entity you would get:
{
"id": 2,
"email": "test03@gmail.com",
"username": "test03",
}
请注意,JSON输出中缺少密码字段.那是因为@org.springframework.data.annotation.Transient特别向spring框架指出,从Java Object转换为JSON时,您正在使用的Object Mapper不应包含此值.
Note the password field is missing from you JSON output. Thats because @org.springframework.data.annotation.Transient specifically states to the spring framework that the Object Mapper you are using should not include this value when converting from Java Object to JSON.
还请注意,如果您尝试将上述实体持久保存到数据库中,它仍将其保存到数据库中,因为@org.springframework.data.annotation.Transient仅适用于对象映射框架,而不适用于JPA.
Also note if you attempted to persist the above entity into the database, it would still save it to the database because @org.springframework.data.annotation.Transient only applys to Object mapping frameworks not JPA.
所以回顾一下:
transient适用于所有序列化(通过线路,保存到磁盘,保存到db)
javax.persistence.Transient专用于JPA DB序列化@org.springframework.data.annotation.Transient用于Spring内使用的ObjectMapping Framework序列化
transientis for all serializations (over the wire, saving to disk, saving to db)
javax.persistence.Transientis specifically for JPA DB serialization@org.springframework.data.annotation.Transientis for ObjectMapping Framework serializations used within Spring
这篇关于@Transient批注,@ org.springframework.data.annotation.Transient批注,临时关键字和密码存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
