@Transient 注解、@org.springframework.data.annotation.Transient 注解、transient 关键字和密码存储 [英] @Transient annotation, @org.springframework.data.annotation.Transient annotation, transient keyword and password storing
问题描述
目前我正在学习 Spring 框架,主要关注它的安全模块.我看过一些与注册和登录有关的指南.我在 User 类的密码字段中看到了 transient 关键字或 @Transient 注释的这种常见用法.
Currently I'm learning the Spring framework, mainly focusing on it's Security Module. I've watched some guides in connection with registration and login. I saw this common usage of transient keyword or @Transient annotation on the password field in the User class.
我的虚拟应用正在使用 Spring Boot + Spring MVC + Spring Security + MySQL.
My dummy app is using Spring Boot + Spring MVC + Spring Security + MySQL.
我知道
Java 的 transient 关键字用于表示字段不被序列化.
Java's transient keyword is used to denote that a field is not to be serialized.
JPA 的 @Transient 注解...
...指定属性或字段不是持久的.它用于注释实体类、映射超类或可嵌入类的属性或字段.
...specifies that the property or field is not persistent. It is used to annotate a property or field of an entity class, mapped superclass, or embeddable class.
还有 org.springframework.data.annotation 的 @Transient 注释...
and the org.springframework.data.annotation's @Transient annotation...
将字段标记为映射框架的瞬态.因此,属性不会被持久化,也不会被映射框架进一步检查.
Marks a field to be transient for the mapping framework. Thus the property will not be persisted and not further inspected by the mapping framework.
在我的 MySQL 数据库中,我的 spring_demo 模式有 3 个表:
In my MySQL db I have my spring_demo schema which has 3 tables:
+-----------------------+
| Tables_in_spring_demo |
+-----------------------+
| role |
| user |
| user_role |
+-----------------------+
当我在 User 类的密码字段上使用 transient 关键字时,它不会存储在 MySQL 数据库中.(例如:test01)
When I'm using the transient keyword on the password field int the User class, it would not be stored in the MySQL db. (example: test01)
mysql> select * from user;
+----+--------+------------------+----------+
| id | active | email | username |
+----+--------+------------------+----------+
| 1 | 1 | test01@gmail.com | test01 |
+----+--------+------------------+----------+
1 row in set (0,00 sec)
当我在 User 类的密码字段上使用 javax.persistence @Transient 注释时,它也不会存储在 MySQL 数据库中.(例如:test02)
When I'm using the javax.persistence @Transient annotation on the password field in the User class, it also would not be stored in the MySQL db. (example: test02)
但是...当我在 User 类的密码字段上使用 org.springframework.data.annotation @Transient 注释时,它确实存储在 MySQL 数据库中.(例如:test03)这是为什么?
But... when I'm using the org.springframework.data.annotation @Transient annotation on the password field in the User class it does stored in the MySQL db. (example: test03) Why is that?
mysql> select * from user;
+----+--------+------------------+----------+--------------------------------------------------------------+
| id | active | email | username | password |
+----+--------+------------------+----------+--------------------------------------------------------------+
| 1 | 1 | test02@gmail.com | test02 | |
| 2 | 1 | test03@gmail.com | test03 | $2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO |
+----+--------+------------------+----------+--------------------------------------------------------------+
2 rows in set (0,00 sec)
我的主要问题是,当我使用基于 spring.data 的 @Transient 注释时,密码字段一直存在.为什么?我为什么要在密码字段上使用任何 @Transient 注释?
提前感谢您的指导和帮助!
Thank you for your guidance and help in advance!
推荐答案
在 Spring Framework 中,您可以使用 Mapping Framework 从一种形式转换为另一种形式.例如,您的 Spring Java 服务器端应用程序需要以 JSON 格式将用户信息发送给客户端(网页、移动应用程序).
Within the Spring Framework you can use Mapping Framework to convert from one form to another. Say for example your spring java server side application needs send to user information to a client (webpage,mobile app) in JSON format.
@Entity
public class User {
@Id
private long id;
@Column(name = "username")
private String username;
@Column(name = "email")
private String email;
@Column(name = "password")
private String password;
}
现在要将这个 java 实体对象映射到 JSON 格式,您可以使用映射框架(例如 jackson:com.fasterxml.jackson.databind.ObjectMapper)或手动进行.
Now to map this java entity object to JSON format you can either use a mapping framework (e.g jackson: com.fasterxml.jackson.databind.ObjectMapper) or do it manually.
将用户 2 对象转换为 JSON 时会得到的 JSON 格式输出为:
The JSON format output that you would get when to convert user 2 object to JSON is:
{
"id": 2,
"email": "test03@gmail.com",
"username": "test03",
"password": "$2a$10$UbvmdhfcKxSNr/I4CjOLtOkKGX/j4/xQfFrv3FizxwEVk6D9sAoO"
}
现在如果你添加了:
@org.springframework.data.annotation.Transient
@Column(name = "password")
private String password;
然后使用 Mapping Framwwork 再次为您将获得的用户 2 实体生成 JSON:
and then used the Mapping Framwwork to again generate the JSON for the user 2 entity you would get:
{
"id": 2,
"email": "test03@gmail.com",
"username": "test03",
}
请注意,您的 JSON 输出中缺少密码字段.那是因为 @org.springframework.data.annotation.Transient 明确向 Spring 框架声明,您使用的 Object Mapper 在从 Java Object 转换为 JSON 时不应包含此值.
Note the password field is missing from you JSON output. Thats because @org.springframework.data.annotation.Transient specifically states to the spring framework that the Object Mapper you are using should not include this value when converting from Java Object to JSON.
另外请注意,如果您尝试将上述实体持久化到数据库中,它仍会将其保存到数据库中,因为 @org.springframework.data.annotation.Transient 仅适用于对象映射框架而不适用JPA.
Also note if you attempted to persist the above entity into the database, it would still save it to the database because @org.springframework.data.annotation.Transient only applys to Object mapping frameworks not JPA.
回顾一下:
transient 适用于所有序列化(通过网络、保存到磁盘、保存到数据库)javax.persistence.Transient 专门用于 JPA DB 序列化@org.springframework.data.annotation.Transient 用于 Spring 中使用的 ObjectMapping Framework 序列化
transientis for all serializations (over the wire, saving to disk, saving to db)
javax.persistence.Transientis specifically for JPA DB serialization@org.springframework.data.annotation.Transientis for ObjectMapping Framework serializations used within Spring
这篇关于@Transient 注解、@org.springframework.data.annotation.Transient 注解、transient 关键字和密码存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
