-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
velazquezergio
 Post subject: Hibernate, Spring & AOP - Encripted Properties
PostPosted: Thu Mar 08, 2012 3:08 pm 
Newbie

Joined: Thu Mar 08, 2012 2:34 pm
Posts: 1
Hi to all,

I hope you are fine and you can provide me a guide for this issue we have been working during a week. The main requirement is: some database properties must be encrypted in database but as normally, final user needs to see them decrypted.

1) I have designed an interface called EntitiesEncryptor which contains a getSensitiveData() method that returns a List of java.lang.reflect.Field. Therefore using this interface I know which entities contain some properties that need to be encrypted in database.

2) I have my DAO template which inherits from HibernateDaoSupport, it contains both select and insert methods (among others).

3) I performed AOP configuration on EntitiesEncryptor entities (this entities are also mapped in hibernate):
a) Once insert method is called, an aspect configured as before encrypts the current property and then it is saved correctly in database.
b) Once select method is called, an aspect configured as after-returning decrypts value obtained from database.

The issue here is that hibernate is flushing session after user transaction ends with the value decrypted, and this is not allowed, it should be encrypted. This is what I have tested already:

a) I tried to configure read-only transactions, but at the end hibernate is changing property value.
b) I have overrided the initDao method in order to change the getHibernateTemplate().setFlushMode() to FLUSH_NEVER.
c) I have set my hibernate properties with flush mode = manual.
c) I changed the mapping file specifying some property with update="false". In this scenario the property is still encrypted in database, however I sometimes need to change that value.

So please I would appreciate if you have any idea could help me. Thanks.










<aop:config proxy-target-class="true">

<aop:aspect id="beforeSensitiveDataAspect" ref="sensitiveDataAspectBean">
<aop:before pointcut="execution(* com.sto.fe.dataaccess.impl.HDaoSupport.insert(*))
and args(entity)" method ="encryptSensitiveData"/>
</aop:aspect>

<aop:aspect id="afterReturningSensitiveDataAspectById" ref="sensitiveDataAspectBean">
<aop:after-returning pointcut="execution(* com.sto.fe.dataaccess.impl.HDaoSupport.select(Long))"
returning = "entity"
method="decipherSensitiveDataById"/>
</aop:aspect>

</aop:config>
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.