Hello,

I am currently working on a Hibernate system. I have an object that stores the password of a client. However this objet also stores the email address of this client.

My problem is that each time the user changes his email he has to change the password. If he leaves the password empty, it will ba saved as an empty string, since the whole object is being saved.

Is there a way how I can tell hibernate to not save the password field on some occasions?

The other solution for me is to save the password inside another table. However that would lead me to use another table in the database and another object, plus some re-write of the system,

so any other solution is more then welcome.

Thanks and Regards
sim085

Simple solution : not to set the password as null (nor "") if the user leaves the password empty. Just add a changePassword() method, if the password is empty, it does nothing, if not is calls the setter.

That would mean that the password is brought down into the domain objects even if it is not required, this breaks good security practices.

Security data such as identification and authentication keys should be stored seperatly to the other business domain classes, so a seperate table would be a better architecture.

The previous persons post would be suitable if the field was anything other than a password though.

[quote]Simple solution : not to set the password as null (nor "") if the user leaves the password empty. Just add a changePassword() method, if the password is empty, it does nothing, if not is calls the setter.[/quote]

However if the user does not change the password, but changes the email, then it would mean that neither the email would be saved since both om them are in the same object.


[quote]Security data such as identification and authentication keys should be stored seperatly to the other business domain classes, so a seperate table would be a better architecture[/quote]

Yes I know that it is not a good design practice. So you think it is ok to have a table with just passwords in it?

thanks and regards
sim085

My answer wasn't clear, I meant when a user changes its email, call setEmail() (so email will be saved) AND call changePassword(). The changePassword() method won't set the password attribute if its argument is empty or null (so password will only be saved if not blank).

Of course I agree too that it's not a good practice to let the password travel to the client.

Yes, it would be a better design to hold the passwords in a seperate table.

[quote]Of course I agree too that it's not a good practice to let the password travel to the client.[/quote]

I am not allowing the password to go back to the user. That is why it is being saved as blank.

[quote]My answer wasn't clear, I meant when a user changes its email, call setEmail() (so email will be saved) AND call changePassword(). The changePassword() method won't set the password attribute if its argument is empty or null (so password will only be saved if not blank).
[/quote]

So you are telling me that if I set the password as null, then even if both password and email are fields in the same object it would still save only the email?

or I also have to add something in my mapping file?

regards
sim085

If you set password to null, then it will be saved as null, If you change the state of a domain object, then all properties / fields in that object will be saved.

If you were to split the authentication data away from the user data, and set cascade to no, the password data will not be retrieved with the user data. You will then need to make a call specifically to get the password data when you require it. This approach will mean that your password data will never exist outsied of your session bean or server side tier, and therefore you will not need to set it to null when returning the user data to the client.

The authentication data class will have a link back to the user, but not the other way around.

I hope this helps.

Yes it helps a lot thanks :)

I had done something like that with the Contact class and Address class. However I always saved the data of both.

I always tought that cascade is something about delete not saving however.

Also is there a way to sometimes make cascade is true and some othertimes make cascade is false. Or this is something in the hbm file (i.e. I set it up with xDoclet).

regards
sim085

This is an hbm property. You cannot set it manually unless you reconfigure Hibernate using Java, but this is out of my realms of expertiese.

Could you rank my reply?

Sorry :$ did not know about that feature in this forum :)

Thanks for all the help, I will try to see how to do it :)
Thanks again

regards
sim085