I have a situation which warrants a UserType, but I need access to owner on nullSafeGet- which isn't instantiated. I could get round this with a postLoad event, but I'd like to use pure events....


Event Questions
==========
Will changing an entity at the late stage of postLoad event trigger a dirty read or disturb anything else?

On saving, am I allowed to change setPropertyValues on the onPreUpdate and onPreInsert? I figure I need to trap onPreInsert, onUpdate, but do people usually trap dirty checking and flushing?

Will I be messing with the something I don't know about - some event guidelines vs usertypes - as per http://forum.hibernate.org/viewtopic.ph ... highlight=?

Am new to hibernate and tried for some time with the various options so apologies, but I've boiled it down to these questions ;)

Thanks for any help,
adam

Sorry, was meant to take out the encoding bit on the title, so here is the first half of my post if you want to know the reasons behind what I'm doing...

I'd like to optionally encode some fields in the database - determined by the user along with a selected algorithm. So the database fields (albeit restricted ones) can have either a decoded or non-decoded value. The POJOs of course does not want to know what is going on - only seeing decoded values. So I have tried a few things...

Tackling the problem
=============
1) Database encryption - this is not really the option I want, since its a global encryption.

2) SQL function - could be used for each property but I'd prefer to burden the application server and not the database server. This is also a less portable.

3) UserType - this works well but there only needs to be one 'algorithm' field in the table for the whole record and I cannot access this from the UserType's owner since it isn't instantiated yet in nullSafeGet! Hence I cannot decode the value.

4) Events - this solves the problem of (3) since I have access to the whole object on postLoadEvent (unlike an interceptor onLoad) so I can use the 'algorithm' property to decode the values. But can I use pure events and is that a good thing?
.....(see first post).....

Sorry for answering to such an old post, when you have most probably solved your problem long ago, but - maybe the next time you find yourself in the same situation, you should try Jasypt (Java Simplified Encryption) [http://www.jasypt.org].

You can see details on its integration with Hibernate (using UserTypes) in http://www.jasypt.org/hibernate3.html and http://www.hibernate.org/415.html

Regards,
Daniel.

Thank you. Yes that is helpful. I also came across this project recently. It is pretty much what I have implemented! I'll see if its got all the features I need before transferring.

One thing I need to be sure is that the encryption can be 'upgraded' as and when I decide (the encryption is processed the next time the user saves any details). I use the user's password to the encryption so I effectively lock myself out, and I wonder if it also caters for this. I need to take a close look sometime. Its certainly a good in depth review of how we should be using encryption on websites. Its projects like this which open our eyes to how bad things can be implemented. I wonder if there any standards or certificates (recognised at least!) websites can get for this kind of thing?