Hibernate

SQL injection: when a prepared statement is not enough...

Posted on by  
Nanne Baars

An SQL injection attack consists of insertion or "injection" of a malicious data via the SQL query input from the client to the application. In our example project we have a small Spring Boot based blog application. This application exposes an endpoint to fetch blog articles based on the author:

When we call the endpoint, we will receive:

Continue reading →

Clone Hibernate Objects

Posted on by  
Sjoerd Schunselaar

When we want to clone an object there are several ways to do this For instance we can implement Clonable, which makes it possible to duplicate an object. We also can create a new object manually by calling each setter or use a parameterised constructor. In case we want to clone a Hibernate object, there is an extra option available which is more elegant: the Hibernate3BeanReplicator. The Hibernate3BeanReplicator is provided by Beanlib (http://beanlib.sourceforge.net/) and it supports deep clones, so we can also clone related one-to-one objects easily. For example we want to clone the Student object, including all child (one-to-one) objects.

Student student = studentDao.getStudentById(1);

HibernateBeanReplicator replicator = new Hibernate3BeanReplicator();
Student studentCopy = replicator.deepCopy(student);

studentCopy.setId(null);
studentCopy.getRelatedObject().setId(null);

studentDao.save(studentCopy);

Continue reading →

shadow-left