0

I have a question about a standard pattern or mechanism in spring-hateoas or Spring Rest Data about encrypting the IDs of the Resources/Entities.

The reason I am asking, a requirement to our project is that we don't deliver the id's of our objects to the outside world and they should not be used in GET Requests as Parameters.

I know, Spring Rest Data and spring-hateoas does not give the ids of the objects unless they are configured so but even that case I can see the ids in links.

I know I can use PropertyEditors or Converters to encrypt/decrypt ids before and after Json serialisation/deseritalisation but I just like to know is there a more standard way?

Thx for answers...

posthumecaver
  • 1,584
  • 4
  • 16
  • 29

1 Answers1

1

If you have the unique 'business id' property of your resource you can configure SDR to use it instead of the entity ID.

First you have to create lookup method of your entity with this unique property:

public interface MyEntityRepo extends JpaRepository<MyEntity, Long> {

  @RestResource(exported = false)
  Optional<CatalogResource> findByMyUniqueProperty(String myUniqueProperty);
}

Then use it to configure SDR:

@Component
public class DataRestConfig extends RepositoryRestConfigurerAdapter {

  @Override
  public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config) {

    config.withCustomEntityLookup()
        .forRepository(MyEntityRepo.class, MyEntity::getMyUniqueProperty, MyEntityRepo::findByMyUniqueProperty);

    super.configureRepositoryRestConfiguration(config);
  }
}

After this customization you will have resource URI like this:

http://localhost:8080/myEntities/myUniquePropertyValue1
Cepr0
  • 28,144
  • 8
  • 75
  • 101
  • First of all, thx for the answer, if I understand correctly this solution will work, if this identifier will be in the database. Our use case is little bit different, we want to combine actual id with a salt(which will be different for every session\scope) and will have also time to live. So id of the object will not be same for two different user of our system, so I think I need a mechanism to convert the ids all the time. I plan to use @JsonSerialize/@JsonDeserialize from jackson but it seem it does not work for links.... – posthumecaver Oct 24 '17 at 12:52
  • I think you can use custom entity lookup mechanism to solve your situation. Just create a method that return 'id with a salt' and configure it by extending `EntityLookupSupport` (see example in [reference doc](https://docs.spring.io/spring-data/rest/docs/current/reference/html/#_customizing_item_resource_uris)) – Cepr0 Oct 24 '17 at 13:39