Difference between revisions of "CRV2 RevCodePersistentAntiPatternJava"

From OWASP
Jump to: navigation, search
Line 2: Line 2:
  
 
==Spring –Hibernate Anti-patterns==
 
==Spring –Hibernate Anti-patterns==
 +
 +
Some of the following anti-patterns are an important concerns on the security area for Java applications. A related problem with these anti-patterns is data integrity.
  
 
===Lazy loading===
 
===Lazy loading===

Revision as of 20:12, 21 September 2013

Java Persistence anti-patterns

Spring –Hibernate Anti-patterns

Some of the following anti-patterns are an important concerns on the security area for Java applications. A related problem with these anti-patterns is data integrity.

Lazy loading

This feature reduces the handling of data in an asynchronous way, which avoids unnecessary requests to the database, however it can causes problems with persistence. Errors associated with Lazy loading are:

org.hibernate.StaleObjectStateException: Row was updated or deleted by another transaction (or    
unsaved-value mapping was incorrect)

N+1 Select issue

This problem occurs when the collection is returned from the database, containing n+1 separate queries instead of a single join query. This issue is quite challenging to solve because it depends on the specific implementation of the code, therefore look for the following executions:

Hibertane issues with DAO (Data Access Objects): Sessions per Operation anti-pattern

Control proper implementation of persistence context. Problem occurs when DAO use different persistence context for each one, in other words, a different Session or EntityManager.