Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace persistent entities with a simple POJO or DTO objects for controllers #12676

Closed
tillias opened this issue Oct 8, 2020 · 6 comments
Closed

Replace persistent entities with a simple POJO or DTO objects for controllers #12676

tillias opened this issue Oct 8, 2020 · 6 comments
Labels
theme: entities
Milestone
7.0.0-beta.0

Comments

@tillias
Copy link

tillias commented Oct 8, 2020

Overview of the feature request

By default persistent entities are used as DTOs for all controllers. For example: https://sonarcloud.io/project/issues?id=microcatalog&open=AXUFA43oaLeiCpuVTUPk&resolved=false&types=VULNERABILITY

Please generate DTO objects for rest controllers (e.g. SomeEntity for persistence layer and SomeEntityDTO for controllers)

Motivation for or Use Case

This is direct violation of java:S4684 and displayed in SonarQube as Security Violation.

See https://jira.sonarsource.com/browse/SONARJAVA-2797 or https://stackoverflow.com/questions/54233672/how-to-avoid-the-vulnerability-created-by-using-entities-at-a-requestmapping-met

Related issues or PR
  • [x ] Checking this box is mandatory (this is just to show you read everything)
@pascalgrimaud
Copy link
Member

@tillias : it's because you didn't use service + dto when generating your entities.
Like you, I don't like the default option in JHipster, that's why I always use service + dto.

But as you didn't fill the template with your config, I can't guess :)

@atomfrede
Copy link
Member

We have a dto option which should do exactly that https://www.jhipster.tech/using-dtos/#how-dtos-work-in-jhipster

@tillias
Copy link
Author

tillias commented Oct 8, 2020

Hello lovely people, sorry for bothering with this, but which parameters should I pass to generator for this?

If I check https://www.jhipster.tech/using-dtos/#how-dtos-work-in-jhipster then there is mention that "I have an option"
When generating a JHipster entity, you have the option to add a service layer: the DTO option will only be available if you choose to have a service layer, as it needs that layer to handle the mapping (if you are using JPA, this is because the service layer is transactional, so lazy-loading will work).

When I use https://www.jhipster.tech/creating-an-entity/ then still can't find any parameters for --import-jdl

Please advise

@pascalgrimaud
Copy link
Member

@tillias : what do you use for generating your entities ? If it's with CLI, you should have the question. I think it's with JDL, so you should use:

service * with serviceClass
dto all with mapstruct

@tillias
Copy link
Author

tillias commented Oct 8, 2020
edited
Loading

I'm using JDL Online and then simply run --import-jdl
I will try this option, many thanks!

@tillias tillias closed this as completed Oct 8, 2020
@tillias tillias mentioned this issue Oct 8, 2020
Open
@tillias
Copy link
Author

tillias commented Oct 8, 2020
edited
Loading

Confirmed, works as designed by jhipster-team

@pascalgrimaud pascalgrimaud added this to the 7.0.0 milestone Oct 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
theme: entities
Projects
None yet
Milestone
7.0.0-beta.0
Development

No branches or pull requests
3 participants
@atomfrede @tillias @pascalgrimaud