如何覆盖特定 NHibernate 类的 equals
我正在努力弄清楚应该如何覆盖 equals 并获取我使用 NHibernate 编写的类的哈希码。
基本业务场景是用户在 90 天的限制内不能重复使用相同的密码。
所以我有一个“用户”,它有很多“历史密码”......用户类别很简单,因为我只使用等号中的登录名。 下面是我的 HistoricalPassword 课程。
public class HistoricalPassword
{
public virtual int HistoricalPasswordId { get; set; }
public virtual User User { get; set; }
public virtual DateTime ChangeDate { get; set; }
public virtual string FormerPassword { get; set; }
}
我想说,从商业角度来看,User 和 ChangeDate 的组合会给我带来平等。 但是...在 equals 方法中引用用户似乎并不正确(因为这会导致延迟加载发生)...而且从我读到的使用 HistoricalPasswordId 的 PK 来看也是不行的以及。
任何人都可以提供一些关于如何为此覆盖 equals 的建议吗?
编辑 ::: 我认为我提问的方式可能有点误导。 我对如何执行确保密码不被重复使用的业务规则并不感到困惑……也不对如何知道两个密码是否相同或安全感到困惑。 我真正想知道的是在与 NHibernate 特别相关的实体级别,我将如何重写该对象的 Equals ,以便 NHibenate 不会在会话和/或缓存中出现重复。 根据 NHibernate 文档 (https://www.hibernate.org/ hib_docs/nhibernate/html/persistent-classes.html)我应该使用业务键相等来覆盖 equals。 在这种情况下,我只是不确定在比较中使用 User 的引用对象是否是一个好主意。
I am struggling to figure out how I should override equals and get hashcode for a class I am writing using NHibernate.
Basic business scenario is that users cannot re-use the same password within a 90 day limit.
So I have a "user" that has many "historical passwords"... the user class was easy as I just use the login in the equals. Below is my HistoricalPassword class.
public class HistoricalPassword
{
public virtual int HistoricalPasswordId { get; set; }
public virtual User User { get; set; }
public virtual DateTime ChangeDate { get; set; }
public virtual string FormerPassword { get; set; }
}
I would say from a business sense that the combination of the User and the ChangeDate would give me equality. However... it does not seem correct to reference the user in the equals method (since for one thing that would cause a lazy load to happen)... and also from what I read using the PK of HistoricalPasswordId is a no-no as well.
Can anyone provide some advice on how they would override equals for this?
EDIT :::
I think I might have been a little misleading on the way I asked the question. I'm not confused on how to enforce the business rule of making sure the passwords are not reused... nor on how I know if two passwords are equal or are secure. What I really want to know is at the entity level specifically relating to NHibernate how would I override Equals for this object so that NHibenate does not end up with dupes in the session and/or cache. According to the NHibernate doc (https://www.hibernate.org/hib_docs/nhibernate/html/persistent-classes.html) I should override equals using Business key equality. In this case I'm just not sure if using the referenced object of User in the compare is a good idea.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我不会为此覆盖 Equals - 您并不是断言这些记录是相等的,只是它们引用了相同的密码,不是吗?
您肯定只需要一个 HQL 或条件查询来为您提供过去 90 天内设置的历史密码?
编辑:您可能还想检查如何存储密码。 数据库中的明文密码不是一个好主意。 当然,您可能有一个 NHibernate 用户类型,它将加密的密码解密到我们可以看到的字符串属性中......
I wouldn't override Equals for this - you aren't asserting that these records are equal, merely that they reference the same password, aren't you?
Surely you just need an HQL or criteria query that gives you the historical passwords set within the last 90 days?
EDIT: Also you might want to check how you are storing your password. Plaintext passwords in the database are not a good idea. It may be that you have an NHibernate user type that is decrypting an encrypted password into the string property we can see, of course...
我认为 HistoricalPassword 是一个值对象,而不是一个实体。
因此,这意味着它的“ID”将由其所有属性的值确定。
I would regard the HistoricalPassword to be a value object, not an entity.
So, this means that it's 'ID' would be determined by the value of all its properties.
有几种方法可以解决这个问题。
如果你想用平等来做,那么就会涉及到用户,特别是用户的PK。 等于用户 PK + 密码。 日期并不重要。 然而,这可能会让事情变得过于复杂,我可能不会这样做。
另一种方法是仅使用密码来实现相等,因为这就是您最终要比较的内容。 用户仅在查询中使用,与更改日期相同。
执行 HQL 查询以获取历史密码,其中 user = {user} 且更改日期 <; (今天 - 90)。 这将返回 {user} 最近 90 天内的所有密码。 解决该问题后,您所需要做的就是比较密码以查看是否有匹配项,因为您已将结果集减少为仅包含 {user} 最近 90 天内的密码。
最后,如上所述,只需对 {user} 进行 HQL 查询,其中日期更改 << 90 和密码 = {新密码}。 如果您收到任何结果,则表明该密码在过去 90 天内已被使用过。
最后,正如上面提到的,这些比较都假设您正在使用明文密码或加密新密码以与旧密码进行比较。 无论如何,必须采取一些措施来保证密码的安全。
Couple of ways you could go about this.
If you want to do it using equality, then the user will be involved, specifically the PK of the user. Equality would be the user PK + the password. Date wouldn't matter. This probably over complicates things, however, and I probably wouldn't go about it this way.
Another way is to use just the password for equality, since that's what you are comparing against in the end. The user would only be used in the query, ditto the change date.
Do an HQL query to get the historical passwords where user = {user} and change date < (today - 90). this will return all of the passwords from the last 90 days for {user}. Once that problem is done, all you would need to do is compare the passwords to see if any match, since you have reduced your result set to only those passwords from the last 90 days for {user}.
Finally, as mentioned above, simply do an HQL query for {user} where date changed < 90 and password = {new password}. If you get any results back, you know that password has been used in the last 90 days.
Finally, as also was mentioned above, these comparisons all assume you're either playing with plaintext passwords or encrypting the new password for comparison against the old ones. Ether way, something has to be done to account for the security of the passwords.