JPA:如何使用 SHA1 加密保留列?
我对 JPA(以及 JPQL)相当陌生。希望有人能够启发我解决这个问题。
我试图执行的查询...
String query = "select u from user u where u.email = '" + userEmail + "' and u.password = sha1('"+ userPassword + "')";
List resultList = emf.createEntityManager().createQuery(query).getResultList();
并且我收到以下异常...
Caused by: Exception [EclipseLink-8025] (Eclipse Persistence Services - 2.2.0.v20110202-r8913): org.eclipse.persistence.exceptions.JPQLException
Exception Description: Syntax error parsing the query [select u from Utilisateur u where u.email = 'myuser' and u.mot_Passe = sha1('mypassword')], line 1, column 73: unexpected token [(].
Internal Exception: NoViableAltException(83@[()* loopback of 383:9: (d= DOT right= attribute )*])
at org.eclipse.persistence.exceptions.JPQLException.unexpectedToken(JPQLException.java:372)
...
显然,我在这里遗漏了一些东西,我应该以某种方式转义该字符吗?以另一种方式指定它?我将非常感谢对此的任何帮助。
I'm fairly new to JPA (and JPQL by extension). Hopefully, someone will be able to enlighten me with this problem.
The query I'm trying to execute ...
String query = "select u from user u where u.email = '" + userEmail + "' and u.password = sha1('"+ userPassword + "')";
List resultList = emf.createEntityManager().createQuery(query).getResultList();
And I'm getting the follwowing exception ...
Caused by: Exception [EclipseLink-8025] (Eclipse Persistence Services - 2.2.0.v20110202-r8913): org.eclipse.persistence.exceptions.JPQLException
Exception Description: Syntax error parsing the query [select u from Utilisateur u where u.email = 'myuser' and u.mot_Passe = sha1('mypassword')], line 1, column 73: unexpected token [(].
Internal Exception: NoViableAltException(83@[()* loopback of 383:9: (d= DOT right= attribute )*])
at org.eclipse.persistence.exceptions.JPQLException.unexpectedToken(JPQLException.java:372)
...
Obviously, I'm missing something here, should I escape the character somehow? specify it in another way? I'll appreciate very much any help on this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我认为JPA没有sha1功能。因此,您有两个选择:
您可以在 Java 代码上实现 sha1 函数,并在加载查询中的参数之前使用它们。
如果您的数据库具有 sha1 函数,您可以编写本机查询。检查此链接:http://www.oracle.com/technetwork/articles /vasiliev-jpql-087123.html
I think that JPA doesn't have a sha1 function. So you have two options:
You can implementa a sha1 function on you Java code and use them before load the parameters in the query.
If your database has the sha1 function you can write a native query. Check this link: http://www.oracle.com/technetwork/articles/vasiliev-jpql-087123.html
通过查询接口设置参数,而不是将它们逐字添加到 JPQL 字符串中。这样你也可以保护自己免受 SQL 注入:
Set the parameters through the Query interface instead of adding them literally to the JPQL String. That way you are also protecting yourself from SQL injection:
在 EclipseLink 中,您可以使用 FUNC 查询字来使用数据库特定函数。
“从用户 u 中选择 u,其中 u.email = :email 和 u.password = FUNC('sha1', :password)”
请参阅,
http://wiki.eclipse.org/EclipseLink/UserGuide/JPA/Basic_JPA_Development /查询/Support_for_Native_Database_Functions
In EclipseLink you can use the FUNC query word to use a database specific function.
"select u from user u where u.email = :email and u.password = FUNC('sha1', :password)"
See,
http://wiki.eclipse.org/EclipseLink/UserGuide/JPA/Basic_JPA_Development/Querying/Support_for_Native_Database_Functions