How to use Hibernate’s @Filter annotation in @ManyToOne field

drenda81 · June 3, 2020, 5:19pm

HI,
I’ve an entity like this:

@FilterDef(name = "customerFilter", parameters = @ParamDef(name = "principalSid", type = "string"))
@Filter(name = "customerFilter", condition = "contact.sid=:principalSid")
public class Document extends AbstractEntity {

    @NotNull
    @Column(nullable = false, columnDefinition = "DATE")
    private Instant date;

    @Builder.Default
    @NotNull
    @Column(nullable = false, columnDefinition = "BIT DEFAULT 0")
    private boolean electronic = false;

    @ToString.Exclude
    @JsonDeserialize(using = ContactUriDeserializer.class)
    @ManyToOne(fetch = FetchType.LAZY)
    private Contact contact;

Unfortunately, when I enable the filter “customerFilter” I get an exception:

3/06/2020 19:17:54,109  WARN http-nio-8082-exec-5 SqlExceptionHelper:137 - SQL Error: 1054, SQLState: 42S22
03/06/2020 19:17:54,109 ERROR http-nio-8082-exec-5 SqlExceptionHelper:142 - Unknown column 'contact.sid' in 'where clause'
03/06/2020 19:17:54,221 ERROR http-nio-8082-exec-5 [dispatcherServlet]:175 - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.dao.InvalidDataAccessResourceUsageException: could not extract ResultSet; SQL [n/a]; nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet] with root cause
java.sql.SQLSyntaxErrorException: Unknown column 'contact.sid' in 'where clause'
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120) ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97) ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122) ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953) ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.mysql.cj.jdbc.ClientPreparedStatement.executeQuery(ClientPreparedStatement.java:1003) ~[mysql-connector-java-8.0.20.jar:8.0.20]
	at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeQuery(ProxyPreparedStatement.java:52) ~[HikariCP-3.4.5.jar:?]

I know of this topic, but I’m wondering if there is another way to accomplish this task.
I’d like to avoid to modify the query because this check it’s a security check and I do not want that a coding mistake expose the application to security holes.
With a filter I’m sure this check is always made, despite whats the developer does.

Thanks

Topic		Replies	Views
Wrong query using filter and entity inheritance Hibernate ORM	2	574	May 26, 2021
How to use Hibernate's @Filter annotation in an @EmbeddedId property? Hibernate ORM	8	7332	February 6, 2019
Hibernate filter not working with update query Hibernate ORM	10	1243	August 5, 2024
Hibernate @Filter can only filter table fields. What should I use to filter on entity properties, and not table columns? Hibernate ORM	1	922	February 27, 2019
ManyToOne Empty Table Exception Hibernate ORM	0	360	March 21, 2020

How to use Hibernate’s @Filter annotation in @ManyToOne field

Related topics