Add SpEL support for @Table, @Column and @MappedCollection
#1461
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
… inject a custom sanitizer in the RelationMappingContext and JdbcMappingContext classes.
Reuse existing EvaluationContextProvider infrastructure and static parser/parser context instances. Parse expressions early. Update Javadoc to reflect SpEL support. Reformat code to use tabs instead of spaces. Rename types for consistency. Rename SpelExpressionResultSanitizer to SqlIdentifierSanitizer to express its intended usage.
|
I applied a round of polishing. Besides some stylistic changes, please make sure to configure your formatter to use tabs instead of spaces. See https://github.com/spring-projects/spring-data-build/blob/main/etc/ide/eclipse-formatting.xml the formatter config we use across our projects. |
|
|
||
| Table table = getRequiredAnnotation(Table.class); | ||
|
|
||
| // TODO: support expressions for schema |
There was a problem hiding this comment.
I'm in favor of supporting SpEL for schema within the scope of this ticket.
There was a problem hiding this comment.
Will see what the scope of changes is - and if small add to this ticket.
There was a problem hiding this comment.
Just pushed up an update. Adding this was pretty straight-forward.
| @@ -38,25 +38,26 @@ | |||
| public @interface Table { | |||
|
|
|||
| /** | |||
| * The mapping table name. | |||
| * The table name. The attribute supports SpEL expressions to dynamically calculate the table name on a per-operation | |||
There was a problem hiding this comment.
The cache should be updated to consider dynamic table and column names. This should be possible through a corresponding cache key.
Add SpEL support for schema property in @table annotation
mp911de
changed the title
@Table, @Column and @MappedCollection
mp911de
added
type: enhancement
If SpEl expressions are specified in the `@Table` or `@Column` annotation, they will be evaluated and the output will be sanitized to prevent SQL Injections. The default sanitization only allows digits, alphabetic characters, and _ character. (i.e. [0-9, a-z, A-Z, _]) Closes #1325 Original pull request: #1461
Reuse existing EvaluationContextProvider infrastructure and static parser/parser context instances. Parse expressions early. Update Javadoc to reflect SpEL support. Reformat code to use tabs instead of spaces. Rename types for consistency. Rename SpelExpressionResultSanitizer to SqlIdentifierSanitizer to express its intended usage. Eagerly initialize entities where applicable. Simplify code. See #1325 Original pull request: #1461
|
That's merged and polished now. |
|
Hello .. I've got a question concerning this ticket And while i can happily report that this works fine for queries / select stetements, While the spel expression is always evaluated correctly to e.g. "tenant-0" or "tenant-5", So my question is, are insert operations also supposed to work with schema ? As an alternative i was also looking into using a NamingStrategy Bean, thx in advance -- cut examples --- @table(name = "insurance", schema = "#{@tenantIdBean.getPrefix()}") @component |
|
Yes, statements do get cached. Please create a new ticket for this. |
thx |
If SpEl expressions are specified in the @table or @column annotation, they will be evaluated and the output will be sanitized to prevent SQL Injections.
The default sanitization only allows digits, alphabetic characters, and _ character. (i.e. [0-9, a-z, A-Z, _])
Closes #1325