Replace persistent entities with a simple POJO or DTO objects for controllers

jhipster / generator-jhipster

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures.

https://www.jhipster.tech

Apache License 2.0

21.59k stars 4.03k forks source link

Replace persistent entities with a simple POJO or DTO objects for controllers #12676

Closed tillias closed 4 years ago

tillias commented 4 years ago

Overview of the feature request

By default persistent entities are used as DTOs for all controllers. For example: https://sonarcloud.io/project/issues?id=microcatalog&open=AXUFA43oaLeiCpuVTUPk&resolved=false&types=VULNERABILITY

Please generate DTO objects for rest controllers (e.g. SomeEntity for persistence layer and SomeEntityDTO for controllers)

Motivation for or Use Case

This is direct violation of java:S4684 and displayed in SonarQube as Security Violation.

See https://jira.sonarsource.com/browse/SONARJAVA-2797 or https://stackoverflow.com/questions/54233672/how-to-avoid-the-vulnerability-created-by-using-entities-at-a-requestmapping-met

Related issues or PR

[x ] Checking this box is mandatory (this is just to show you read everything)

pascalgrimaud commented 4 years ago

@tillias : it's because you didn't use service + dto when generating your entities. Like you, I don't like the default option in JHipster, that's why I always use service + dto.

But as you didn't fill the template with your config, I can't guess :)

atomfrede commented 4 years ago

We have a dto option which should do exactly that https://www.jhipster.tech/using-dtos/#how-dtos-work-in-jhipster

tillias commented 4 years ago

Hello lovely people, sorry for bothering with this, but which parameters should I pass to generator for this?

If I check https://www.jhipster.tech/using-dtos/#how-dtos-work-in-jhipster then there is mention that "I have an option" When generating a JHipster entity, you have the option to add a service layer: the DTO option will only be available if you choose to have a service layer, as it needs that layer to handle the mapping (if you are using JPA, this is because the service layer is transactional, so lazy-loading will work).

When I use https://www.jhipster.tech/creating-an-entity/ then still can't find any parameters for --import-jdl

Please advise

pascalgrimaud commented 4 years ago

@tillias : what do you use for generating your entities ? If it's with CLI, you should have the question. I think it's with JDL, so you should use:

service * with serviceClass
dto all with mapstruct

tillias commented 4 years ago

I'm using JDL Online and then simply run --import-jdl I will try this option, many thanks!

tillias commented 4 years ago

Confirmed, works as designed by jhipster-team