I work on an application that uses Spring MVC and Hibernate. I am implementing some RESTful web services and am curious how to easily filter collections server side.
As an example, I want to be able to filter a collection of employee entities. I have researched several options, such as RQL, the way Google handles custom searches, Ebay’s answer, and even Yahoo’s YQL. They all seem to be good answers to the filtering question, but I can not seem to find any libraries that will allow me to easily implement this concept.
I did find here, that:
Apache CXF introduced FIQL support with its JAX-RS implementation since 2.3.0 release
but we are already using Spring MVC.
I’m surprised there is no library for taking the bold query string below, for example, and translating that into SQL or something that Hibernate can use to filter.
/employees?lastname=john OR jon&hiredate lt 20010201
It is entirely possible that I am thinking of this incorrectly, but I wanted to tap into the community’s experience and knowledge. What am I missing?
A library that directly converts a GET like that into SQL could be very insecure. You need to have an intermediate layer to do some validation to make sure that the user isn’t messing with the URL to execute a SQL injection.
As far as I know, the best you can do is use your JAX-RS implementation to cleanly read in those query parameters, validate them, and use something like a prepared SQL statement to securely execute them.