Hibernate JPA loop

Question

I created an entity class :

@Entity
@Table(name="users")
@Getter @Setter
public class UserModel implements Serializable {

    @Setter(AccessLevel.NONE)
    @Getter(AccessLevel.NONE)
    private static final long serialVersionUID = -5608230793232883579L;

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private long id;

    @Column(nullable = false, unique = true)
    private String userId;

    @Column(nullable = false, length = 50)
    private String firstName;

    @Column(nullable = false, length = 50)
    private String lastName;

    @Email
    @Column(nullable = false, length = 120, unique = true)
    private String email;

    @Column(nullable = false)
    private String encryptedPassword;

    private Boolean emailVerificationStatus = false;

    private String emailVerificationToken;

    @ManyToMany(cascade= { CascadeType.PERSIST }, fetch = FetchType.EAGER )
    @JoinTable(
            name = "user_role",
            joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"),
            inverseJoinColumns=@JoinColumn(name = "role_id", referencedColumnName = "id"))
    private List<RoleModel> roles;

    @JsonManagedReference
    @OneToMany(mappedBy = "user")
    private List<ProjectModel> projects;
}

For the list of projects, I also have an entity class:

@Entity
@Table(name= "projects")
@Getter @Setter
public class ProjectModel implements Serializable {
    @Setter(AccessLevel.NONE)
    @Getter(AccessLevel.NONE)
    public static final long serialVersionUID = 1L;

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private long id;

    @Column(nullable = false, unique = true)
    private String projectId;
    
    // ... 

    @Column
    @JsonManagedReference
    @OneToMany(mappedBy = "project")
    private List<ObjectiveModel> objectives;

    // ...

    @JsonBackReference
    @ManyToOne(
            cascade = { CascadeType.DETACH, CascadeType.MERGE, CascadeType.PERSIST, CascadeType.REFRESH },
            fetch = FetchType.LAZY
    )
    private UserModel user;

}

I also use a DTO layer to communicate with database:

@Getter @Setter
public class UserDto implements Serializable {

    @Setter(AccessLevel.NONE)
    @Getter(AccessLevel.NONE)
    private static final long serialVersionUID = -5352357837541477260L;

    // contains more information than models used for rest
    private long id;
    private String userId;
    private String firstName;
    private String lastName;
    private String email;
    private String password;
    private String encryptedPassword;
    private String emailVerificationToken;
    private Boolean emailVerificationStatus = false;

    private List<String> roles;
    private List<ProjectDto> projects;
}

Each entity has its own Dto equivalent. I can create a user. My issue is trying to log in. My userServiceImpl implements Spring Security UserService. Here is my implementation :

@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
    UserModel userModel = userRepository.findByEmail(email);
    if(userModel == null)
        throw new UsernameNotFoundException("User with email "  + email + " not found");

    return new UserPrincipalManager(userModel);
}

My UserPrincipalManager :

public class UserPrincipalManager implements UserDetails {

    private static final long serialVersionUID = 7464059818443209139L;

    private UserModel userModel;
    private ProjectModel projectModel;

    @Getter @Setter
    private String userId;

    @Autowired
    public UserPrincipalManager(UserModel userModel) {
        this.userModel = userModel;
        this.userId = userModel.getUserId();
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        Collection<GrantedAuthority> authorities = new HashSet<>();
        Collection<AuthorityModel> authorityModelEntities = new HashSet<>();
        // get user roles
        Collection<RoleModel> roleModels = userModel.getRoles();
        if (roleModels == null) {
            return authorities; // null
        }
        // get user roles
        roleModels.forEach((role) ->{
            authorities.add(new SimpleGrantedAuthority(role.getName()));
            authorityModelEntities.addAll(role.getAuthorities());
        });
        // get user authorities
        authorityModelEntities.forEach(authorityModel -> {
            authorities.add(new SimpleGrantedAuthority(authorityModel.getName()));
        });

        return authorities;
    }

    @Override
    public String getPassword() {
        return this.userModel.getEncryptedPassword();
    }

    @Override
    public String getUsername() {
        return this.userModel.getEmail();
    }

    // we do not store this information in DB
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    // we do not store this information in DB (yet)
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    // we do not store this information in DB (yet)
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    // isEnabled depending if account is activated => email verification status value
    @Override
    public boolean isEnabled() {
        return this.userModel.getEmailVerificationStatus();
    }

}

While trying to log in a User sql request is looping.

at org.modelmapper.internal.converter.MergingCollectionConverter.convert(MergingCollectionConverter.java:59)
    at org.modelmapper.internal.converter.MergingCollectionConverter.convert(MergingCollectionConverter.java:31)
    at org.modelmapper.internal.MappingEngineImpl.convert(MappingEngineImpl.java:303)
    at org.modelmapper.internal.MappingEngineImpl.map(MappingEngineImpl.java:110)
    at org.modelmapper.internal.MappingEngineImpl.setDestinationValue(MappingEngineImpl.java:242)
    at org.modelmapper.internal.MappingEngineImpl.propertyMap(MappingEngineImpl.java:188)
    at org.modelmapper.internal.MappingEngineImpl.typeMap(MappingEngineImpl.java:152)
    at org.modelmapper.internal.MappingEngineImpl.map(MappingEngineImpl.java:106)
    at org.modelmapper.internal.converter.MergingCollectionConverter.convert(MergingCollectionConverter.java:59)
    at org.modelmapper.internal.converter.MergingCollectionConverter.convert(MergingCollectionConverter.java:31)
    at org.modelmapper.internal.MappingEngineImpl.convert(MappingEngineImpl.java:303)
    at org.modelmapper.internal.MappingEngineImpl.map(MappingEngineImpl.java:110)
    at org.modelmapper.internal.MappingEngineImpl.setDestinationValue(MappingEngineImpl.java:242)
    at org.modelmapper.internal.MappingEngineImpl.propertyMap(MappingEngineImpl.java:188)
    at org.modelmapper.internal.MappingEngineImpl.typeMap(MappingEngineImpl.java:152)
    at org.modelmapper.internal.MappingEngineImpl.map(MappingEngineImpl.java:106)
    at org.modelmapper.internal.converter.MergingCollectionConverter.convert(MergingCollectionConverter.java:59)
    at org.modelmapper.internal.converter.MergingCollectionConverter.convert(MergingCollectionConverter.java:31)
    at org.modelmapper.internal.MappingEngineImpl.convert(MappingEngineImpl.java:303)
    at org.modelmapper.internal.MappingEngineImpl.map(MappingEngineImpl.java:110)
    at org.modelmapper.internal.MappingEngineImpl.setDestinationValue(MappingEngineImpl.java:242)
    at org.modelmapper.internal.MappingEngineImpl.propertyMap(MappingEngineImpl.java:188)
    at org.modelmapper.internal.MappingEngineImpl.typeMap(MappingEngineImpl.java:152)
    at org.modelmapper.internal.MappingEngineImpl.map(MappingEngineImpl.java:106)

In the end the application crashes and returns a 403 error.

2020-10-05 12:07:22.215 DEBUG 4564 --- [nio-8080-exec-8] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]

The login fonction works if user do not have project associated.

Answer 1

I don't know anything about model mapper, but I would like to provide you an alternative solution because I think this is a perfect use case for Blaze-Persistence Entity Views.

I created the library to allow easy mapping between JPA models and custom interface or abstract class defined models, something like Spring Data Projections on steroids. The idea is that you define your target structure(domain model) the way you like and map attributes(getters) via JPQL expressions to the entity model.

A DTO model for your use case could look like the following with Blaze-Persistence Entity-Views:

@EntityView(UserModel.class)
public interface UserDto extends Serializable {
    @IdMapping
    Long getId();
    String getUserId();
    String getFirstName();
    String getLastName();
    String getEmail();
    String getPassword();
    String getEncryptedPassword();
    String getEmailVerificationToken();
    Boolean getEmailVerificationStatus();
    Set<String> getRoles();
    Set<ProjectDto> getProjects();

    @EntityView(ProjectModel.class)
    interface ProjectDto {
        @IdMapping
        Long getId();
        String getProjectId();
        // Other mappings...
    }
}

Querying is a matter of applying the entity view to a query, the simplest being just a query by id.

UserDto a = entityViewManager.find(entityManager, UserDto.class, id);

The Spring Data integration allows you to use it almost like Spring Data Projections: https://persistence.blazebit.com/documentation/entity-view/manual/en_US/index.html#spring-data-features

The big bonus here, it will only fetch the columns that are actually needed and it validates the DTO model against your JPA model during boot time, so there are no more runtime surprises!