Sorry still confused and I'm not sure the >= 0 check helps you.. How would
you solve this problem with another framework?
Tangent: I guess adding a hash/encrypted value to the original response
which additionally identifies the node at this time and expecting that
value back in the update request (regenerating the hash and validating your
unmodifying fields remain unmodified), or encoding data in the session and
using that as validation, or making sure that a) the nodes are protected by
a layer of security (such as User A OWNS Nodes 1,2,3,4,5) - and expecting
only authenticated users to use your client and that b) you use HTTP verbs
as such that a POST can create a Node but a PUT is expected to update a
node. All outside the bounds of Neo though as ultimately your question
refers to code residing in your controller which is probably below your
security and validation and by the time Neo is involved you should be happy
that you trust your data (I wouldn't think that this would be achieved by
pre-fetching the node either).
I guess if any of that stuff makes sense you should go over to security or
programmers on Stack Overflow..
On Wednesday, 3 September 2014 21:03:41 UTC+1, Aman Gupta wrote:
>
> Hello Mark,
>
> You got it completely :). by validation, I mean to say to check if nodeId
> is intact and not manipulated by client side. I got
> repository.save(someobject); to save the node if its new request or to
> update the node if nodeId is already present in that request. Consider a
> scenario here, I would like to design in following way:
>
> class User {
> @GraphId
> Long nodeId
> String name;
> String surname;
>
> }
>
> User obj = new User();
> // initialize Class with setters
>
> obj = repository.save(obj); // this will save and create new node. obj
> returned at client side
>
> Now client made update request with some additional changes as follows:
>
> name="xyz";
> nodeId=null; // here he may manipulate it to some null value or other
> value
>
> repository.save(obj); // now here repository would create a new node
> again if nodeId is null !!
>
> So that's my point, even if I am using a separate field to create my own
> id and save with node to serve my purpose. that would require additional
> call to db to check/validate if that node present which I feel is not good.
> So purpose of setting nodeId greater than 0 would serve my purpose as I can
> check it nodeId>0 or !=null, in my code and alert user about manipulation.
>
> I hope I made it clear enough this time. am I going in correct way ?
>
> Thanks alot.
>
>
>
>
> On Thursday, 4 September 2014 01:00:57 UTC+5:30, Mark Findlater wrote:
>>
>> Hey Aman I am not sure that I 100% understand, but you can be sure that
>> Neo will generate node ids greater than 0 for each new node you create.
>> With your @NodeEntity annotated classes you will map the ID to a field
>> using the @GraphId annotation. You can safely do front end validation on
>> node id > 0.
>>
>> You can not set this ID value, this is the internal ID used by Neo and it
>> is important to realise that it is not incremental and that the IDs do get
>> recycled (when nodes get deleted the ID of that node will be re-used). It
>> is therefore recommended that you add you own identification fields if you
>> need to use the ID in any 3rd party systems. Neo does not have a mechanism
>> for generating this separate external identifier for you, but there are a
>> couple of handy blog post which talk about how to leverage event hooks to
>> add the data at node creation time - this
>> <http://blog.armbruster-it.de/2013/08/assigning-uuids-to-neo4j-nodes-and-relationships/>
>>
>> being one of them. I am currently trying to utilise the MERGE operator to
>> create my nodes as it has handy ON CREATE/ON MATCH semantics which can
>> allow autoincrement type behaviour, see this gist
>> <http://www.neo4j.org/graphgist?8012859> - this works great but I have
>> had issues getting it to work when currency/HA is involved.
>>
>> With regards to validating if the request from the front end is valid,
>> how would you validate that with or without Neo?
>>
>> Does that address what you were asking, sorry if I've missed the point,
>>
>> M
>>
>> On Wednesday, 3 September 2014 20:09:13 UTC+1, Aman Gupta wrote:
>>>
>>> each node which is saved in neo4j database, has an nodeId 0
>>>>
>>>
>>> Little correction here. not each node. but the one which get created
>>> first. :)
>>>
>>> On Thursday, 4 September 2014 00:36:11 UTC+5:30, Aman Gupta wrote:
>>>>
>>>> Hello Everyone,
>>>>
>>>> I am designing an application with several Domain/ entity classes with
>>>> Jersey and Spring integration. Thing is, during initial time, or say first
>>>> execution, each node which is saved in neo4j database, has an nodeId 0.
>>>> Its
>>>> a point of my interest. How can we make it sure that each nodeId should be
>>>> atleast greater than 0 ?
>>>>
>>>> Why I need this ?
>>>>
>>>> I need this because I think, it would help me while validating request,
>>>> received from front end. Consider a scenario of Updating a node which hold
>>>> nodeId value as 0. Now what would be the best approach to check if nodeId
>>>> is correct or not ? Indeed I can make call to db and be done with it, but
>>>> I
>>>> dont want that. I saw in case of Spring Data JPA, where we have
>>>> @GeneratedValue from J2EE, which atleast provide some sort of control to
>>>> generate Id of our choice. but I didn't or say I am yet not able to find
>>>> any such provision if made.
>>>>
>>>> Is there any thing which I am missing confrontational points ? FYI I
>>>> have Spring Data Neo4j latest stable release and Neo4j 2.1.3 server.
>>>>
>>>> Thanks
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Neo4j" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to neo4j+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
