Thanks Mark for your useful suggestion, (I was away so couldn't replied on time.)
On Thu, Sep 4, 2014 at 2:15 AM, Mark Findlater < [email protected]> wrote: > Sorry still confused and I'm not sure the >= 0 check helps you.. How would > you solve this problem with another framework? > > Tangent: I guess adding a hash/encrypted value to the original response > which additionally identifies the node at this time and expecting that > value back in the update request (regenerating the hash and validating your > unmodifying fields remain unmodified), or encoding data in the session and > using that as validation, or making sure that a) the nodes are protected by > a layer of security (such as User A OWNS Nodes 1,2,3,4,5) - and expecting > only authenticated users to use your client and that b) you use HTTP verbs > as such that a POST can create a Node but a PUT is expected to update a > node. All outside the bounds of Neo though as ultimately your question > refers to code residing in your controller which is probably below your > security and validation and by the time Neo is involved you should be happy > that you trust your data (I wouldn't think that this would be achieved by > pre-fetching the node either). > > I guess if any of that stuff makes sense you should go over to security or > programmers on Stack Overflow.. > > > On Wednesday, 3 September 2014 21:03:41 UTC+1, Aman Gupta wrote: >> >> Hello Mark, >> >> You got it completely :). by validation, I mean to say to check if nodeId >> is intact and not manipulated by client side. I got >> repository.save(someobject); to save the node if its new request or to >> update the node if nodeId is already present in that request. Consider a >> scenario here, I would like to design in following way: >> >> class User { >> @GraphId >> Long nodeId >> String name; >> String surname; >> >> } >> >> User obj = new User(); >> // initialize Class with setters >> >> obj = repository.save(obj); // this will save and create new node. obj >> returned at client side >> >> Now client made update request with some additional changes as follows: >> >> name="xyz"; >> nodeId=null; // here he may manipulate it to some null value or other >> value >> >> repository.save(obj); // now here repository would create a new node >> again if nodeId is null !! >> >> So that's my point, even if I am using a separate field to create my own >> id and save with node to serve my purpose. that would require additional >> call to db to check/validate if that node present which I feel is not good. >> So purpose of setting nodeId greater than 0 would serve my purpose as I can >> check it nodeId>0 or !=null, in my code and alert user about manipulation. >> >> I hope I made it clear enough this time. am I going in correct way ? >> >> Thanks alot. >> >> >> >> >> On Thursday, 4 September 2014 01:00:57 UTC+5:30, Mark Findlater wrote: >>> >>> Hey Aman I am not sure that I 100% understand, but you can be sure that >>> Neo will generate node ids greater than 0 for each new node you create. >>> With your @NodeEntity annotated classes you will map the ID to a field >>> using the @GraphId annotation. You can safely do front end validation on >>> node id > 0. >>> >>> You can not set this ID value, this is the internal ID used by Neo and >>> it is important to realise that it is not incremental and that the IDs do >>> get recycled (when nodes get deleted the ID of that node will be re-used). >>> It is therefore recommended that you add you own identification fields if >>> you need to use the ID in any 3rd party systems. Neo does not have a >>> mechanism for generating this separate external identifier for you, but >>> there are a couple of handy blog post which talk about how to leverage >>> event hooks to add the data at node creation time - this >>> <http://blog.armbruster-it.de/2013/08/assigning-uuids-to-neo4j-nodes-and-relationships/> >>> being one of them. I am currently trying to utilise the MERGE operator to >>> create my nodes as it has handy ON CREATE/ON MATCH semantics which can >>> allow autoincrement type behaviour, see this gist >>> <http://www.neo4j.org/graphgist?8012859> - this works great but I have >>> had issues getting it to work when currency/HA is involved. >>> >>> With regards to validating if the request from the front end is valid, >>> how would you validate that with or without Neo? >>> >>> Does that address what you were asking, sorry if I've missed the point, >>> >>> M >>> >>> On Wednesday, 3 September 2014 20:09:13 UTC+1, Aman Gupta wrote: >>>> >>>> each node which is saved in neo4j database, has an nodeId 0 >>>>> >>>> >>>> Little correction here. not each node. but the one which get created >>>> first. :) >>>> >>>> On Thursday, 4 September 2014 00:36:11 UTC+5:30, Aman Gupta wrote: >>>>> >>>>> Hello Everyone, >>>>> >>>>> I am designing an application with several Domain/ entity classes with >>>>> Jersey and Spring integration. Thing is, during initial time, or say first >>>>> execution, each node which is saved in neo4j database, has an nodeId 0. >>>>> Its >>>>> a point of my interest. How can we make it sure that each nodeId should be >>>>> atleast greater than 0 ? >>>>> >>>>> Why I need this ? >>>>> >>>>> I need this because I think, it would help me while validating >>>>> request, received from front end. Consider a scenario of Updating a node >>>>> which hold nodeId value as 0. Now what would be the best approach to check >>>>> if nodeId is correct or not ? Indeed I can make call to db and be done >>>>> with >>>>> it, but I dont want that. I saw in case of Spring Data JPA, where we have >>>>> @GeneratedValue from J2EE, which atleast provide some sort of control to >>>>> generate Id of our choice. but I didn't or say I am yet not able to find >>>>> any such provision if made. >>>>> >>>>> Is there any thing which I am missing confrontational points ? FYI I >>>>> have Spring Data Neo4j latest stable release and Neo4j 2.1.3 server. >>>>> >>>>> Thanks >>>>> >>>> -- > You received this message because you are subscribed to a topic in the > Google Groups "Neo4j" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/neo4j/dMAV3B5yu1U/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
