Spring JdbcTemplate - How to restrict queries to SELECT(s)?

Question

I am writing a program that uses JdbcTemplate and executes a user query. Is there a way through the Spring JDBC package that I can restrict user queries to SELECT statements? I don't want users to execute any queries that update the underlying database.

Thanks,
ktm

Answer 1

Spring JDBC can't do this for you automatically, you would have to write your own adapter and make sure that all your code calls the adapter.

Have you considered using DB privileges to achieve what you want? It depends on how granular you want your security to be, but its a good idea to create an 'application' database user that is a separate account from the database owner account. Then you grant the appropriate privileges on a per table basis.

Answer 2

Spring security is designed for this. It has a predefined tables for handling access.

Answer 3

If you have the option, consider using JPA (Java Persistence API); the Query-objects have separate getResultList and getSingleResult -methods, which throw exceptions if the query is a DELETE or UPDATE (delete & update are handled only via executeUpdate).