WebsiteLogo

Criteria API

Learn how to build queries programmatically using Hibernate's Criteria API. This approach is useful for constructing dynamic queries based on runtime conditions. We'll cover the basics of building criteria queries and executing them.

⬅ Previous Next ➡

Dynamic Query Construction in Hibernate

Explanation: Dynamic Query Construction

Dynamic query construction refers to the process of building database queries programmatically, adapting the query structure and conditions based on runtime factors. This is particularly useful when the query requirements are not fixed at compile time but depend on user input, application state, or other dynamic variables. In the context of Hibernate, this allows you to create flexible and adaptable queries without writing multiple hardcoded queries for each possible scenario.

Benefits of Dynamic Query Construction:

  • Flexibility: Adapt queries to varying user inputs or application states.
  • Maintainability: Reduce code duplication by creating parameterized queries.
  • Efficiency: Avoid fetching unnecessary data by only including relevant conditions.
  • Security: When used correctly with parameterized queries, helps prevent SQL injection vulnerabilities.

Illustrative Example: Constructing Criteria Queries Dynamically in Hibernate

This example demonstrates how to build Criteria queries dynamically in Hibernate based on runtime conditions. We'll use the Criteria API to construct a query that filters a list of `Product` entities based on user-provided criteria such as name, price, and availability.

 import org.hibernate.Criteria;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.cfg.Configuration;
import org.hibernate.criterion.Restrictions;
import org.hibernate.criterion.Conjunction; //Import Conjunction
import java.util.List;

// Assume you have a Product entity class defined as follows:
// (This class definition is for illustrative purposes only.  Replace with your actual Product entity)
//
// @Entity
// @Table(name = "products")
// public class Product {
//     @Id
//     @GeneratedValue(strategy = GenerationType.IDENTITY)
//     private Long id;
//     private String name;
//     private Double price;
//     private Boolean available;
//
//     // Getters and setters...
// }


public class DynamicQueryExample {

    public static void main(String[] args) {
        // Configure Hibernate (replace "hibernate.cfg.xml" with your configuration file if different)
        Configuration configuration = new Configuration().configure("hibernate.cfg.xml").addAnnotatedClass(Product.class);
        SessionFactory sessionFactory = configuration.buildSessionFactory();

        try (Session session = sessionFactory.openSession()) {

            // Simulate user input (can come from a web form, command line, etc.)
            String nameFilter = "Example Product"; // or null if no filter
            Double minPrice = 50.0;        // or null if no filter
            Boolean availableFilter = true;     // or null if no filter


            // Build the Criteria query dynamically
            Criteria criteria = session.createCriteria(Product.class);

            //Use Conjunction to combine different criterions using AND
            Conjunction conjunction = Restrictions.conjunction();


            // Add conditions based on user input
            if (nameFilter != null && !nameFilter.isEmpty()) {
                conjunction.add(Restrictions.like("name", "%" + nameFilter + "%"));  //Using like for partial matching
                // Use Restrictions.eq("name", nameFilter) for exact matching
            }

            if (minPrice != null) {
                conjunction.add(Restrictions.ge("price", minPrice));  // greater than or equal to
            }

            if (availableFilter != null) {
                conjunction.add(Restrictions.eq("available", availableFilter));
            }

            //If the conjunction is not empty, add it to criteria
            if(conjunction.toString().length() > 2) {
                criteria.add(conjunction);
            }



            // Execute the query
            List<Product> products = criteria.list();

            // Process the results
            if (products.isEmpty()) {
                System.out.println("No products found matching the criteria.");
            } else {
                System.out.println("Products found:");
                for (Product product : products) {
                    System.out.println(product.getName() + " - Price: " + product.getPrice() + " - Available: " + product.getAvailable());
                }
            }

        } catch (Exception e) {
            e.printStackTrace(); // Handle exceptions appropriately in a real application
        } finally {
            if (sessionFactory != null) {
                sessionFactory.close();
            }
        }
    }
}

Explanation of the Code:

  1. Hibernate Setup: The code first configures Hibernate using `hibernate.cfg.xml` and adds the `Product` entity class to the configuration. This assumes you have a Hibernate configuration file and a `Product` entity defined.
  2. Simulated User Input: The code simulates user input for filtering products based on name, minimum price, and availability. In a real application, these values would come from a web form, command-line arguments, or some other input source.
  3. Criteria Object Creation: `session.createCriteria(Product.class)` creates a `Criteria` object, which represents the query to be executed against the `Product` entity.
  4. Dynamic Condition Building:
    • `Conjunction conjunction = Restrictions.conjunction()`: A `Conjunction` is created to combine multiple restrictions using `AND`. This ensures that all specified criteria must be met for a product to be included in the results.
    • Conditional checks are performed for each potential filter (name, price, availability).
    • If a filter value is provided (i.e., not null or empty for name), a corresponding restriction is added to the `Conjunction`:
      • `Restrictions.like("name", "%" + nameFilter + "%")`: Adds a restriction to filter products whose name contains the `nameFilter` string (using a "like" operator for partial matching).
      • `Restrictions.ge("price", minPrice)`: Adds a restriction to filter products whose price is greater than or equal to `minPrice`.
      • `Restrictions.eq("available", availableFilter)`: Adds a restriction to filter products whose availability matches the `availableFilter` boolean value.
    • `criteria.add(conjunction)`: The combined `Conjunction` is added to the `Criteria` object, applying all the specified restrictions to the query.
  5. Query Execution: `criteria.list()` executes the dynamically constructed query and returns a list of `Product` entities that match the criteria.
  6. Result Processing: The code iterates through the returned list of `Product` entities and prints their details to the console.
  7. Error Handling: A `try-catch-finally` block is used to handle potential exceptions during the Hibernate operations and ensure that the `SessionFactory` is closed properly.

Important Considerations:

  • SQL Injection: Always use parameterized queries (as shown in the example) to prevent SQL injection vulnerabilities. Never directly concatenate user input into your SQL queries. The Criteria API handles parameterization automatically when using `Restrictions`.
  • Performance: Be mindful of the performance implications of dynamic queries, especially when dealing with large datasets. Carefully design your query conditions and consider using indexes on the database columns used in your filters.
  • Alternatives: For more complex queries, consider using the JPA Criteria API or HQL (Hibernate Query Language). JPA Criteria API provides a type-safe way to build queries, while HQL offers more flexibility and control over the generated SQL. Hibernate 5.2+ recommends the JPA Criteria API.
⬅ Previous Next ➡