Why Avoid Exposing Entities Directly to REST Clients?

In the ORM (Object-Relational Mapping) world, entities (POJOs) map directly to database tables, while DTOs (Data Transfer Objects) provide a customized view of the table data for REST clients. Exposing entities directly is discouraged for the following reasons:

1. Entity Associations and Performance Issues
   • Entities are often associated with other entities in the database, which can lead to issues like:
     • LazyInitializationException when accessing uninitialized relationships.
     • StackOverflowError due to recursive serialization of bidirectional relationships.
     • Unnecessary transfer of large amounts of data, impacting performance.
2. Unnecessary Data in Resource Creation
   • When creating a resource, exposing entities may require sending unnecessary or sensitive details.
   • Example: For creating a new Category, the client should only send Category details, not related entities like BlogPosts, Blogger, Address, or AadharCard.
3. Security Risks
   • Exposing entities directly may reveal sensitive or extra information to the REST client, compromising security.
4. Issues with Resource Updates
   • When updating a resource, if fields like createdOn are not set, the database may receive null or unintended values, leading to data inconsistencies.

Using DTOs with ModelMapper

To convert between entities and DTOs automatically, third-party libraries like MapStruct or ModelMapper are commonly used. Below are the steps to use ModelMapper in a Spring Boot application.

1. Add ModelMapper Dependency

Include the ModelMapper dependency in your pom.xml:

<!-- <https://mvnrepository.com/artifact/org.modelmapper/modelmapper> -->
<dependency>
    <groupId>org.modelmapper</groupId>
    <artifactId>modelmapper</artifactId>
    <version>3.2.3</version>
</dependency>

2. Configure ModelMapper as a Spring Bean

To make ModelMapper injectable as a dependency in other Spring beans, configure it as a Spring bean using either:

• XML configuration with <bean> tags.
• A @Beanannotated method in a @Configuration class.

Example using @Configuration and @Bean:

@Configuration
public class AppConfig {
    @Bean
    public ModelMapper modelMapper() {
        ModelMapper modelMapper = new ModelMapper();
        modelMapper.getConfiguration()
            .setMatchingStrategy(MatchingStrategies.STRICT) // Only matching property names are transferred
            .setPropertyCondition(Conditions.isNotNull()); // Only non-null properties are transferred
        return modelMapper;
    }
}

@Bean vs @Component

• @Component and its subtypes (e.g., @Service, @Repository) are preferred for component scanning and automatic wiring when you control the source code.
• @Bean is used when automatic configuration is not possible, such as for third-party libraries like ModelMapper or PasswordEncoder in Spring Security, where you cannot annotate the classes with @Component.