Hibernate: How to disable insert?

How can insertion to a table be disabled?

I have some lookup tables that should be read only. Is there anyway to instruct hibernate to reject any attempt to insert into that table?

Thanks

I'd do this at database level. Revoke insert permissions for your DataSource user on those tables.

All properties have insert and update attributes your can use too.

Paul:

I am disabling insert and update for all properties, but I was wondering if there is any other way to accomplish the same thing for the whole class.

Also, if all of the fields in the table are nullable (it shouldn't but if), the a user can still insert records, because primary key fields cannot be disabled for update and insert.

Well, the only way Hibernate does an insert is if you create an instance of your class and it not have an id value. So where in your application code are you creating an instance of a read-only class and not loading it from the database?

Mark

Well, the only way Hibernate does an insert is if you create an instance of your class and it not have an id value.

Not entirely true. If the class has its ID generation as 'assigned', then a user can assign an ID to an instance of a class, and ask Hibernate to save it.

So where in your application code are you creating an instance of a read-only class and not loading it from the database?

I am not worried about my code, I am worried about other developers' doing that. My API throws OperationNotSupportedException, if someone attempts to invoke the 'save()' method (provided in the api as one of CRUD operations).
However, I want to prevent any malicious attempts of one not using the api and writing his own code.

The project I am working on is a distribute jar file, which is going to be used among many applications. Possibly across multiple divisions, so I want to make sure that no one can insert in a table where he shouldn't.

I am not worried about my code, I am worried about other developers' doing that. My API throws OperationNotSupportedException, if someone attempts to invoke the 'save()' method (provided in the api as one of CRUD operations).
However, I want to prevent any malicious attempts of one not using the api and writing his own code.

Sounds like this needs to be prevented in the data model then. If another developer can write code not using the API you provide whether or not you can do this in Hibernate is neither here nor there. Revoke insert permissions on the entities you want to make read only.

You can use the tag mutable="false" in the class declaration of the hbm.