This content has been marked as final. Show 1 reply
I wouldn't expose my entities for auto marshaling with JAXB and sent out to clients. Rather use separate POJOs. It will feel a pain to write the DTO to entity copies but you will make life a lot easier for yourself if you are writing a big project. Also, it is more prudent to expose the entity data via DTOs anyway because the best way to store your data is not always exactly the same way users want to access it. You also close some security loopholes because you handpick which values are made available for each interaction.