-
1. Re: Securing EJB3s with ACLs / CRUD
maxandersen Feb 21, 2005 5:17 PM (in response to emsa)This kind of mechanism is the perfect use case for Hibernate3 new filter mechanism.
Probably not something that will be exposed at the EJB3 spec level, but something you can do with Hibernate3 which is the underlying engine for JBoss's EJB3 implementation. -
2. Re: Securing EJB3s with ACLs / CRUD
emsa Feb 21, 2005 5:41 PM (in response to emsa)Ok,
I'll have a look at that - is it possible to combine this with EJB3 or will I have to use Hibernate Entittys/POJOs?
Still it would be nice to do a pure EJB3 implementation.
/Magnus -
3. Re: Securing EJB3s with ACLs / CRUD
bill.burke Feb 21, 2005 5:48 PM (in response to emsa)EntityCallbackListeners may help and may be a standard way to do this.
-
4. Re: Securing EJB3s with ACLs / CRUD
emsa Feb 22, 2005 4:30 AM (in response to emsa)As far as I can understand EntityCallbackListeners will not help. The callbacks, in this case @PostRead, is called when the data is already loaded into memory. This will not be good enough when handling large amount of data.
There are solutions to most situations, where you basically can write your own EJB-QL and use the EntityManager for lookups but when it comes to relationsships I have found no way to do any filtering.
One way would ofcource be to use EJB3 without any relationsships and handle this by hand, but that seems to be a waste of good code.
A better way, IMHO, is if there was some why to add filter directives to the relationsships.
Something like:
@ManyToOne( ..., filter="status_col != \"DELETED\"")
you could even put the complete EJB-QL used to fetch the data here or some EJB-QL to be 'hooked' into the overall query.
This could also be applied to the @Entity statement, this might even be a better overall solution.
Maybe I'm just to far out here, or this might not be a real issue to anyone but me ...
Thanks,
/Magnus