0 Replies Latest reply on Aug 22, 2005 12:09 PM by Bieth Bruno

    Adding child to parent with remote client and security restr

    Bieth Bruno Newbie

      Hi,

      There is two class, parent and child, so we could call them

      @Entity
      class Child implements Serializable {
       ...
       @ManyToOne
       public void setParent( Parent parent ) {
       this.parent = parent;
       }
      }


      and

      @Entity
      class Parent implements Serializable {
       ...
       @OneToMany
       public List<Child> getChildren() {
       return children;
       }
      
       public Child addChild( String name ) {
       if (children == null)
       children = new ArrayList<Child>();
      
       Child child = new Child( name );
       child.setParent( this );
       children.add( child );
      
       return child;
       }
      }


      I'm running this example with a remote client, that's why these class are Serializable.

      Now we can imagine two kind of user : the first one can do everything, the "admin". The other one isn't allowed to create parent, but can create children, we call him "regular".

      How can I implement this security restriction with stateless bean ?
      I tried this :
      @Stateless
      @SecurityDomain( "mySecurityDomain" )
      class ParentManagerBean implements ParentManager {
       ...
       @RolesAllowed( "admin" )
       public Parent addParent( String name ) {
       Parent parent = new Parent( name );
       manager.persist( parent ); // manager = EntityManager ...
       return parent;
       }
      
       @RolesAllowed( "admin" )
       public void updateParent( Parent parent ) {
       manager.merge( parent );
       }
      }

      and the childmanager :
      @Stateless
      @SecurityDomain( ... )
      class ChildManagerBean implements ChildManager {
       ...
       @RolesAllowed( { "admin", "regular" } )
       public Child addChild( String name, Parent parent ) {
       Child child = parent.addChild( name );
       manager.persist( child );
       return child;
       }
      }
      


      Problem :
      * My remote client call this method with a detached parent (serialized). The child is persisted but my client's parent instance doesn't have this child in his List. I need to add it manually in my client code. In fact it would be great if I could return both the child and the parent instance (updated).

      Any idea ?

      Bruno