5 Replies Latest reply on Jul 8, 2007 11:01 AM by Martijn Reuvers

    Prevent binding of attributes during update phase

    Martijn Reuvers Newbie


      I have the following question if it is possible to prevent binding of some attributes when using the @In annotation.

      For instance if you have an entity bean say 'Example' with two attributes, an id (primary key) and a description.

      In a stateful session bean:

      private Example example;

      Let's say someone will update this entity in a form, normally you would only allow the description to be updated (as the PK should never change). With some spoofing however its fairly easy to also submit the primary key along with an incorrect value (which may cause serious security issues).

      My question is, is there a way to prevent certain attributes (such as primary keys or others) never to be updated when the update is done on the 'Example' instance. So basically I am looking for a way to always prevent updating some attributes (even if spoofed in a submit).

      Thanks a lot!

      Regards Martijn