I would like also to get some feedback about controlling access to data in a standard JDO:
- Users should be able to specify fine grained access control to persistent objects. - JDO implementations raise exceptions if the authenticated user does not fit into the role specified in the metadata e.g. <jdo> <package> <class name=Person> <security principal=adminuser/> </class> </package> </jdo> Or <jdo> <package> <class name=Person> <field name=controlCode> <security principal=superuser/> </field> </class> </package> </jdo> The user code: Person.getControlCode(); //If the principal is not valid, a JDOSecurityException is raised. A JDOQL: SELECT controlCode FROM Person //If the principal is not valid when evaluating the query (not when compiling), a JDOSecurityException is raised.
