I think I know what I should do.
1. Go ahead and use a filter if I want to, for my convenience, but not as a
security mechanism.
2. Put a @Restrict annotation on the entities, and then use JBoss Rules to
restrict various operations by roles, etc. So I could say, a sysadmin can look
at any
maybe this helps:
http://www.jboss.com/index.html?module=bbop=viewtopict=127041
[/url]
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4122575#4122575
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4122575
Thanks for the reference on that. In this case, I won't use filters. Instead,
on my session beans, I'll modify the query: if the user doesn't have sysadmin
role, then add the domain = ... to every query.
Btw I really hope that a future release of EJB spec adds something like the
Hibernate
EricJava wrote :
| Btw I really hope that a future release of EJB spec adds something like the
Hibernate Criteria stuff. This thing of putting together EJB-QL strings is a
lot nicer than putting together SQL string, but it's still not object-oriented
and Criteria queries are a lot more
nickarls wrote : There is hope: http://jcp.org/en/jsr/detail?id=317
That would be really nice. I can't wait. Criteria type queries and
collections of embedded objects are the two things I want most. Why can't my
entities have a boring old Set in them? Let's hope this comes out soon!
View