Dears,

I'm trying to implement a security policies database, and I'm going to face a couple of problems in describing my hibernate mappings:

1) in my ideal db structure, I have a table, ManagedObjects, mapped to the Managed class which should contain the unique id of all the managed objects and from which, through a series of <joined-subclass> entries, I would like to obtain instances of the 'real objects'. The problem is that a class of objects (AuthUser, AuthGroup and AuthDomain), which should be mapped to the contents of their own tables (users, groups and domains) also act as authenticative principals, which is something I use in the definition of the ManagedObjects table and, of course, in the ACLs associated to any ManagedObjects row. I would like to define a <subclass> or <joined-subclass> entry in the Managed class definition, say AuthPrincipal, such that has no properties and even doesn't have an associated table: AuthUser, AuthGroup and AuthDomain should only be extensions (or implementations) of AuthPrincipal. The problem is that I don't see how to establish this kind of inheritance in such a way not to disrupt the polymorphic tree, ie., AuthUser extends/implements AuthPrincipal extends Managed, nor to have to create a table (principals) containing only primary key based on the foreign key ManagedObjects.id;

2) In AuthDomain I need to create parent<->child relationships and enforce the uniqueness of the couple of properties (idParent, name). This is to avoid the definition of two domain components with the same name at the same level;

3) I have to put constraints to domains.name such that only a lower-case name can be entered;

3) Are these things which can/must be described in the hibernate mappings or may/shall use my favorite db's (PostgreSQL) sql language to do it by hand?

I'm an absolute beginner on the hibernate stuff, so don't blame me too much... :)

Regards,

Giampaolo

PS: I attach my (incomplete) mappings as a reference

<class name="it.edlui.ems.Managed"
table="ManagedObjects"
schema="acl"
polymorphism="implicit"
>
<id name="id" type="integer" length="4" unsaved-value="null">
<generator class="sequence">
<param name="sequence">ManagedObjects_id_seq</param>
<param name="schema">acl</param>
</generator>
</id>

<property name="descr"
access="field"
type="text"
/>

<many-to-one name="owner"
class="it.edlui.ems.auth.AuthPrincipal"
access="field"
column="idOwner"
cascade="none"
not-null="false"
/>

<property name="inheritsACLs"
type="boolean"
access="field"
column="inheritsAcl"
not-null="true"
/>

<property name="tmCreated"
type="timestamp"
access="field"
not-null="true"
/>

<property name="tmModified"
type="timestamp"
access="field"
not-null="true"
/>

<joined-subclass name="it.edlui.ems.auth.AuthPrincipal"
table="principals"
schema="auth"
>
<key column="id" />

<joined-subclass name="it.edlui.ems.auth.AuthGroup"
table="groups"
schema="auth"
>
<key column="id" />

<property name="name"
access="field"
type="string" length="32"
not-null="true"
unique="true"
/>
</joined-subclass>

<joined-subclass name="it.edlui.ems.auth.AuthUser"
table="users"
schema="auth"
>
<key column="id" />

<property name="name"
access="field"
type="string" length="32"
not-null="true"
unique="true"
/>

<property name="isEnabled"
access="field"
type="boolean"
not-null="true"
/>

<property name="tmLastLogon"
type="timestamp"
access="field"
not-null="false"
/>
</joined-subclass>

<joined-subclass name="it.edlui.ems.auth.AuthDomain"
table="domains"
schema="auth"
>
<key column="id" />

<many-to-one name="parent"
access="field"
class="it.edlui.ems.auth.AuthDomain"
column="idParent"
not-null="false"
cascade="all"
foreign-key="id"
/>

<property name="name"
access="field"
type="string" length="32"
not-null="true"
/>

<property name="tmLastLogon"
type="timestamp"
access="field"
not-null="false"
/>

<set name="children"
access="field"
inverse="true"
cascade="all-delete-orphan"
>
<key column="idParent" foreign-key="id" />
<one-to-many class="it.edlui.ems.auth.AuthDomain" />
</set>
</joined-subclass>
</joined-subclass>
</class>