-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

All times are UTC - 5 hours [ DST ]



Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
 Post subject: Custom/Tagged merge ?
PostPosted: Mon Sep 25, 2006 4:49 am 
Newbie

Joined: Wed Oct 29, 2003 7:16 am
Posts: 6
Hi,

Is there any way to annotate specific entity properties with tag(s) such as

@merge("fromClient")
public String getMessage(){ return message; }

and then perform a em.customMerge(obj,"fromClient");
that will only merge the fields annotated with that particular tag.

This allow us to pass entities from the client to the db, without having a create DTO's or custom insert code.
There is nearly always different set of fields that need to be updated depending on where the data is coming from, for example you probably don't want the client to be able to update his balance directly.

Is there something like this in the EJB3 spec ?

regards

James


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 28, 2006 10:56 am 
Hibernate Team
Hibernate Team

Joined: Sun Sep 14, 2003 3:54 am
Posts: 7256
Location: Paris, France
no
And I think it would be dangerous.
Your client must know that you denied his banlance change, you should not silently ignore.
Plus you must differenciate the client application from the actual client. The client application is usually a peice of cod written by your team or the team enxt to you. Those guys are not the bad guys ;)

_________________
Emmanuel


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 28, 2006 4:01 pm 
Newbie

Joined: Wed Oct 29, 2003 7:16 am
Posts: 6
@Entity
class AccountHolder{

@Id
long id;

String name;

long balance;

@CustomMerge(tag={"accountManager"})
String notes;

@CustomMerge(tag={"accountHolder", "accountManager"})
String address;

@CustomMerge(tag={"accountHolder", "accountManager"})
String phoneNumber;

}


The particular scenario I had in mind was a Swing client talking to a server. The server sends an AccountHolder object to the client, for them to see an overview of their account details. The GUI only lets them update their address & phone number. But the nature of client server computing means a malicious user could fairly easily adjust the balance also. Because of this when we recieve the updated object we only want to commit the address and phoneNumber fields, to do that we need to write a custom update which means more code and is less maintainable.

I suppose in some ways it would be like the @RolesAllowed of session beans.

In the example above we'd also need to manually check the id of the returned AccountHolder object corresponds to the user connection we've recieved it from.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC - 5 hours [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.