Hi:

I've been looking for methods for cancelling or stopping an entity from being loaded. The Interceptor OnLoad lets us change state but obviously wasn't intended to have enough influence to stop load operation. LifeCycle.OnLoad is similar - neither give us the ability to short-circuit the load process.

What I'm trying to do is stop the load operation if a user doesn't have appropriate permissions to see a entity based on a security check. In my current implementation I do the security check in the OnLoad method, flip a bit in each entity indicating whether access should be granted and then remove entities later, if necessary, outside the interceptor. That seems a bit too heavy-handed.

Searching this forum, I've seen similar posts asking about cancelling the delete process (http://forum.hibernate.org/viewtopic.php?t=983056) and that type of solution may work, but I'm wondering if I'm generally thinking about the the right way or not.

Any thoughts or comments on what may be the best approach to solving this? Thanks.

It depends on how complex your security check is. We're using filters for object based security. We use a bit mask for storing owner information and store it as a binary value to the database. In the database we have a function, which evaluates the ownership given a mask with the current client(s).

Filter Definition:



Filter Usage:



readaccess is another column for defining general read access for public or owner.

Not a direct answer to your question, but maybe another approach for your problem.

You could implement IInterceptor.Instantiate and throw an exception if the entity is not accessible due to security considerations. If you don't have an existing implementation of IInterceptor.Instantiate, you can just return null if there are no security restrictions, and NHibernate will do its default instantiation.

However, throwing an exception at that point would cause an entire call to IQuery.List() to fail, which might not be what you want. When a query is executed, if you want the entities that the user has security clearance for returned, but the ones that they don't have security clearance for blocked in some way, you could implement the Null Object pattern or some similar restricted instance of the entity where restricted properties return useless values. That could mess up validation logic in your business logic layer though, unless it knows enough to detect and ignore restricted instances.