-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
Kimppa
 Post subject: Query rewrite problem
PostPosted: Wed Oct 01, 2008 3:08 am 
Newbie

Joined: Wed Oct 01, 2008 2:19 am
Posts: 2
Hi

We're building an application where all database requests go through a facade so that the actual hibernate session is hidden from the developer. For example, the developer could call a listObject() method which takes as input two parameters, the class of the returned objects and a list of filters (our own class). With this information we can build the HQL query and return the correct information. Our application has a CRUD type access control, so of course, when the user calls the listObject() method, it should only return object which the current user has the READ access to. Of course, we want to inject the access control statements directly to the query (no point in first retrieving all object instances and THEN checking the access rights, that would be way too slow). In our listObject() method this is easy, as we take as input a list of filters - we just add another filter with our access rights check.

Now the real problem is that our facade must support arbitrary HQL queries. The query rewriting is no longer a trivial matter. First of all, as you know, there are many ways to form a query so parsing the query isn't that easy. What makes my problem even harder, is that I have no information of the return type of the objects we're trying to fetch, I only get a string representation of a query (oh, actually, I cannot even be sure if it's a select query!).

Anyway, instead of trying to parse the arbitrary HQL query myself, I would like hibernate to do it for me, after all, it has to parse the query anyway. My question is, can I hibernate to parse the query WITHOUT executing the query and after the parsing modify the query (in other words, add another conditional statement to the where-clause) and THEN execute the query?

What makes the problem even harder, is that not all database entities are access controlled. All entities extend a class called "AbstractPojo" and those entities which should be access controlled extend the class "AccessControlledAbstractPojo". So, with the arbitrary HQL query, I would first need to parse it, then check if it is an update/delete/select query, then get the return type (or if the query is delete/update, what class type we're trying to modify) to check if it is access controlled and if it is, then inject my access check to the query.

Any help is appreciated.

Thanks in advance
- Kimppa
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.