jpa - Hide / remap field values in Hibernate entity based on user permissions -

-

in spring 2.6 / jpa 1 / hibernate 3.3 application need "hide" entity field data based on current user's permissions.

e.g. on entity "document" there's field "title" maps title column in doc table. depending on user's permission title should either read "confidential" if he/she not allowed read title or should contain correct value fetched database. same applies lot of other properties.

the problem cannot apply presentation model or filtering in ui. because entity objects passed layer takes care of post-processing , displaying data in ui , real data (i.e. real value of "title") should not passed layer in terms of being publicly accessible. entity object should "sealed" without real value being accessible through api - entity may store it's state internally of course.

a naive approach fetch list of document objects, iterate on , set title "confidential" if user not allowed. of course, change entity when gets send persistence layer, on merge value of title ("confidential") written database - should not happen @ case of course.

so either, i'll have write custom insert/update statements these entities (lots of work) , / or write custom loader logic exchanges data in entity - again don't know how store , track original state of entity when comes merging. also, fail when using jpql/hql , not em methods loading.

so, questions are:

  • what options have "remap" value in entity based on current user while not breaking update / merge mechanism?
  • could interceptors (either hibernate or spring / aop style) out here? again: how handle merge?

thanks, dwight

one option springs mind write spring aspect apply across appropriate layer of app (service layer?) switch values out entities cross layer boundary. on way out, change value "my secret value" "confidential", , remember old value , entity came from. then, if/when entity passed in, set "my secret value" place. on side of boundary, entities have proper values, secret values never leave boundary , can never compromised.


Comments

Post a Comment

Popular posts from this blog

linux - Using a Cron Job to check if my mod_wsgi / apache server is running and restart -

-
my group , running server based upon django , uses mod_wsgi run apache server. not working on project after over, attempting set cronjob similar functionality check if apache server has shut down(system restart or power failure), , if has, restart server me. i've found documentation on how check if apache server down , restart server if is, our server uses https , our start command pretty verbose. can use functionality provided in these examples: https://askubuntu.com/questions/277389/cron-job-to-restart-apache https://www.digitalocean.com/community/tutorials/how-to-use-a-simple-bash-script-to-restart-server-programs or need more complicated process make happen? the command use start server is python manage.py runmodwsgi --host 0.0.0.0 --port 8001 --https-port 8000 --ssl-certificate (certificate location) --server-name (domain name) i'm pretty new linux , using both mod-wsgi apache appreciated. you better off using --setup-only option mod_wsgi-expres
Read more

actionscript 3 - TweenLite does not work with object -

-
i got following problem: i have object called tempscore game. this object blitted canvas renderer via copypixels method. object not display object. it's score-object (self made). score-object extends object called basicblitarrayobject. basicblitarrayobject extends eventdispatcher (therefore no display object). i tried apply several different tweenlite-plugins tempscore-object (i.e. transformaroundcenter, colormatrixfilter, etc.). nothing happens. absolutely nothing. sometimes error messages (when plugin requires display object , object not display object). far good. according greensock (maker of tweenlite) engine can tween numeric property of object. when plugin transformaroundcenter requires display object tweening have modify plugin working non-display object (tempscore). can't because it's way hard me. my game rests upon code: http://www.8bitrocket.com/book/ch11_blastermines.zip try apply tweenlite object called tempmine inside game class blastermines.
Read more

jQuery Ajax Render Fragments OR Whole Page -

-
i'm in throes of building application wraps mess of legacy code. page working on, need substitute fragment divs constructed on back-end -- or else need replace entire page altogether. idea there dynamically controlled flow needs satisfied before can forward legacy product. substituting fragments works fine, seen in below my_body_content swap. trouble comes when i'm trying render not fragment, whole page, in "body" swap. @ point page goes blank. i want similar errors returned server. want nice rest 404 error messages displayed on screen, legacy-product 404s show in legacy-product 404 page. yes, requirements project weird. that's not problem can fix. here's jquery invocation, names changed protect guilty: $.ajax({ url: "places/things", type: "post", data: json.stringify(somebadassobject), datatype: "text", accepts: "text/html", contenttype: "application/json; charset=
Read more