[jboss-jira] [JBoss JIRA] Closed: (JBSEAM-263) Constrain object graph that is returned from remoting requests

Gavin King (JIRA) jira-events at jboss.com
Wed Jul 12 15:11:16 EDT 2006 

     [ http://jira.jboss.com/jira/browse/JBSEAM-263?page=all ]

Gavin King closed JBSEAM-263.
-----------------------------

    Fix Version/s: 1.1
       Resolution: Done

Done by shane

> Constrain object graph that is returned from remoting requests
> --------------------------------------------------------------
>
>                 Key: JBSEAM-263
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-263
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Remoting
>    Affects Versions: 1.0
>            Reporter: Shane Bryzak
>            Priority: Minor
>             Fix For: 1.1
>
>   Original Estimate: 1 day
>  Remaining Estimate: 1 day
>
> Introduce a method for constraining the object graph that is returned from a remote request.  Currently the remoting API recursively walks the object graph of the return value and packages up everything that is referenced either directly or indirectly by the result.  This is potentially a bad thing as it is quite possible to unintentionally return a mountain of unwanted data.
> This issue can be addressed by annotating the @WebRemote methods with an additional annotation, @Constrain and including a list of "trim-points", paths within the object graph that should be excluded from the result.
> For example, a remotable method returns a Customer entity, which contains references to a Rep/Staff entity:
> Customer
>   id
>   firstName
>   lastName
>   rep
>     -> Staff
>            firstName
>            lastName
>            userName
>            password
> In this example it is undesirable to return the Staff instance, as it contains sensitive information (their password).  To prevent this, the method would be annotated like so:
> @WebMethod
> @Constrain("rep")
> public Customer getCustomer(int customerId) {
>   ...
> }
> The @Constrain annotation would accept a String array parameter, which allows multiple trim-points to be specified.  Dot notation would be used to exclude fields further down the object tree, e.g. @Constrain({"rep.username", "rep.password"}) would include the Customer's rep field, but exclude the rep's username and password field from the result.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list