[jboss-user] [JBoss Seam] - Prevent binding of attributes during update phase
mreuvers
do-not-reply at jboss.com
Sat Jul 7 07:19:49 EDT 2007
Hi,
I have the following question if it is possible to prevent binding of some attributes when using the @In annotation.
For instance if you have an entity bean say 'Example' with two attributes, an id (primary key) and a description.
In a stateful session bean:
| @In
| private Example example;
|
Let's say someone will update this entity in a form, normally you would only allow the description to be updated (as the PK should never change). With some spoofing however its fairly easy to also submit the primary key along with an incorrect value (which may cause serious security issues).
My question is, is there a way to prevent certain attributes (such as primary keys or others) never to be updated when the update is done on the 'Example' instance. So basically I am looking for a way to always prevent updating some attributes (even if spoofed in a submit).
Thanks a lot!
Regards Martijn
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4061581#4061581
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4061581
More information about the jboss-user
mailing list