[jboss-user] [JBoss Seam] - Tricky Q on Hibernate filters and roles

EricJava do-not-reply at jboss.com
Wed Jan 23 05:53:11 EST 2008


Here's the situation:

I'm creating a site where users can collaborate to work on data as a group.  I'm calling a set of data for a set of users a "domain".  Every user is a member of exactly one domain, and of course users can only access data within their own domain.

On top of this, there are system administration level users who can look at any data.

This sounds like a great case for using Hibernate style filters.  Every object in the system is associated with a domain, so I can put in a filter that has key of "domain" and value of "#{currentUser.domain}".  This will restrict users to viewing only their objects, and then I don't have to worry about it.

The difficulty is that I want that filter to be turned off for the sysadmin type users.  I'd like to have session beans that use a filtered EntityManager when the user is a "normal" user, but use the unfiltered EntityManager when the user s:hasRole('sysadmin').

Is it possible to do this?  Or is this even the right thing to do?  I've never used Hibernate filters before (or at least, not in a Seam / EJB3 application).

Thanks


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4122561#4122561

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4122561



More information about the jboss-user mailing list