Constrain object graph that is returned from remoting requests -------------------------------------------------------------- Key: JBSEAM-263 URL: http://jira.jboss.com/jira/browse/JBSEAM-263 Project: JBoss Seam Issue Type: Feature Request Components: Remoting Affects Versions: 1.0 Reporter: Shane Bryzak Priority: Minor Fix For: 1.1 Original Estimate: 1 day Remaining Estimate: 1 day Introduce a method for constraining the object graph that is returned from a remote request. Currently the remoting API recursively walks the object graph of the return value and packages up everything that is referenced either directly or indirectly by the result. This is potentially a bad thing as it is quite possible to unintentionally return a mountain of unwanted data. This issue can be addressed by annotating the @WebRemote methods with an additional annotation, @Constrain and including a list of "trim-points", paths within the object graph that should be excluded from the result. For example, a remotable method returns a Customer entity, which contains references to a Rep/Staff entity: Customer id firstName lastName rep -> Staff firstName lastName userName password In this example it is undesirable to return the Staff instance, as it contains sensitive information (their password). To prevent this, the method would be annotated like so: @WebMethod @Constrain("rep") public Customer getCustomer(int customerId) { ... } The @Constrain annotation would accept a String array parameter, which allows multiple trim-points to be specified. Dot notation would be used to exclude fields further down the object tree, e.g. @Constrain({"rep.username", "rep.password"}) would include the Customer's rep field, but exclude the rep's username and password field from the result.