[hibernate-dev] Using hibernate with UDFs

Max Rydahl Andersen max.andersen at redhat.com
Wed Dec 19 12:45:05 EST 2007


> richard at bowmansystems.com wrote:
>> Most modern databases support user defined functions that return tables.  We use them with both MS-SQL Server and Postgres to implement a rather complex/convoluted security scheme in the database.  Thus instead of doing this:
>>
>> SELECT * FROM clients
>>
>> we do this:
>>
>> SELECT * FROM secure_clients( <user_id> )

the problem for this is that this means you have to generate *all* sql dynamically and programmatically; you can't pregenerate it and i'm not sure if hibernate's core is open enough for that (yet).

I'm still curious if using secure_clients('max') as the table name directly actually works for you (then you could *in theory* have a SF per user ;)

/max

>> Where <user_id> would be the ID of the user who is querying the client table.  The "user" is not a database user but rather an application user, who in turn has a record in the users table.  Based on the contents of the user table and various security tables we can determine what "clients" the user can "see" and only return those.  This allows the application programmer to ignore the implementation of SELECT security and allows other apps that may touch the same database such as import/export utilities and business intelligence tools to all use the same security logic.
>>
>> The fun part with hibernate will be the parameters to the UDFs.  They will need to be session specific.  My initial though was to add some mechanism to allow properties to be assigned to the session, IE:
>>
>> session.setProperty("user_id", "1");
>>
>> Then in the mapping:
>> <class table="secure_clients(#user_id#)" name="...">
>>
>> Then when hibernate pulls from secure_clients it could do a simple string replace based on the session properties.
>>
>>
>> ----- Original Message -----
>> From: "Max Rydahl Andersen" <max.andersen at redhat.com>
>> To: richard at bowmansystems.com, hibernate-dev at lists.jboss.org
>> Sent: Tuesday, December 18, 2007 11:11:41 AM (GMT-0500) America/New_York
>> Subject: Re: [hibernate-dev] Using hibernate with UDFs
>>
>> haven't heard about anyone working on this.
>>
>> With UDF I guess you mean user defined functions and on SQL Server or ?
>>
>> Have you tried just using the UDF as table name directly ?
>>
>> /max
>>
>>
>>> I asked in the forums a while back about using Hibernate to tie back to
>>> set-returning UDFs instead of a table or a view.
>>>
>>> http://forum.hibernate.org/viewtopic.php?t=980650&highlight=
>>>
>>> I have looked at Hibernate alternatives solutions and they all come up
>>> short in some way.  I'm interested in hacking Hibernate to add support
>>> for tying back to UDFs at this point.  I was just curious if this was
>>> something anyone else had looked at in the past, was on someone's TODO
>>> list, was something there are strong feelings about, etc before I got
>>> started.
>>>
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> hibernate-dev mailing list
>>> hibernate-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/hibernate-dev
>>>
>>
>>
>>
>>
> 



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/




More information about the hibernate-dev mailing list