[hibernate-dev] Authorization to limit Data access
Sanne Grinovero
sanne.grinovero at gmail.com
Tue Dec 28 13:11:19 EST 2010
Hello,
please direct this type of questions to the forum:
https://forum.hibernate.org/viewforum.php?f=1
This mailing list is for developing Hibernate.
To answer your question - I shouldn't so I'll be very short - have a
look into "filters" on the reference documentation.
http://docs.jboss.org/hibernate/core/3.6/reference/en-US/html_single/#objectstate-filters
Sanne
2010/12/28 Amol Ghotankar <ghotankarua50 at gmail.com>:
> Hello,
>
> I am working on a web application which using Struts2, Spring & Hibernate.
>
> I am working on authorization which I think is necessary corss cutting
> feature of any application and needs to developed & kept very much isolated
> from the business logic.
>
> I am elaborating my requirement in detail as follows,
>
> Assume a simple action which is authorized to be called by sales dept people
> only. i.e showSales.action
>
> When a user from purchase dept tries to call this action then, an
> interceptors will check whether the user in role has the authorization to
> access or not and deny access to purchase dept user to access this action
> this is simple.
>
> I have implemented this using before advice of Spring AOP rather than
> interceptor. I hope i am not wrong?
>
> But the bigger problem is
>
> By how much, I mean for eg. if an *sales execute *logs in and clicks
> showSales.action then he must be get view of his own sales list, but
> when *sales
> manager* logs in and calls same action i.e showSales.action then he must get
> more* bigger n wider list, which can be union of data from all sales
> executives.
>
> Here authorization of some kind must be implemented which intercepts DAO's
> and automatically sets the "where clause" in the sql query.
>
> *I tried before advice of spring for DAO's also but problem is if where
> clause is set somewhere within business logic then double where clause is
> set which gives error and because I am using hibernate criteria's to set
> restrictions on queries I have noticed this hibernate critera's are
> immutable* (Is there anyway to change them?)
> *
>
> what should be the best way to solve this problem. Any Design Pattern
> or s*omething
> in hibernate that can help me here* or something other advice for it?
>
>
> --
>
>
> With Best Regards,
>
> Amol Ghotankar
> Cursive Technologies Pvt. Ltd.
> www.cursivetech.com
> _______________________________________________
> hibernate-dev mailing list
> hibernate-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hibernate-dev
>
More information about the hibernate-dev
mailing list