Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipselink-users] jpasecurity project? 
>> (For completeness, Hibernate filters are the granddaddy for this sort of
thing, and it looks like EclipseLink sort of followed their lead.)

Note that although EclipseLink's annotation for @AdditionalCriteria is new,
this annotation is only setting the previous existing functionality on the
descriptor's additionalJoinExpression, which has been in TopLink since
before Hibernate even existed.  So, I'm not sure you can dismiss it as just
following Hibernate's lead...

I am not aware of any plans for row based security in the JPA specification.


ljnelson wrote:
> 
> On Wed, Nov 16, 2011 at 1:45 PM, James Sutherland
> <jamesssss@xxxxxxxxx>wrote:
> 
>> EclipseLink has support for appending additional criteria to queries.
>>
> 
> And is that facility on the standards track, do you know?
> 
> It concerns me that I have to explicitly set properties here to fill JPQL
> slots; in the jpasecurity case I can set all that up as a kind of aspect
> (i.e. I can say "the current principal", instead of having to ensure that
> the current principal is set as a property on the EM.  It's kind of like
> augmenting @AdditionalCriteria with ${expressionLanguage} ${constructs}).
> 
> I assume I can also set some sort of filtering on, say, one-to-many
> relationships so that even when I haven't explicitly issued a JPQL query I
> still see only the items I'm supposed to?
> 
> My goal here is not to say "how come you don't do it like X", but to see
> if
> there's a plan for row-level security *in the JPA specification* going
> forwards that does not force me to retrofit the business logic of an
> existing application (making explicit setProperty calls on my entity
> manager, when I don't know what the security rules might be, seems to me
> difficult if not impossible--which properties will I need to set?).
> jpasecurity is the closest thing I've seen to this approach.
> 
> (For completeness, Hibernate filters are the granddaddy for this sort of
> thing, and it looks like EclipseLink sort of followed their lead.)
> 
> Thanks for your reply and for any further information you have on all
> this.
> 
> Best,
> Laird
> 
> -- 
> http://about.me/lairdnelson
> 
> 
> 


-----
http://wiki.eclipse.org/User:James.sutherland.oracle.com James Sutherland 
http://www.eclipse.org/eclipselink/
 EclipseLink ,  http://www.oracle.com/technology/products/ias/toplink/
TopLink 
Wiki:  http://wiki.eclipse.org/EclipseLink EclipseLink , 
http://wiki.oracle.com/page/TopLink TopLink 
Forums:  http://forums.oracle.com/forums/forum.jspa?forumID=48 TopLink , 
http://www.nabble.com/EclipseLink-f26430.html EclipseLink 
Book:  http://en.wikibooks.org/wiki/Java_Persistence Java Persistence 
Blog:  http://java-persistence-performance.blogspot.com/ Java Persistence
Performance 
-- 
View this message in context: http://old.nabble.com/jpasecurity-project--tp32842844p32874093.html
Sent from the EclipseLink - Users mailing list archive at Nabble.com.

Back to the top