I would like also to get some feedback about controlling access to data in a
standard JDO:
- Users should be able to specify fine grained access control to persistent
objects.
- JDO implementations raise exceptions if the authenticated user does not fit
into the role specified in the metadata
e.g.
<jdo>
<package>
<class name=Person>
<security principal=adminuser/>
</class>
</package>
</jdo>
Or
<jdo>
<package>
<class name=Person>
<field name=controlCode>
<security principal=superuser/>
</field>
</class>
</package>
</jdo>
The user code:
Person.getControlCode(); //If the principal is not valid, a JDOSecurityException
is raised.
A JDOQL:
SELECT controlCode FROM Person //If the principal is not valid when evaluating
the query (not when compiling), a JDOSecurityException is raised.
|