Thanks for all the tips.
I'm actually creating a generic way to view and edit Cayenne instances for development purposes so I'm not too worried about security issues. But thanks for the security concerns because I need to keep those in mind for real development. I'm trying to avoid the complexity of hanging onto result sets in my session since Cayenne has such a nice caching mechanism.
BTW, Someone else must have written some JSP or Velocity pages to view, add, and edit Cayenne DOs. Cayenne's rich metadata is perfect for the job. It would be nice if I didn't have to reinvent the wheel, but I am rather enjoying it.
Thanks!
Jonathan
>>> "Gentry, Michael" <michael_gentr..anniemae.com> 2004-07-15 4:24:12 PM >>>
I have to agree with Andrus that having PK values appear in the URL
isn't always a good idea. It might be OK if it is a simply pulls a page
out of the DB to be displayed to the user and if someone fudges a
"random" number in for the PK, they just get an error page. Anything
more complex just opens way too many doors. Even if I had a handy
utility method to fetch an object by the PK, I'm not sure I'd ever
expose that to the users. You have to decide what is appropriate for
your situation, though.
Good luck,
/dev/mrg
-----Original Message-----
From: Andrus Adamchik [mailto:andru..bjectstyle.org]
Sent: Thursday, July 15, 2004 4:53 PM
To: cayenne-use..bjectstyle.org
Subject: Re: Simple retrieval of an object by PK
On Jul 15, 2004, at 4:17 PM, Jonathan Carlson wrote:
> I gravitate towards powerful tools that make simple things simple and
> hard things possible. I know that Cayenne is in this category of
> tools, but I don't see any way to simply and quickly retrieve an
> instance by it's primary key -- something that should be very easy and
> concise.
>
> For example, when doing web apps this seems like a common use case:
...
In JSP and Struts it is, but not in Tapestry and WebObjects. I
personally can't remember if I ever used bare PK values in URLs, as I
rarely needed to build a URL manually, and also I consider it a
security risk. So I guess none of the developers cared to make this a
one liner.
Still lots of people use it (and actually asked about it on this list,
but no one ever opened a feature request). And we should probably add
such utility method, as there is lots of popular demand, but you can
easily create one yourself (write 6 lines of code once and use it
everywhere ;-)).
The archives should contain various implementations that others have
come up with. Here is yet another one. It is generic and works for any
DataObject type, so there is a little more work inside the method...
Also you can easily create a similar but simpler static method inside a
custom class generation template, so that it is included in each
_MyPersistentClass.java:
public DataObject objectForId(DataContext context, Class objectClass,
int id) {
DbEntity entity =
context.getEntityResolver().lookupDbEntity(objectClass);
DbAttribute pk = (DbAttribute) entity.getPrimaryKey().get(0);
SelectQuery q = QueryUtils.selectObjectForId(new
ObjectId(objectClass, pk.getName(), id));
List objects = context.performQuery(q);
if(objects.size() == 1) {
return (DataObject) object.get(0);
}
throw RuntimeException("Something terrible has happened.");
}
Cheers,
Andrus
*********************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
Katun Corporation -- Celebrating 25 Years of Service
www.katun.com
*********************************************************************************
This archive was generated by hypermail 2.0.0 : Thu Jul 15 2004 - 17:38:32 EDT