an object are RPC serialized at the server. For example, say we have a
POJO and an server side access control filter that only grants access
to certain fileds of the object. Resolving the access rights of the
request may require us to hide certain fields' values from the
response differently for different requests. One may suggest to simply
set the fileds that are not accessible to null before returning the
object, but this wil pose issue with persistant, cached or immutable
POJOs. Further, a feature such as lazy-loading in hibernate becomes
difficult to manage without the using DTO. Using DTO or cloning an
object is possible but inefficient in the programming model.
Is there a way that at runtime, one can set a serialization filter
such that any fileds that are defined in the filter will not be
accessed during serialization (and hence will not trigger a lazy load)
on the server an instead will be serialized as nulls?
The particular flow is something like:
RPC client request -> deserialize on server -> request access control
logic -> request data filter -> app logic -> response access control
logic -> response data filter -> serialize response
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment