docs/1.2/dataobjectutils.html - cayenne-website - Git at Google

 Title: DataObjectUtils


 <P>DataObjectUtils class provides an important and easy to use facility to obtain a primary key value from a DataObject and to locate a DataObject in the database for a known primary key. Both operations work in a generic fashion and do not require primary key to be an object property.</P>
 <DIV class="panelMacro"><TABLE class="warningMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="http://cayenne.apache.org/docs/1.2/images/icons/emoticons/forbidden.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD><B>Security Warning</B><BR>DataObjectUtils make it very easy to use a primary key value as a universal &quot;code&quot; for an object in web forms and URLs. This opens a potential security hole in the interface. If application code is not careful enough, a malicious user can gain access to the information she is not allowed to see (e.g. other people's accounts) simply by trying a series of sequential numbers. So for example it is probably ok to use product PK to build a bookmarkable link to a catalog product, but it may not be appropriate to do that for a private user profile record.</TD></TR></TABLE></DIV>
 <P>DataObjectUtils API is really straightforward and self-explanatory. It supports the most common case of a single column integer primary key, but also a more generic case of an arbitrary PK (that can also be compound, i.e. consist of more than one column). Here is an example:</P>

 <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
 <PRE class="code-java"><SPAN class="code-comment">// obtain PK to build a bookmarkable artist page URL
 </SPAN>Artist artist = ...;
 <SPAN class="code-object">int</SPAN> artistID = DataObjectUtils.intPKForObject(artist);
 <SPAN class="code-object">String</SPAN> artistURL = <SPAN class="code-quote">&quot;http:<SPAN class="code-comment">//www.example.org/catalogapp/artists?a=&quot;</SPAN> + artistID;</SPAN>
 </PRE>
 </DIV></DIV>

 <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
 <PRE class="code-java"><SPAN class="code-comment">// find an artist from URL parameters
 </SPAN>HttpServletRequest request = ...;
 DataContext context = ...;
 <SPAN class="code-object">String</SPAN> idString = request.getParameter(<SPAN class="code-quote">&quot;a&quot;</SPAN>);

 <SPAN class="code-keyword">if</SPAN>(idString != <SPAN class="code-keyword">null</SPAN>) {
   Artist artist = DataObjectUtils.objectForPK(context, Artist.class, <SPAN class="code-object">Integer</SPAN>.parseInt(idString));
 }
 </PRE>
 </DIV></DIV>
	Title: DataObjectUtils



	<P>DataObjectUtils class provides an important and easy to use facility to obtain a primary key value from a DataObject and to locate a DataObject in the database for a known primary key. Both operations work in a generic fashion and do not require primary key to be an object property.</P>
	<DIV class="panelMacro"><TABLE class="warningMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="http://cayenne.apache.org/docs/1.2/images/icons/emoticons/forbidden.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD><B>Security Warning</B><BR>DataObjectUtils make it very easy to use a primary key value as a universal "code" for an object in web forms and URLs. This opens a potential security hole in the interface. If application code is not careful enough, a malicious user can gain access to the information she is not allowed to see (e.g. other people's accounts) simply by trying a series of sequential numbers. So for example it is probably ok to use product PK to build a bookmarkable link to a catalog product, but it may not be appropriate to do that for a private user profile record.</TD></TR></TABLE></DIV>
	<P>DataObjectUtils API is really straightforward and self-explanatory. It supports the most common case of a single column integer primary key, but also a more generic case of an arbitrary PK (that can also be compound, i.e. consist of more than one column). Here is an example:</P>

	<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
	<PRE class="code-java"><SPAN class="code-comment">// obtain PK to build a bookmarkable artist page URL
	</SPAN>Artist artist = ...;
	<SPAN class="code-object">int</SPAN> artistID = DataObjectUtils.intPKForObject(artist);
	<SPAN class="code-object">String</SPAN> artistURL = <SPAN class="code-quote">"http:<SPAN class="code-comment">//www.example.org/catalogapp/artists?a="</SPAN> + artistID;</SPAN>
	</PRE>
	</DIV></DIV>

	<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
	<PRE class="code-java"><SPAN class="code-comment">// find an artist from URL parameters
	</SPAN>HttpServletRequest request = ...;
	DataContext context = ...;
	<SPAN class="code-object">String</SPAN> idString = request.getParameter(<SPAN class="code-quote">"a"</SPAN>);

	<SPAN class="code-keyword">if</SPAN>(idString != <SPAN class="code-keyword">null</SPAN>) {
	Artist artist = DataObjectUtils.objectForPK(context, Artist.class, <SPAN class="code-object">Integer</SPAN>.parseInt(idString));
	}
	</PRE>
	</DIV></DIV>