solution of security issue -> visibility level setId() ?
posted 10 years ago
i am using surrogate primary keys on my persistent classes. two things: -i don't want to expose my setId() to my whole application ->i.e. nobody should be able to set it and this way "break" my model -i want to use a security manager so accessing private setters and fields is prohibited
problem is that this way there are problems with hibernate, because it never will be able invoke setId() either.
i thought i could overcome this problem by setting visibility of setId() to protected, so hibernate (as it uses proxying by subclassing) can still access it.
now my questions: 1)is hibernate always using subclassing to get access to my class? 2)are there other ways to have security manager (reflection issues) enabled, protecting my fields/setters and hibernate still being working? 3)is it usual (at all) to switch on security manager when using hibernate?