Hi there,
I am currently using
EJB 2.0 -- complete with CMR and EJB-based cascading deletes -- to implement an application. The state of these EJBs is stored in a PostgreSQL database.
For security reasons and in order to meet the needs of my client, I need to timestamp modifications made to the underlying database records. I am doing this using triggers.
However, I also need to record the name of the account used to modify the record and this is raising some implementation and security issues that I have never had to think about before.
The easiest way of implement this feature would be to create PostgreSQL user accounts for each application account and rely on the trigger to store its name with the database record.
On the other hand, these accounts would have to be created dynamically (because the application accounts are) and I am not sure our database / server administrator would go for this because it introduces some serious security risks into the system (perhaps -- I am supposing it would.)
An alternative to creating PostgreSQL accounts would be to create a new CMP field that takes on the name of the application account that the user is logged on to. However, if a delete of an entity bean leads to a cascade of other beans being deleted, I am not at all sure how these other beans would be handled (perhaps through the ejbRemove method?) The same problem applies with modifications propogated to other beans that result because of existing CMR relationships.
Does anyone have some ideas on how to handle issues like this?
Thanks,
Darryl