sem added a comment - 20/Dec/04 07:15 AM

sem added a comment - 20/Dec/04 07:15 AM Filters for the class are not called for load. I would like to use filters of Hibernate 3.0 for some kind of security limitation of subset. For "queries" they work perfect but using load(...) user can still get an object which normally he should not see

Steve Ebersole added a comment - 20/Dec/04 08:05 AM

Steve Ebersole added a comment - 20/Dec/04 08:05 AM This is by intent and thus not a bug.

sem added a comment - 20/Dec/04 08:28 AM

sem added a comment - 20/Dec/04 08:28 AM the same story about save() update and delete it's really inconvenient to do filters+events just do implement simple security

Gavin King added a comment - 20/Dec/04 01:12 PM

Gavin King added a comment - 20/Dec/04 01:12 PM We don´t think this is a good application of filters. Use an Interceptor instead, if you wish to add security to single-valued results.

sem added a comment - 20/Dec/04 01:56 PM

sem added a comment - 20/Dec/04 01:56 PM This means that I would need to add security twice. Once as a filter for queries and afterwards as interceptors for load/save/update it's much better if you can do it once in filter performace of load/save/update will not change if you add a restriction. Database will query on ID in any case. And with interceptors I would need to retrieve the object from database just to check security. If you it's not cleare I can give you an example of our application.

Michael Wyraz added a comment - 22/Jun/05 06:20 AM

Michael Wyraz added a comment - 22/Jun/05 06:20 AM Added a request (HHH-663) to reopen this as bug because it's either a bug in hibernate or in the documentation.