Newbie's question: design interface for remote access

**Savagearts** · Mar 15th, 2005, 09:15 PM

This is a question that i always come with. For example, This is an interface as this:

Code:

public interface IFoo&#123;
   IBar getBar&#40;int id&#41;;
&#125;

This interface is exposed as a remote Web Service-RPC function for third-party to use.
But The Bar object is context sensitive. In other words, User A can only view Bar1 ,UserB can only view Bar2. So my question is : The service have no idea who sends the request. if the User B calls the interface with argument "1", The User B may get Bar1 easily. To avoid this problem, i have to add an identity argument in the remote interface. But it looks like so clumsy.

How about your smart guys opinion? I would appreciate you help. thx!

**Alarmnummer** · Mar 16th, 2005, 02:34 AM

Maybe some kind of identity object could be created as soon as the client logs in. This identity object could be bound to the thread of that client so your service could determine what to send back.. (and what not).

Check http://acegisecurity.sourceforge.net btw for more information.

**Savagearts** · Mar 17th, 2005, 12:02 AM

thx,Alarmnummer. I'll check it

Thread: Newbie's question: design interface for remote access

Thread Tools

Display

Newbie's question: design interface for remote access

Similar Threads

Service vs. DAO vs. transaction vs. design question

design strategy question

Bean design question

Design question - Spring service with different user groups

Design question, c3p0 and more..

Posting Permissions