I am trying to understand security with MDD.
In my scenario, a user submits a document. I want to ensure that when the document is updated, the person who updated the document is the one who is updating the document.
My concern: If the submittedByUserID is returned to the client, a malicious authenticated user can falsify the headers to change the submittedByUserID.
My initial thoughts: I need to have a userServiceImpl that has a loginUser() method. The loginUser() method sets the user's ID in the session and I need to populate the submittedByUserID with this session information using the update-security-constraint.
- Am I correct in the approach above? Is there a better way? Am I totally off-base?
- If I am correct, how would I go about implementing this approach?
Data Structure:
<model>
<entity name="User" persistent="true">
<id name="userID" type="integer" generated="true"/>
<property name="username" type="string"/>
<property name="password" type="string"/>
<property name="documents" type="Document[]"/>
</entity>
<entity name="Document" persistent="true">
<id name="documentID" type="integer" generated="true"/>
<property name="body" type="blob"/>
<property name="submittedByUserID" type="integer"/>
</entity>
</model>
