Adding new finders

If required, define new finders using the EJB deployment descriptor editor.

Before you begin

You have modified the ejbLoad and ejbStore methods of the bean.

About this task

If you need to add a new finder to your enterprise bean:

Procedure

  1. In the Project Explorer view, expand EJB Modules.
  2. Double-click the WebSphereCommerceServerExtensionsData project to open the EJB Deployment Descriptor Editor.
  3. Click the Beans tab.
  4. In the Beans pane, select the yourNewBean bean, then in the pane on the right, scroll down and expand WebSphere Extensions.
  5. Click Add next to the Finders text box. The Add Finder Descriptor window opens.
  6. Select New, then in the Name field, enter findByX yourArg , where yourArg is the name of the argument by which you are searching. Use the "findByX" naming convention for your field name to ensure that your field names are always unique from WebSphere Commerce field names.
  7. Click Add next to the Parameters text box, then do the following
    1. In the Name field, enter yourArg .
    2. In the Type field enter the appropriate data type.
    3. Click OK.
  8. In the Return Type field, enter one of the following and click Next:
    • If the finder method uses the primary key to query the database and the method should return a unique record, specify the EJB object as the return type. For example, enter UserRes.
    • If the finder method returns a result set instead of a unique record, specify the return type as java.util.Enumeration.
  9. From the Finder type drop-down list, select WhereClauseFinderDescriptor.
  10. In the Finder statement field, type an appropriate finder. For example, enter T1.MEMBERID = ?,
  11. For IBM i OS operating systemApache DerbyDB2 If this entity bean uses optimistic locking, and your finder includes the "FOR UPDATE" clause, add the "WITH RS" clause to cause the database lock manager to hold the acquired "Update" lock to the end of the database transaction. For example, enter T1.MEMBER_ID=? FOR UPDATE WITH RS.
  12. Click Finish.
  13. Save your work, then close the EJB Deployment Descriptor Editor.
  14. Proceed to creating a new ejbCreate method.

Results

Important:

For security reasons, when creating finder methods for a new entity bean, you should use parameter inserts as shown in the preceding steps. The reason for this recommendation is that it protects the query from being altered by users. An alternative approach would be to use a construct similar to the following example:


T1.MEMBERID = "
input_string ";

where input_string is a string value passed in from a URL. This is not desirable, since a malicious user could enter a value such as "'123' OR 1=1" which changes the SQL statement. If a user can change the SQL statement, they may be able to make unauthorized access to data. Therefore, the recommended approach is to use parameter inserts.

If you cannot use a parameter insert and therefore, have to use an input string to compose the SQL statement, you must enforce parameter checking on the input string to ensure that the input parameter is not a malicious attempt to access data.