Adding new finders
If required, define new finders using the EJB deployment descriptor editor.
Before you begin
About this task
If you need to add a new finder to your enterprise bean:
Procedure
- In the Project Explorer view, expand EJB Modules.
- Double-click the WebSphereCommerceServerExtensionsData project to open the EJB Deployment Descriptor Editor.
- Click the Beans tab.
- In the Beans pane, select the yourNewBean bean, then in the pane on the right, scroll down and expand WebSphere Extensions.
- Click Add next to the Finders text box. The Add Finder Descriptor window opens.
- Select New, then in the Name field,
enter
findByX yourArg
, where yourArg is the name of the argument by which you are searching. Use the "findByX" naming convention for your field name to ensure that your field names are always unique from WebSphere Commerce field names. - Click Add next to the Parameters text
box, then do the following
- In the Name field, enter
yourArg
. - In the Type field enter the appropriate data type.
- Click OK.
- In the Name field, enter
- In the Return Type field, enter
one of the following and click Next:
- If the finder method uses the primary key to query the database
and the method should return a unique record, specify the EJB object
as the return type. For example, enter
UserRes
. - If the finder method returns a result set instead of a unique
record, specify the return type as
java.util.Enumeration
.
- If the finder method uses the primary key to query the database
and the method should return a unique record, specify the EJB object
as the return type. For example, enter
- From the Finder type drop-down list, select WhereClauseFinderDescriptor.
- In the Finder statement field,
type an appropriate finder. For example, enter
T1.MEMBERID = ?
, - If this entity
bean uses optimistic locking, and your finder includes the "FOR UPDATE"
clause, add the "WITH RS" clause to cause the database lock manager
to hold the acquired "Update" lock to the end of the database transaction.
For example, enter
T1.MEMBER_ID=? FOR UPDATE WITH RS.
- Click Finish.
- Save your work, then close the EJB Deployment Descriptor Editor.
- Proceed to creating a new ejbCreate method.
Results
For security reasons, when creating finder methods for a new entity bean, you should use parameter inserts as shown in the preceding steps. The reason for this recommendation is that it protects the query from being altered by users. An alternative approach would be to use a construct similar to the following example:
T1.MEMBERID = "
input_string ";
where input_string
is
a string value passed in from a URL. This is not desirable, since
a malicious user could enter a value such as "'123' OR 1=1" which
changes the SQL statement. If a user can change the SQL statement,
they may be able to make unauthorized access to data. Therefore, the
recommended approach is to use parameter inserts.
If you cannot use a parameter insert and therefore, have to use an input string to compose the SQL statement, you must enforce parameter checking on the input string to ensure that the input parameter is not a malicious attempt to access data.