I have a POJO in the Google Web Toolkit that I can get from the server.
class Person implements Serializable {
String name;
Date creationDate;
}
When the client makes the changes, I save it to the server using the GWT RemoteServiceServlet as follows:
rpcService.saveObject(myPerson,...)
The problem is that the user should not change creationDate. Since the RPC method is actually just an HTTP POST for the server, one could change creationDateby changing the POST request.
A simple solution would be to create a number of RPC functions, such as changeName(String newName)etc., but with a class with many fields, it would take many methods for each field and it would be inefficient to change several fields at once.
I like the simplicity of having one POJO, which I can use both on the server and on the GWT client, but for this I need a way to do it safely. Any ideas?
EDIT
I come back with generosity to try to see if there are other ideas. Perhaps my initial question was too focused on the specifics of the GWT. In fact, I think this is a common question for any system that uses JavaBeans to transfer data between a secure servlet container and an insecure (web browser).
EDIT 2
Also, to be clear, I used the field creationDateas an example of a problem. Actually, the code I'm working with is more complex with many different fields.