What is the common practices of implementing advanced find (filtering) in EJB BMP?

Question

I'm developing a project using Struts 1.3.8 + EJB 2.1.

I have several navigation jsp's (there are some kind of tables containing entities). In navigation menu user can choose a filter condition for each table column. He chooses a filter operator in a dropdown list and inputs condition value.

Columns have a different types including string, data, integer etc.

Now I'm using a simple Condition class, which incapsulates three values (column name, operator and a value).

In action servlet I'm sendind Conditions to the appropriate EntityBean by calling Finder method.

Finder method uses QueryBuilder class, which generates SQL query (practically it just adds WHERE conditions and validates data).

I don't like this scheme for several reasons.

Firstly it uses a raw SQL in QueryBuilder so I must implement data validation to prevent SQL injections.

Secondly presentation and business layers became high coupled (presentation must know column names using in DB, or QueryBuilder must know column names using in presentation).

I can use EJB 2.1 version only, and entity beans must be a BMP.

I want to know if there some good practice to implement above mechanism, or just to see some helpful suggestions about my problem.

Thank you for you help.

Answer 1

To address your concerns first:

1) PreparedStatement should be used in the background so you dont need to worry about that.

2) Look at the Fast Lane Reader and then write an API for filtering instead of using the column names. In which case you would have to write SQL yourself and use the above noted PreparedStatement

But one question would be how many users, how expensive is every call and how much memory do you have. I recently wrote an app that pulls tens of thousands of records for the user and can take longer than a minute to refresh. Fortunately my user base is very small so i opted for frontend filtering. Its an initial load and from that the user experience is much better. I also didnt need to show always up to date information.

See Entity Bean finder methods VS DAO? for a question on performance.