When you have internet facing application , its important not to expose direct object reference on UI to protect security vulnerability(where user can retrieve the unauthorized data by merely changing the primary key). When you are righting the application from scratch there are various ways you can handle it like :-
1) Handling at data layer where query has user id in where class. user id should be picked from session
2) Maintaining the map reference map at server side . Key can be some number generated based on some algo and value will be primary key. Then expose that number on ui . On server side get the value against that key. Even if user manipulate the number corresponding value wont be found and throw an
error. Something like this.
There will be other ways also.
My question is there something of similar kind available in struts 2 where you can annotate the any field with primary key and it does the step 2 for you or any other implementation to abstract primary key. Any ideas?