[OWASP-ESAPI] Real-world usage of AccessReferenceMap

[John Melton]

Hi,
I am attempting to use the AccessReferenceMap object.  Perusing the
code from the swingset app, I see a usage of the
RandomAccessReferenceMap object, and understand the concept and how it
works.  What I'm wondering is how that might look in practice.  I'm
just looking for something beyond a toy example.

For many, including myself, I'd imagine the way this object would be
used would be to render a collection of objects in a table on a web
page, each with a link to a "detail" page about that object, and the
detail page would be passed the indirect reference to an id or to the
actual object stored in the session likely as suggested by the
comments in the swingset code.

So to summarize, I was hoping someone could give me an example snippet
- or at least logical flow to do this set of steps.  (just the parts
related to the use of AccessReferenceMap)

1. retrieve collection of business objects (say accounts) from data
store, and place those in scope for UI display
2. on the UI, display that collection in a table, each row having a
link to the account id (indirect reference of course)
3. retrieving the real account id from the AccessReferenceMap based on
the indirect reference (I can see how this is done from the example
code)

Thanks,
John
jtmelton at gmail.com