(转贴)Struts best practices 1

转载 2004年09月13日 15:53:00
 

Struts best practices

Build the best performing large applications

Summary
Multiple options are available for solving problems with Struts. When deciding among these alternatives, the choice must be based on parameters such as the scale of work and availability of time. However for large applications and the best quality-of-service needs, every decision becomes crucial and extra efforts are required to choose the appropriate solution. To help you make these decisions, Puneet Agarwal discusses some of the best practices for developing Struts-based applications. (2,800 words; September 13, 2004)

By Puneet Agarwal

Page 1 of 4

True to the literal meaning of the word, "Struts" provides supporting building blocks and infrastructure components to build a Web-based application. It is an MVC-based (Model View Controller) open source framework developed and supported by the Apache Software Foundation. Because of its support for extensibility and plug-ins, the framework has picked up stupendous popularity among J2EE-based application developers. The framework can be extended and customized to suit a particular application need.

Though covering all the aspects of this framework and documenting the best practices may not be possible in one article, the subsequent sections discuss some of the best practices for developing with Struts.

The primary sources of information for this article are the Struts users' mailing list, the Struts developers' mailing list, and my experience with Struts-based applications.

The article discusses the following main points:

  • Screens with dynamic fields
  • Safeguarding JSP pages
  • Error categorization
  • Validation of service requester
  • Application security
  • Prepopulation
  • Stack maintenance (for bread crumbs)
  • Context-related problems
  • Form-bean scope
  • Data transfer object implementation
  • Exceptions
  • Action chaining

Screens with dynamic fields
Problem
The Java Community Process (JCP) has released the Java Metadata Interface Specification, and some programmers are involved in the open source project Beehive. Both of these projects strive to reduce coding. However, the question is whether Struts has a facility that can be used for writing a generic JSP (JavaServer Pages) page for specific types of screens in an application so that a separate JSP page doesn't have to be written for each screen. For example, to reduce our coding efforts, we might want to develop a generic JSP page for all search screens in an application or for submitting batch processes or reports, where the parameters to be input vary for every report/batch.

Form beans are classes that must have getter and setter methods for every field in JSP, and the problem is how to write these methods for dynamic fields.

Struts best practice
Possible solutions are:

  • Let the JSP page have fields in a specific pattern such as field1, field2, field3, and so on, and provide their getter and setter methods in the form bean. Here, the number of fields that can appear on the screen cannot be more than the number of variables in the form bean.

  • Utilize the indexed getter and setter methods available in the form bean for all dynamic fields in the JSP page.

In the second approach, an increase in the number of fields in JSP requires no alteration in any component; therefore, it is the recommended best practice. The implementation details follow:

  1. Assuming an array of strings carries the resource IDs for all the dynamic fields in the form bean, the JSP page can be written as:

    <logic:iterate name= "FormName" property="propertyName" indexId="abc" >
      <html:nested property='dynaProperty(<bean:write name="abc")'/>
    </logic:iterate>

  2. Declare two methods in the form bean, as shown below. These methods will work as the getter and setter methods for all the dynamic fields in the JSP page. Whatever appears in small brackets—()—in front of dynaProperty (in the JSP page as shown above), is taken as key, and either the getDynaProperty() or setDynaProperty() method from the form bean is called. These values should be stored in a HashMap against the key, which can later be retrieved in the Action class from the HashMap against the key.

    public class testVarForm extends ActionForm
    {
      private HashMap hMap = new HashMap();

      public testVarForm() {  }

      public void setDynaProperty(String key, Object value)  {
        this.hMap.put(key, value);
      }

      public Object getDynaProperty(String key)   {
        return this.hMap.get(key);
      }

      public HashMap getHashMap()   {
        return this.hMap;
      }
      public void setHashMap(HashMap newHMap)
      {
        this.hMap =newHMap;
      }
    }

Safeguard your JSP pages
Problem
When developers use Web-based applications, they often try to break into the security. The most common habit is to view the source of HTML in the browser and somehow determine the path of JSP pages and access them. The intent is to highlight the vulnerability of JSP pages accessible without authorization. Users who lack authorization to view the source might observe the source URL while sitting with another user who is authorized to work on that specific screen. Later, this unauthorized user could log in to the application and type the URL in the browser. In some cases, such users are able to make their way through.

Struts best practice
The possible solutions to this problem:

  • Do not let users access any JSP page directly. The starting page can be an HTML document. Add the following lines to the web.xml file to prevent users from accessing any JSP page directly:

    <web-app>
       ...
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>no_access</web-resource-name>
          <url-pattern>*.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint/>
      </security-constraint>
      ...
    </web-app>

  • The most popular option is to keep JSP pages behind the WEB-INF folder. This has a few tradeoffs. For example, you cannot take the JavaScript/CSS (Cascading Style Sheets) files behind WEB-INF, and if using Struts modules, you may encounter some context-related problems. Refer to the section "Context-Related Problems," which appears later in this article, to circumvent such issues.

The second approach allows some JSP pages (which are not behind WEB-INF) to be visible directly. It does not require a descriptor file entry, therefore the best practice is to keep the pages behind WEB-INF.

 

机器学习规则:ML工程最佳实践----rules_of_ml section 1【翻译】

机器学习规则:ML工程最佳实践本文旨在指引具有机器学习基础知识的工程师等人,更好的从机器学习的实践中收益。介绍一些应用机器学习需要遵循的规则,类似于Google C++ 风格指南等流行的编程指南。如果...
  • wangyaninglm
  • wangyaninglm
  • 2017年05月20日 00:40
  • 930

机器学习法则:(谷歌)机器学习工程最佳实践(译)

本文来源:《Rules of Machine Learning:Best Practices for ML Engineering》作者:Martin Zinkevich google 研究科学家。...
  • Allenalex
  • Allenalex
  • 2017年05月07日 23:08
  • 1261

Email Best Practices邮件发送策略最佳实践

Email Best Practices ReputationHostingIP Addresses and Sending VolumeDNSAuthenticationMailing List...
  • u013695144
  • u013695144
  • 2015年03月27日 13:46
  • 593

Android 6.0 开发者对系统权限的使用与练习(Permissions Best Practices)

Permissions Best Practices    在安装的过程中,用户很容易忽略权限请求。如果一个用户对应用感觉沮丧或者担心泄漏个人信息,那么这些用户就会不用他或者卸载它。如何规避这个问题...
  • zz20104534
  • zz20104534
  • 2016年02月22日 17:15
  • 1411

【LeetCode-面试算法经典-Java实现】【121-Best Time to Buy and Sell Stock(最佳买卖股票的时间)】

【121-Best Time to Buy and Sell Stock(最佳买卖股票的时间)】【LeetCode-面试算法经典-Java实现】【所有题目目录索引】原题  Say you have a...
  • DERRANTCM
  • DERRANTCM
  • 2015年08月14日 06:16
  • 6321

Struts中对通配符的配置说明

在Struts的配置文件里面,如果实现有“约定”的话,可以优先考虑通配符,这样可以大大的简化配置量,可以仅仅去考虑控制器和视图的分配就可以了,下面是我对xml配置文件的关于通配符的配置说一下自己的理解...
  • MyCodeDream
  • MyCodeDream
  • 2015年09月29日 20:48
  • 653

android studio小日常(持续更新)

这里会更新一些android  studio大家可能找不到的地方,也是比较常用的一些技巧。 1.我们在使用android studio编辑xml的时候,我们想让xml能自动选择合适的版本进行预览,我们...
  • BXHUHU10910
  • BXHUHU10910
  • 2016年05月21日 11:04
  • 584

Struts1——自定义转换器

在struts1中,使用了beanutils来处理类型的一些基本类型的转换。        当需要时候,可以定义自己的转换器,下面以java.util.Date为例来看下如何定义转换器。       ...
  • lhc2207221755
  • lhc2207221755
  • 2015年12月15日 18:54
  • 1831

Struts 1 之配置文件

web.xml中配置Struts的入口Servlet——ActionServlet,ActionServlet不负责任何的业务处理,它只是查找Action名单,找到path属性与URL属性一致的Act...
  • u012152619
  • u012152619
  • 2015年01月25日 08:57
  • 2183

U3D HTTP 最好用的插件BestHttp

简介我用的是1.6版,附百度云地址链接:http://pan.baidu.com/s/1dDzW4XN 密码:xz6aUnity用来和服务器通信可以用原生的WWW,但是WWW所提供的功能并不多,不能满...
  • Kaitiren
  • Kaitiren
  • 2015年09月12日 18:18
  • 10221
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:(转贴)Struts best practices 1
举报原因:
原因补充:

(最多只允许输入30个字)