(转贴)Struts best practices 2

转载 2004年09月13日 15:55:00
Page 2 of 4

Error categorization
Problem
Error handling becomes complex for an n-tiered application. In a browser-based application, the errors can be handled in the client layer using JavaScript and in the Web tier or EJB (Enterprise JavaBeans) tier using custom Java methods. Building an infrastructure for consistent error reporting proves more difficult than error handling. Struts provides the ActionMessages/ActionErrorsclasses for maintaining a stack of error messages to be reported, which can be used with JSP tags like <html: error> to display these error messages to the user. The problem is reporting a different category/severity of the message in a different manner (like error, warning, or information). To do that, the following tasks are required:

  1. Register the errors under the appropriate category
  2. Identify these messages and show them consistently

Struts best practice
Struts' ActionErrors class comes in handy in resolving the first issue of stacking messages of different categories. To display the error messages of different categories, define these categories such as FATAL, ERROR, WARNING, or INFO, in an interface. Then, in the Action or form-bean class, you can use:

errors.add("fatal", new ActionError("....")); or
errors.add("error", new ActionError("....")); or
errors.add("warning", new ActionError("....")); or
errors.add("information", new ActionError("...."));
saveErrors(request,errors);

Having stacked the messages according to their category, to display them according to those categories, use the following code:

<logic:messagePresent property="error">
<html:messages property="error" id="errMsg" >
    <bean:write name="errMsg"/>
</html:messages>
</logic:messagePresent >

Or use:

<logic:messagePresent property="error">
<html:messages property="error" id="errMsg" >
    showError('<bean:write name="errMsg"/>'); // JavaScript Function
</html:messages>
</logic:messagePresent >

Validation of service requester: Login-check
Problem
Authentication in a Web-based application can be done in any class, depending upon whether an SSO-based (single sign-on) or a JAAS-based (Java Authentication and Authorization Service) mechanism is being used. The challenge is identifying the placeholder for checking the service requester's authenticity and the user session's validity.

Struts best practice
Usual practice is to store user credentials in HttpSession after authentication. Subsequent calls check credentials' existence in session context. The question is where to place these checks. Some options are listed below, but they must be rationalized on the basis of performance overhead, possibility of future changes, and application manageability:

  • Authenticate against the session context before doing any operation (as done in Struts-example.war's CheckLoginTag.java)

  • Authenticate against session context in the Action class

  • Write servlet request filters that perform authentication

  • Extend RequestProcessor

The first two options require every JSP page or the Action class to perform the authentication against the session context. Change in the interface mandates change in all these JPS pages and classes. The third option is efficient, but overkill for the problem at hand.

The best practice is to extend the RequestProcessor class and perform authentication in methods such as processActionPerform() or processRoles().

Application security
Problem
The usual demand in Web-based applications is to have screen-level, function-level, data-row-level, and field-level security. If not suitably designed, incorporation of these security levels in an application may cause not only performance overheads, but also maintenance nightmares.

For all the security types mentioned above, the preferred approach is to place the security check in one class instead of in every component—i.e., in every JSP page or Action class.

Struts has a method processRoles() for screen- and function-level security checks, however nothing is provisioned for field- and column-level security types, making it the most challenging for most Struts users.

Struts best practice
Irrespective of where the security realm is set up (database or directory service), the best practices for the various security levels are described below:

  • For screen- and function-level security, extend RequestProcessor and override the method processRoles() to perform the check against a HashMap that stores a mapping of roles and screen IDs/function IDs

  • Row-level security is best implemented in the application's object relational mappings

  • For field-level security, tag libraries are extended to perform the check against the field ID

 

机器学习法则:(谷歌)机器学习工程最佳实践(译)

本文来源:《Rules of Machine Learning:Best Practices for ML Engineering》作者:Martin Zinkevich google 研究科学家。...
  • Allenalex
  • Allenalex
  • 2017年05月07日 23:08
  • 1251

版本控制之最佳实践(Git版)

现如今,应该每个开发者都在使用版本控制工具了吧。然而,如果你理解版本控制的基本规则,你便能更好地发挥它的效用。在此,我们汇总了一些最佳实践,希望你在使用Git做版本控制时能够了然于心。...
  • happydeer
  • happydeer
  • 2014年01月02日 08:38
  • 8130

OpenResty的现状、趋势、使用及学习方法

 http://mp.weixin.qq.com/s?__biz=MzAwMDU1MTE1OQ==&mid=402261263&idx=1&sn=7b771e13eb978b0ee551596b...
  • kenkao
  • kenkao
  • 2016年08月02日 14:11
  • 2723

struts2 标签详解 转贴

1.if elseif else例子                  #age > 60 ">             老年人                 35">       ...
  • xwnxwn
  • xwnxwn
  • 2012年02月03日 20:50
  • 372

Struts Survival Guide—Basics to Best Practices

  • 2007年06月10日 04:35
  • 1.63MB
  • 下载

J2EE Best Practices

  • 2007年11月21日 16:49
  • 4.28MB
  • 下载

Best Practices for Upgrades to Oracle Database 11g Release 2 CN

  • 2012年01月08日 20:59
  • 5MB
  • 下载

DB2_Best Practices Guide_for Day-to-Day_Database Backup and Recovery Operations

  • 2018年01月11日 09:05
  • 232KB
  • 下载

DB2 Best practices

  • 2014年04月13日 21:24
  • 1.26MB
  • 下载

Best Practices for SAP BW on DB2 UDB for z/OS V8

  • 2009年12月25日 18:14
  • 4.04MB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:(转贴)Struts best practices 2
举报原因:
原因补充:

(最多只允许输入30个字)