Re: Design problem : security layers
- From: Wojtek <nowhere@xxxxx>
- Date: Wed, 18 Apr 2007 13:29:22 GMT
subtenante wrote :
On Tue, 17 Apr 2007 15:08:24 GMT, Wojtek <nowhere@xxxxx> wrote:
The Data class holds all the information which the JSP needs. The information is loaded by the SQL class, inspected by the business class (including setting flags). The Data object is then placed into the HttpRequest.
The thing is that i look at my website as two separate ones. The
backend interferes with the database, updating it. The frontend only
reads it. They use the same kinds of objects, but never interact
directly, they always interact through the DB.
Your JSP pages access the database? Or even know about it?
In my scenario, the front end only gets information from a Data object. So the JSP only knows about the Data object. How that information got put into the Data object it totally irrelevant to the JSP.
The way I have layered the classes, I can switch database technologies by simply re-writing ONE set of classes in the "backend", and setting a configuration file. Whether that new database is a different database, an XML file, a flat file, or whatever, it is completely hidden from the JSP.
A given database class knows how to access its database, the proper syntax for that database (including any quirks), and has all the methods for the normal CRUDL.
With each use case in its own package, and minimal interaction between packages (except for the framework), I greatly reduce the probability that a change in one package will affect another package.
Well i *want* (and need) that a change in a frontend object makes a
change on the backend one. I want them both to have almost the same
attributes, generally, and i want for example all the getters (or
displaying methods) to be the same in the backend than in the frontend
(and not to have to do the changes twice every time).
The normal round trip is that the user fills in some information, then clicks on a submit button.
A servlet starts up. It reaches into the request and picks out the page fields. Depending on the button, the servlet performs some sort of action.
In my setup, the servlet populates the Data object with the user's entered information. If the action is "Update", then the Data object is validated. If the validation succeeds, then the Data abject is passed to the database class, and the servlet re-directs to another servlet.
If the validation fails, then the Data object is placed into the request, and the JSP is called. The JSP displays the information in the Data object (which in this case is the bad information). The JSP also displays any error messages.
If this is the first time to that servlet, then it calls the database class to get the information from the database. The database method creates the Data object, fills it with values from the database, and passes it back to the servlet, which calls the JSP.
So the JSP only needs to know about ONE object, the Data object.
But i really do
not want the frontend objects to be able to make any change in the
database.
With only ONE Data object which is passed around, then you only need to change that one class. Since it has both getters and setters for a given attribute, then any change (almost) automatically is seen by both users of the object.
In your case, any new attribute must be put into two objects.
Also, since I am using minimal scope, the JSP cannot even get at the classes which "play" with the database.
--
Wojtek :-)
.
- Follow-Ups:
- Re: Design problem : security layers
- From: subtenante
- Re: Design problem : security layers
- References:
- Design problem : security layers
- From: subtenante
- Re: Design problem : security layers
- From: Wojtek
- Re: Design problem : security layers
- From: subtenante
- Design problem : security layers
- Prev by Date: Re: comparing Locales for equality and degree of specificity
- Next by Date: Re: How to use wget to get information of a jsp page
- Previous by thread: Re: Design problem : security layers
- Next by thread: Re: Design problem : security layers
- Index(es):
Relevant Pages
|
