使用 GWT、Struts 和 Hibernate 在 Web 应用程序中处理数据
我正在使用 Struts 和 Hibernate 编写一个 Web 应用程序。 最近,我发现了 GWT 和 可视化 API。 这一切看起来非常有趣,并提供了我的应用程序所需的 AJAX 功能。 我是一个很困惑的新手......
在哪里放置数据访问级别检查?
在网络应用程序中,用户对数据具有不同级别的访问权限。 例如,不同数据的读/写权限的不同组合。 当访问或修改任何数据时,应用程序会检查某种用户配置文件。 用户将根据结果获得数据访问权限 - 拒绝查看访问权限或可以查看数据但无法更改数据等。我不确定在哪里放置此特定检查。 我想我可以将其编码在DAO中,每次处理数据操作时,根据配置文件手动检查查询的数据。 或者,将其放在业务逻辑/显示层中,如果用户没有数据访问权限,则将按钮从用户手中拿走。 还是两者? 或者在休眠中是否有一个配置文件,我可以为所有映射的表指定数据访问权限?
传递信息的最佳实践
模型/视图/控制器之间非常需要通信,对 GWT 进行 RPC 调用,并将数据传递给可视化代码以呈现图表等内容。 我猜测它肯定需要某种将 Java 对象转换为 JSON 对象的转换器,以便进行 gwt-rpc 调用并使用可视化 API 绘制图表。 我对么? 另外,就在 Struts 和 Hiberante 中传递信息而言,编写数据传输对象是一个好主意吗? 然后就一直传递豆子? 或者(我今天刚刚遇到这个......甚至不确定我是否理解正确)可能将对象绑定到 JNDI 上,并从程序的其他部分访问它们?
任何意见/澄清将不胜感激。 非常感谢!
I am writing a Web App using Struts and Hibernate. Recently, I discovered GWT and the Visualization API. This all looked very interesting and provides AJAX functionalities that my app needs. I'm a newbie that is quite confused....
Where to put data access level checks?
In the web app, users have different level of access for the data. e.g. different combinations of read/write privileges for different data. There will be some kind of user profile that the app checks for when any data is accessed or modified. The user will be given data access according the result -- denied viewing access or can see the data but cannot change it etc. I'm not sure where to put this particular check. I guess I could have it coded in the DAO's, everytime data operation is processed, manually check the queried data against the profile. Or, put it in the business logic/display layer, if an user does not have a data access privilege, take the button away from the user. Or both? Or is there a configuration file in hibernate somewhere I can specify data access privileges for all the tables mapped?
Best practice for passing information around
There is great need to communication between the model/view/controller, make RPC call for GWT and pass data off to the Visualization code to render charts and stuff. I'm guessing it definitely need some kind of translator that converts Java objects into JSON objects in order to make gwt-rpc calls and draw charts with the Visualization API. Am I correct? Also, in terms of passing information around in Struts and Hiberante -- is writing Data Transfer Objects a good idea? Then just pass beans around all the time? Or (I just came across this today..not even sure if I understood it correctly) maybe bind the objects onto JNDI, and access them from other parts of the program?
Any input/clarification will be appreciated. Thank you very much!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
访问级别检查:
我会将访问级别检查分成自己的类,并让您的“控制器”在调用 DAO 之前首先调用访问管理器。 即,每个操作在执行 DAO 调用以获取/插入数据之前都会执行检查。
但如果您使用 gwt,更好的方法是进行 RPC 调用,而不是使用 struts 操作。 rpc 调用成为我上面提到的“控制器”,并且可以使用我上面提到的管理器进行访问检查 - 即消除操作。
至于访问管理器,我建议枚举所有细粒度访问权限,并将这些权限组合成可以与每个用户/配置文件/其他内容关联的集合。
传递信息
gwt 使用 hibernate 很痛苦 - 你可以尝试使用 Gilead ,但我并没有取得太大成功,对我来说太麻烦了。 你的 json 转换想法是 gwt 恕我直言的正确方法。 gwt 1.5 支持所谓的 javascript 对象覆盖,它允许您返回 json,并直接将其“叠加”到 gwt java 对象中,而您只需要很少的代码。 查看这篇文章了解更多信息。
另一种方法是推出自己的 DTO 生成设施(这就是吉利德的意图,但我不认为它会自动生成?不确定)。 将其作为构建的一部分实施。 如果不是一个大项目,这是一些额外的工作,这是不值得的。
access level checks:
i would seperate the access level checks into its own class, and have your "controllers" call the access managers first before calling DAO's. i.e., each action performs a check before doing the DAO calls to get/insert data.
but a better method, if you are using gwt, is to make RPC calls instead of using struts actions. the rpc calls becomes the "controllers" i mentioned above, and can do access checks using the managers i mentioned above - i.e., elminitate actions.
as for the access managers, i recommend enumerating all granular access privileges, and the compose these priviledges into a set that can be associated with each user/profile/whatever.
passing info around
gwt is a pain to work with hibernate - you can try using Gilead , but i havent had much success with it, its too cumbersome for me. your idea with json converting is the right way to go in gwt imho. gwt 1.5 supports whats called javascript object overlay, which lets you return json, and "superimpose" it into a gwt java object directly with little code on your part. check out this post for more info.
the other method is to roll your own DTO generation facility (which is what Gilead is meant to do, but i dont think it does autogeneration?not sure). implement it as part of your build. its a bit of extra work that wouldnt be worth it if its not a large project.
关于你的第一个问题我不能说太多,因为我真的不喜欢使用 Struts 来做任何与 GWT 相关的事情。
至于你的第二个问题,不,你不必使用任何 JSON。 听起来你的后端是Java,这意味着GWT RPC机制只能与POJO一起工作。 因此,您只需创建绘图所需的对象并在客户端和服务器之间来回传递它们。 GWT 将为您开箱即用地完成所有 RPC 工作。
编写数据传输对象可能是必要的,但前提是您的休眠模型文件包含 GWT 编译器无法理解的内容。 我通常使用 EJB3 和 Stripes(而不是 Hibernate 和 Struts),在我的例子中,我不需要编写任何数据传输对象,我只需使用 EJB3 POJO 并在客户端和服务器之间传递它们。
I can't speak much about your first question because I really don't like using Struts for anything GWT related.
As to your second question, no you shouldn't have to use any JSON. It sounds like your back end is Java, which means that the GWT RPC mechanism will just work with POJOs. So you would just create the objects you need for drawing and pass them back and forth between your client and server. GWT will do all the RPC stuff for you out of the box.
Writing Data Transfer objects might be necessary, but only if your hibernate model files contain things that the GWT compiler can't understand. I normally user EJB3 and Stripes (instead of Hibernate and Struts) and in my case I never have to write any data transfer objects, I just use the EJB3 POJOs and pass them between my client and server.
服务器端的数据访问级别检查是最安全的方法。 但 GWT 仍然会生成打包的 JS。 您可以在客户端执行此操作。 但在这种情况下,每次都应该从服务器端检查/获取用户配置文件。
传递信息:我在向量中使用分隔字符串。 而且运行良好...
Data access level checks in server side is the safest way. But still GWT generates a packed JS. You can do it on Client side. But in that case user profile should be checked/fetched in/from the server side every time.
passing info around: I am using delimited strings in vector. And it is running good...