lib0101.html

java外企软件工程师就业班 J2EE方向 《J2EE架构师手册》 电子书

<span class="example-title"><span class="example-titlelabel">Listing 15.3: </span>Using ShowErrors.jsp to Validate User Input</span><a name="495"></a><a name="ch15list03"></a>
<div class="formalbody">
<table class="BlueLine" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td bgcolor="000080" class="bluecell"><font size="2" face="Arial" color="010100"><b><img src="_.gif" width="1" height="2" alt="Start example" border="0"></b></font></td>
</tr>
</table>
<pre class="literallayout">
   1:&lt;%@ page import="org.apache.struts.action.ActionErrors,
   2:                 org.apache.struts.action.ActionError"
   3:%&gt;
   4:
   5:&lt;jsp:useBean id=" errors" scope=" session"
   6:    class=" org.apache.struts.action.ActionErrors" /&gt;
   7:
   8:&lt;%
   9:  if (errors != null)
  10:  {
  11:   java.util.Iterator errorIt = errors.get();
  12:   ActionError error = null;
  13:   while (errorIt.hasNext())
  14:   {
  15:       error = (ActionError) errorIt.next();
  16:%&gt;
  17:      &lt;li&gt;
  18:          &lt;font color=" red"&gt;&lt;%= error.getKey() %&gt;
  19:          &lt;/font&gt;
  20:      &lt;/li&gt;
  21:&lt;%
  22:     errors.clear();
  23:     session.removeAttribute("errors");
  24:   }
  25:  }
  26:%&gt;
</pre>
<table class="BlueLine" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td bgcolor="000080" class="bluecell"><font size="2" face="Arial" color="010100"><b><img src="_.gif" width="1" height="2" alt="End example" border="0"></b></font></td>
</tr>
</table>
<table class="BlankSpace" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td height="16"></td>
</tr>
</table>
</div>
</div>
<a name="496"></a><a name="IDX-206"></a>
<p class="last-para">
<i class="emphasis">Source</i>: /jsp/ShowErrors.jsp</p>
</div>
<div class="section">
<h3 class="sect3-title">
<a name="497"></a><a name="ch15lev2sec3"></a>Data Processing</h3>
<p class="first-para">After validating user input, Struts delegates all processing to action classes that extend <span class="fixed">org.apache.struts.action.Action</span>. It's common to override the method <span class="fixed">execute()</span>, which usually does all the processing. Instead, an action class uses parameters on the request (or information already on the <span class="fixed">HttpSession</span>) as arguments for a call to something in the deployment layer. The deployment layer component returns information that the action class puts on the session.</p>
<p class="para">In ProjectTrak, one of the use cases requires a list of task assignments associated with a project. The action class that ProjectTrak uses to produce the task list is <span class="fixed">ProduceTaskListAction</span>. It instantiates a <span class="fixed">ProjectClient</span>, which was discussed in the last chapter, and invokes the <span class="fixed">getProject()</span> method that retrieves a <span class="fixed">ProjectVO</span> containing all the information the JSP needs for display. The logic within the action class is relatively simple. Little <a name="498"></a><a name="IDX-207"></a>conditional logic is required. <a class="internaljump" href="#ch15list04">Listing 15.4</a> is an extract of code from <span class="fixed">ProduceTaskListAction</span>.</p>
<div class="example">
<span class="example-title"><span class="example-titlelabel">Listing 15.4: </span>Using ProduceTaskListAction to Process Data</span><a name="499"></a><a name="ch15list04"></a>
<div class="formalbody">
<table class="BlueLine" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td bgcolor="000080" class="bluecell"><font size="2" face="Arial" color="010100"><b><img src="_.gif" width="1" height="2" alt="Start example" border="0"></b></font></td>
</tr>
</table>
<pre class="literallayout">
   1:package com.dvt.app.project.action;
   2:
   3:import com.dvt.app.project.client.ProjectClient;
   4:import com.dvt.app.project.vo.ProjectVO;
   5:
   6:import javax.servlet.http.HttpServletRequest;
   7:import javax.servlet.http.HttpServletResponse;
   8:import org.apache.struts.action.*;
   9:import java.text.SimpleDateFormat;
  10:
  11:public class ProduceTaskListAction extends Action
  12:{
  13:
  14:  public ActionForward execute(ActionMapping mapping,
  15:                ActionForm form,
  16:                HttpServletRequest request,
  17:                HttpServletResponse response)
  18:         throws Exception
  19:  {
  20:    ActionForward forward = null;
  21:    SimpleDateFormat format =
  22:        new SimpleDateFormat("MM/dd/yy");
  23:    ProjectClient projectClient = new ProjectClient();
  24:    ProjectVO projectDTO =
  25:        projectClient.getProject(
  26:            request.getParameter("proj"));
  27:
  28:    request.getSession().setAttribute("projectName",
  29:        projectDTO.getProjectName());
  30:    request.getSession().setAttribute("startDate",
  31:        format.format(projectDTO.getProjectStart()));
  32:    request.getSession().setAttribute("endDate",
  33:        format.format(projectDTO.getProjectEnd()));
  34:    request.getSession().setAttribute("taskList",
  35:        projectDTO.getProjectTasks());
  36:
  37:    forward = mapping.findForward("success");
  38:
  39:    return forward;
  40:  }
  41:}
<a name="500"></a><a name="IDX-208"></a>
</pre>
<table class="BlueLine" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td bgcolor="000080" class="bluecell"><font size="2" face="Arial" color="010100"><b><img src="_.gif" width="1" height="2" alt="End example" border="0"></b></font></td>
</tr>
</table>
<table class="BlankSpace" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td height="16"></td>
</tr>
</table>
</div>
</div>
</div>
<div class="section">
<h3 class="sect3-title">
<a name="501"></a><a name="ch15lev2sec4"></a>Navigation</h3>
<p class="first-para">With Struts, navigation is configured in the struts-config.xml file. You designate a URL mask (e.g., /trak/TaskEdit*) in the file to uniquely identify all task edit requests. Struts provides a controller servlet that understands, via the struts-config.xml file, that any request with this URL requires executing an action class and forwarding the request to a display URL.</p>
<p class="para">In addition to the URL, the struts-config.xml file lists the action class and the URL of the display JSP (or static HTML page) to use once the action class is successfully executed. For example, struts-config.xml would designate <span class="fixed">TaskDisplayAction</span> to be executed for each task edit request. The file would also specify that the request be forwarded to the display JSP to produce the HTML that will be sent to the browser. <a class="internaljump" href="#ch15list05">Listing 15.5</a> is an extract from a struts-config.xml file.</p>
<div class="example">
<span class="example-title"><span class="example-titlelabel">Listing 15.5: </span>Using struts-config.xml for Navigation</span><a name="502"></a><a name="ch15list05"></a>
<div class="formalbody">
<table class="BlueLine" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td bgcolor="000080" class="bluecell"><font size="2" face="Arial" color="010100"><b><img src="_.gif" width="1" height="2" alt="Start example" border="0"></b></font></td>
</tr>
</table>
<pre class="literallayout">
&lt;struts-config&gt;
  &lt;form-beans&gt;
    &lt;form-bean name=" projectForm"
type=" com.dvt.app.project.form.ProjectListForm"
    /&gt;
  &lt;/form-beans&gt;
  &lt;action-mappings&gt;
    &lt;action    path="/tasklist"
      type=" com.dvt.app.project.action.ProduceTaskListAction"
      name=" projectForm"
      scope=" request"
      validate=" true"
      input="/jsp/Project.jsp"&gt;
      &lt;forward name=" success"
        path="/jsp/TaskList.jsp"/&gt;
      &lt;forward name=" failure"
        path="/jsp/ServerErrors.jsp"/&gt;
    &lt;/action&gt;
  &lt;/action-mappings&gt;
&lt;/struts-config&gt;
</pre>
<table class="BlueLine" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td bgcolor="000080" class="bluecell"><font size="2" face="Arial" color="010100"><b><img src="_.gif" width="1" height="2" alt="End example" border="0"></b></font></td>
</tr>
</table>
<table class="BlankSpace" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td height="16"></td>
</tr>
</table>
</div>
</div>
<p class="last-para">The struts-config.xml can also specify an error page if the action class doesn't process successfully.</p>
</div>
<div class="section">
<h3 class="sect3-title">
<a name="503"></a><a name="ch15lev2sec5"></a>Security</h3>
<p class="first-para">For most applications, the first step in security is establishing whether or not a user is supposed to have access. The question is usually decided by the Web server before the application is invoked. For most J2EE applications, if <a name="504"></a><a name="IDX-209"></a>a user successfully enters a user ID and password, the Web server forwards the user's HTTP(S) request to the application.</p>
<p class="para">In many cases, an application is written to assume that if it was invoked, the user is entitled to the content. For example, if you subscribe to the online version of <I>BusinessWeek</I>, once you supply your user ID and password, you're entitled to the content. The BusinessWeek application doesn't need to know your specific identity.</p>
<p class="para">Some applications have more sophisticated requirements, altering content based on the identity of the user. An example of this is an online <I>Wall Street Journal</I> subscription. Based on who you are (and the preferences you establish), any news regarding a specific list of companies you specify appears as "Company News" content.</p>
<p class="para">Other applications alter content depending on user-specific groups. With J2EE applications, groups are more often referred to as roles. An example of this type of data access appears on the open source software development Web site SourceForge.net. SourceForge designates users as belonging to "projects." Within each project, users can be either an "admin" or a "developer." The options a user sees on SourceForge pages differ depending on the user's role affiliation.</p>
<p class="para">If your application alters its content based on a user's ID or role, the presentation layer can obtain this information from the <span class="fixed">HttpServletRequest</span> (from <span class="fixed">javax.servlet.http</span>). The action classes and JSPs have access to the request. Given a variable <span class="fixed">request</span> that is of type <span class="fixed">HttpServletRequest</span>, the following line of code can get a user ID:</p>
<div class="informalexample">
<pre class="literallayout">
String userId = request.getUserPrincipal().getName();
</pre>
</div>
<p class="para">I'm not aware of a standard way for a J2EE application to get a list of roles a user has access to, but it can easily verify a user's membership in a specific role. The following code validates that a user is in the "admin" role:</p>
<div class="informalexample">
<pre class="literallayout">
if (request.isUserInRole("admin"))
{
  // your application code here
}
</pre>
</div>
</div>
</div>
</div><br>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td><div STYLE="MARGIN-LEFT: 0.15in;"><a href="toc.html"><img src="images/teamlib.gif" width="62" height="15" border="0" align="absmiddle"  alt="Team LiB"></a></div></td>
<td align="right"><div STYLE="MARGIN-LEFT: 0.15in;">
<a href="LiB0100.html"><img src="images/previous.gif" width="62" height="15" border="0" align="absmiddle" alt="Previous Section"></a>
<a href="LiB0102.html"><img src="images/next.gif" width="41" height="15" border="0" align="absmiddle" alt="Next Section"></a>
</div></td></tr></table>
</body></html>