Originally posted by Bear Bibeault:
Gregg, that's exactly how I do it. Once I identify the class name of the appropriate action (all of which implement my Action interface) I instatiate the action via Class.newInstance().
bear
P.S. I also pool the actions once created to reduce object thrashing...
[ December 26, 2003: Message edited by: Bear Bibeault ]
Originally posted by Frank Carver:
If you want an even simpler solution, you don't even need the reflection. Just construct each of the available action instances in "init", fill a Map of some sort with them, pop the Map in the application context, and when a request comes in, just pick the pre-built action out of the map.
The downside with this is that you can't change your mind about which actions you have in the system without a recompile. But you have already said that you are using JSP, so you must have a compiler on the deployment machine anyway.
An upside is that you get early indication of possible missing actions. With a reflection-based approach, you don't really know until a request comes in whether the named action exists or is valid.
P.S. Count me in to the Struts non-fan-club. I sometimes disapair how many people seem to think that Struts is the only web framework, or that Struts is the only MVC implementation. :roll:
Originally posted by Frank Carver:
If I am understanding this correctly, why seperate the login and role check? Why not just let the Filter do both and let the Controller direct traffic. OR, why not lose the Filter and let the Controller do both? Just curious.
Of course you can take these alternative approaches if you want. The main reason for the suggested approach is to clarify the distinction between authentication (login) and authorization (role/resource/action decision).
In many simple systems, these two things are effectively the same - any authenticated user has all roles. In the general case, though, an authenticated user may have several roles (and lack several others), or may be part of several user groups which themselves have roles. Roles may affect at a fine-grained level which actions are allowed on which resources, and so on.
In such complex cases, authentication (login) is relatively simple - check to see if the session has a valid "user" object, if not then redirect to some sort of login/warning/welcome page suite to establish one. The key thing is that such a process does not need to know anything about the requested actions, supplied parameters or affected resources. Authentication is therefore an ideal job for a lightweight filter. Using this approach also has the major benefit that it can be used to protect static resources (HTML pages, stored documents, images etc.) which are not served using the controller.
The potential complexity of the authorization process is why it is usually assigned to the controller. The main job of the controller is to decide on what to do based on the supplied information about requested actions, parameters and resources. Adding "roles" as another variable in to this mix does not significantly affect the job.
Has this helped?
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
Originally posted by HS Thomas:
I'm not sure why reflection is OK to use in a JSP context - ie a web application ? Surely reflection doesn't allow for a good separation between client-processing and server-side processing ?
it's a teeny, tiny, wafer thin ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
|