• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Controlling "setXXX" access by caller?

 
Ranch Hand
Posts: 251
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm working on a J2EE model-view-controller type framework, and I was wondering about how I should go about making view objects immutable (read-only). I want to make sure that on the off chance that ppl make malicious JSPs (intentionally or not) that none of the server-side objects are changed. I suppose I could just create a copy of all my current objects and remove the set methods, but there's got to be a better, easier way of doing this. Perhaps extend the original classes and override the set methods? Or is there a way in a method to check who's calling the method?
 
Sheriff
Posts: 6450
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Transfer data between your business layer and view and application layers using data transfer objects (DTOs), sometimes also called "value objects". DTOs are simply objects that encapsulate the data of another object.
A quick example:

Then in your application code you would do something along the lines of:

There are of course various implementations, but this is the general idea. For instance, maybe you would make your view object immutable:

So while maybe using this design pattern isn't easier, it is certainly safer and maintains a separation between the various layers of your application.
 
Phil Chuang
Ranch Hand
Posts: 251
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks, just what I was looking for. I knew there was a pattern for this but couldn't quite remember what it was.
 
Phil Chuang
Ranch Hand
Posts: 251
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
On a similar question, is there a way to detect what the calling object is inside a method? Is there a way to do this programmatically? It'd be kind of handy to limit method access by calling object as well as the normal package/protected/public modifiers.
 
Phil Chuang
Ranch Hand
Posts: 251
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm thinking I could make a sort of key class where the constructor is package-only - then use that to pass to a method to identify that the calling object is from that package...? That way no servlet or jsp could access that method since it wouldn't be able create the key object.
 
reply
    Bookmark Topic Watch Topic
  • New Topic