Page 2 of 4
Error categorization Problem Error handling becomes complex for an n-tiered application. In a browser-based application, the errors can be handled in the client layer using JavaScript and in the Web tier or EJB (Enterprise JavaBeans) tier using custom Java methods. Building an infrastructure for consistent error reporting proves more difficult than error handling Struts provides the ActionMessages / ActionErrorsclasses for maintaining a stack of error messages to be reported, which can be used with JSP tags like.
Register the Errors Under The Appropriate Category Identify There Messages and Show Them Consistently
Struts best practice Struts' ActionErrors class comes in handy in resolving the first issue of stacking messages of different categories. To display the error messages of different categories, define these categories such as FATAL, ERROR, WARNING, or INFO, in an interface. Then , in the an action or form-bean class, you can use:
Errors.Add ("Fatal", New Actionerror ("....")); or errors.add ("Error", new actionerror ("....")); or errors.add ("Warning", NEW ActionError ("...")); or errors.add ("information", new actionerror ("....")); SaveerRors (Request, Errors);
Having Stacked The Messages According to Their Category, To Display THEM According to Those Categories, Use The Following Code:
Validation of service requester: Login-check Problem Authentication in a Web-based application can be done in any class, depending upon whether an SSO-based (single sign-on) or a JAAS-based (Java Authentication and Authorization Service) mechanism is BEING Used. The Challenge Is Identifying The PlaceHolder for Checking The Service Requester's Authenticity and The User Session's VALIDITY.
Struts best practice Usual practice is to store user credentials in HttpSession after authentication. Subsequent calls check credentials' existence in session context. The question is where to place these checks. Some options are listed below, but they must be rationalized on the basis of performance Overhead, Possibility of Future Change, and Application ManagementAbility:
Authenticate against the session context before doing any operation (as done in Struts-example.war's CheckLoginTag.java) Authenticate against session context in the Action class Write servlet request filters that perform authentication Extend RequestProcessor
The first two options require every JSP page or the Action class to perform the authentication against the session context. Change in the interface mandates change in all these JPS pages and classes. The third option is efficient, but overkill for the problem at hand.The BEST PractICE IS To Extend The RequestProcessor Class and Perform Authentication In Methods Such as ProcessctionPerform () or processroles ().
Application security Problem The usual demand in Web-based applications is to have screen-level, function-level, data-row-level, and field-level security. If not suitably designed, incorporation of these security levels in an application may cause not ONLY Performance Overheads, But Also Maintenance Nightmares.
For All The Security Types Mentioned Above, The Preferred Approach Is To Place The Security CHECK INE CLASS INSTEAD OF IN EVERY Component-I.E.
Struts has a method processRoles () for screen- and function-level security checks, however nothing is provisioned for field- and column-level security types, making it the most challenging for most Struts users.
Struts Best Practice Irrespective of WHERE The Security Realm IS set up (Database or Directory Service), The Best Practices for the Various Security Levels Are Described Below:
For screen- and function-level security, extend RequestProcessor and override the method processRoles () to perform the check against a HashMap that stores a mapping of roles and screen IDs / function IDs Row-level security is best implemented in the application's object relational mappings For Field-Level Security, Tag Libraries Are Extended to Perform The Check Against the Field ID