Although many articles have discussed J2EE best practices. So why do I have to write an article again? This Chinese
What is the same as the previous article? Where is it better than other articles?
First, the target reader in this article is a architect that is engaged in technical work. In order to avoid waste of everyone, I will avoid
Exemptions from some of the best practice, such as "build daily", "test everything
"And" often integrate (Integrate offen). Any project with a competent architect has a division of labor, which is well defined.
Team structure. They also test code (unit, integration)
And systematic), deployment and configuration / release management have recorded processes.
Second, I will skip usually the best practice, such as "interface-based design", "using the famous design model"
And "using a service-oriented architecture", etc.. Instead, I will focus on I have learned and used 6 years 6 (not very
Many) IN-TRENCH courses. Finally, the purpose of this article is to let you think about your architecture and provide work.
Code examples or solutions beyond the scope of this article. Let me introduce this 6 lesson:
Lesson 1: Do not bypass server-side verification
As a software consultant, I have had the opportunity not only designed and implemented a web application, but also assessed / reviewed.
Multi-web application. In complex, and in applications encapsulated with JavaScript client, I often encounter users.
Enter information Perform a large number of checked web pages. This is true, even if the HTML element has an attribute of data validity. For example,
Maxlength. The HTML form can only be submitted after successful verifying all input messages. As a result, once the server ends
To the notification form (request), the business logic is properly executed.
Here, do you find a problem? Developers have done a lot of important assumptions. For example, they assume all the web
Applications are equally honest. Developers also assume that all users will always use the browser they tested to access the web.
application. There are still many other assumptions. These developers have forgotten the tools that can be given, through the command line
It is easy to simulate behavior of a browser. In fact, you can send by typing the appropriate URL in the browser window.
Any "posted" form, despite this, you can easily block this "form" by disabling the GET requests for these pages.
Send ". However, you can't prevent people from simulating or even create their own browsers to invade your system.
The fundamental problem is that developers cannot determine the main difference between client authentication and server-side verification. The main difference between the two is not
Wherever verification occurs, for example, on the client or on the server. The main difference is that the purpose behind verification is not
with.
Client verification is only convenient. Execute it provides users with quick feedback ?? Make the application to respond, give people
An illusion that runs desktop applications.
On the other hand, server-side verification is required to build a secure web application. No matter what is input on the client side
What makes it possible to ensure that all data sent to the server is valid.
Thus, only server-side verification can provide a safe application level. Many developers have fallen into a mistake
The circle of the feel: Only verification of all data in the client can ensure safety. Here is a common way to illustrate this view
Example:
A typical login page has a text box for entering a user name and a text box for entering a password. In service
Device, someone may encounter some code in receiving the servlet, which constitutes the SQL query in the following form:
"Select * from securitytable where username = '" form.getParameter ("UserName" "' and password = '" form.getParameter ("password") ";", and execute this
Some code. If the query returns a certain line of the result set, the user logs in success, otherwise the user logs in failed.
The first question is to construct SQL's way, but now let us ignore it temporarily. If the user lost in the username
What will I get into "Alice '-"? Assume that users named "Alice" is already in SecurityTable, at this time this user (more appropriate
The saying is hacker) successfully logged in. I will find out why this happens to give you a study.
question.
Many creative client validations prevent a general user from logging in from the browser. But for disabled
JavaScript's client, or those who can send commands directly using other similar browser programs (HTTP POST and
The senior user (or hacker) of GET commands, what do we have? Server-side verification is to prevent this
Vulnerability type must be. At this time, SSL, firewall, etc. are not used.
Lesson 2: Safety is not an additive
As mentioned in Lesson 1, I have been fortunate to have a lot of web applications. I found all JavaServer Page
(Jsp) has a common topic, which is a layout similar to the following pseudo code:
<%
User user =
Session.getaTribute ("User");
IF (user == NULL)
{
// redirect to
// the logon page ...
}
IF (! User.Role.equals ("manager"))
{
// redirect to the the
// "unauthorized" Page ...
}
%>
HTML, JavaScript, and JSP
Code to Display Data And
Allow User Intertion ->
If the project uses a MVC framework such as Struts, all Action Beans have similar code. Exhaust
The final code may run very well, but if you find a bug, or you must add a new role (example
Such as, "guest" or "admin"), which will represent a nightmare.
In addition, all developers need to be familiar with this coding mode whether you are young. Of course, you can use some
JSP tags to organize JSP code, you can create a basic action bean that clears the derived bean. Although if
Therefore, since the security-related code will be distributed into multiple places, the nightmares when maintenance are still exist. Due to the web application
The security of the order is to force the level of the application code (by multiple developers) instead of being built in the architectural level.
On, the web application is still likely to have weaknesses.
It is very likely that the fundamental problem is to handle security issues when the project is close to completion. Recently as a architect, I have
In a year, I have experienced a six version of the project in a year, and until the fourth edition we mentioned safety ??
Even if the project will expose highly sensitive personal data to the web, we have not noticed security. In order to change the release plan, we have been involved in the battle with project funders and their managers, in order to include all security related
The function and put some "business" function in subsequent versions. In the end, we have won the victory. And due to application
The security is quite high, protecting the private data of the customer, this point we are proud, our customers are also very high
Xing.
Unfortunately, in most applications, security does not increase any actual business value, so until
Finally solved. When this happens, people rushed to develop and safely related code, and did not consider the solution.
Long-term maintenanceability or robustness. Another sign that ignores the security is the lack of comprehensive server-side verification, such as I am
As described in Lesson 1, this is an important part of the security web application.
Remember: The security of J2EE web applications is not just in web.xml and ejb-jar.xml files.
Declaration, nor use J2EE technology, such as Java Authentication and Authorization (Java Authentication and
Authorization Service, JaaS). It is concurrently designed and implements a architecture that supports it.
Lesson 3: Internationalization (I18N) is no longer talking on paper
Today's fact is that many English non-nomologs will visit your public web application. With e-government
Implementation, this is especially true because it allows people to interact with government agencies online from government agencies online. such
Examples include rehabilitation driver's licenses or vehicle registration certificates. Many first languages are not English, people like to visit such applications.
program. Internationalization (ie: "I18N", because in "interNationalization" words, between the letters I and the letters n
A total of 18 letters) allows your app to support multiple languages.
Obviously, if you have hard-coded text in your JSP page, or your Java code returns a hard-coded error message,
Then you have to spend a lot of time to develop the Spanish version of this web application. However, in the web application, in order to
Support multiple languages, text is not the only part of "avatar". Because there is a text in many images, graphics and maps
Like should also be configurable. In extreme cases, images (or color) may not be complete in different cultural backgrounds
The same meaning. Similarly, any Java code that format numbers and dates must also be localized. But the problem is: Your page cloth
The Bureau may also need to change.
For example, if you use the HTML form to format and display menu options, application heads or foots, you may
The minimum width and other possible aspects of each column must be changed for each supported language. In order to adapt to different fonts
And colors, you might have to use a separate style sheet for each language.
Obviously, now create an international web app is facing architectural challenges rather than the application
war. A good web application means your JSP page and all business-related (applications unique)
The Java code does not know the localization unconsciously. The lesson to remember is: Don't support international because Java, J2EE support
It does not consider internationalization. You must remember to design an international solution from the first day.
Lesson 4: Avoid common mistakes in MVC
J2EE development is enough to mature, in the representation, most items use some of the MVC architectures, such as Struts.
In such a project, the phenomenon I often see is misuse of MVC mode. Here are a few examples. Common misuse is all of the business logic in the model layer (eg, in the Struts Action bean). Do not
To forget, the model layer of the layer is still part of the layer. The correct way to use the model layer is to call the appropriate service
Layer service (or object) and send the results to the view layer. In terms of design patterns, the MVC represents the layer
The model should be implemented as the appearance of the business layer (FA? ADE). Better way is to use core J2EE mode (Core
J2EE Patterns This is the business delegate mode. This section is excerpted in the book.
The main points and advantages of your model as Business Delegate:
Business delegate works to client business abstraction. It abstracts, and then hides the business service
Now. Using Business Delegate, you can reduce business services that represent layer clients and systems. The degree of coupling. root
According to different strategies, Business delegate can protect clients from possible changes in the implementation of business service APIs.
Dynamic effects. In this way, when the business service API or its underlying is achieved, it can potentially reduce the representation layer customer
Number of end code.
Another common error is to place a number of logic indicated in the model layer. For example, if the JSP page needs to be referred to
The date formatted or sorted in a specified manner, some people may place the logic in the model layer, the logic
This is a wrong place. In fact, it should be in a group of Helper classes used in the JSP page. When the business layer returns
Action beans should forward data to the view layer when data is data. In this way, unseasual coupling between the model and the view
In order to flexibly support multiple view layers (JSP, Velocity, XML, etc.). Also make the view determine to display to the user
Best way data.
Finally, most of the MVC applications I have ever seen have a controller that is not fully applicable. For example, most Struts
The app will create a basic Action class and complete all security-related features. All other action
BEAN is a derived class of this base class. This function should be part of the controller, because if there is no security condition,
First call should not reach the Action Bean (ie: model). Remember, the most powerful work of a well-designed MVC architecture
One of them is a robust, scalable controller. You should use this capability to strengthen your own advantages.
Lesson 5: Don't be bound by JOPO
I have witnessed many projects to use Enterprise Javabean in order to use Enterprise JavaBean. Because EJB
It seems to bring superior and self-respecting performance, so sometimes it is a coolness factor. and
Other times, it will cause J2EE and EJB to be confused. Remember, J2EE and EJB are not consent. EJB is just a part of J2EE
Points, J2EE is included in JSP, Servlet, Java Message Service (JMS), Java Database Connection (JDBC),
JaaS, Java Management Extensions (JMX) and EJBs, are also related to how to use these technologies
A set of guiding principles and patterns for establishing solutions.
If EJB does not need to use EJB, they may affect the performance of the program. WEB server with old
Compared to EJBs generally have more demand for application servers. All value-added services provided by EJB generally need to consume greater memory and more CPU times. Many applications do not need these services, so application servers want to compete with applications
source.
In some cases, unnecessarily use EJB may cause the application to crash. For example, I have encountered a new source recently.
Application for application servers. Business logic is packaged in a series of stateful session beans. Developer
In order to completely disabate the "passivation" "passivation" of these beans in the application server. The client requires the application to deploy in a certain
A commercial application server, and the server is part of the client technology stack. The application server is not allowed to close "blunt"
"Function. In fact, the client does not want to change any of the application servers with its cooperation. As a result, the developer has encountered
Very trouble. (Seems) interesting things are that developers can not give why the code is ejb (and there is still
State session bean implementation is good. Not only the developers will encounter performance issues, but their procedures are not working there.
In web applications, there is no formatted normal Java object (POJO) is an EJB powerful competitor. Pojo is lightweight
Level, unlike an additional burden as EJB. In my opinion, the advantages of many EJBs, such as objects into the pool, estimate
high. Pojo is your friend, don't be bound by it.
Lesson 6: Data Access does not host O / R mapping
All web applications I have participated in providing users from other parts of data, and therefore need one
Data Access Layer. This is not to say that all items need to be identified and established such a layer, which only shows the existence of such layers.
Not implicit is clear. If it is an implicit data layer, the data layer is a business object (ie: business service) layer
Minute. This applies to small applications, but usually in contact with architectural guidelines accepted by large projects.
In summary, the data access layer must meet or exceed the following four standards:
Transparency
Business objects can use data sources in the event of a specific detail that does not know the data source. Since the implementation details are hidden
The data access layer is inside, so access is transparent.
Easy to migrate
Data Access Layers make the application easy to migrate to other database implementations. Business objects do not understand the underlying data implementation,
Therefore, migration only involves modifying the data access layer. Further, if you are deploying a factory strategy, you can
The storage implementation of each underlying is a specific factory implementation. If so, migration to different storage implementations means
The app provides a new factory implementation.
Try to minimize the complexity of the code in business objects
Because the data access layer manages all data access complexity, it can simplify business objects and use data access.
The code for other data clients of the layer. Data Access Layer, not a business object, containing many code related to implementation (example
Such as SQL statement). This brings higher efficiency to developers, better maintainability, improves the readability of the code, etc.
A series of benefits.
Convey all data access in a separate layer
Since all data access operations are now delegated to the data access layer, you can access this separate data access layer
See how you can separate the other parts of the application with data access. This concentration can make the application easy
Maintenance and management.
Note: These criteria do not explicitly call the demand for the O / R (object to the relationship) mapping layer. O / R mapping layer
Create with the O / R mapping tool, which provides an object to view and perceive the relational data structure (Look-Feel). In my opinion
Come, using O / R mapping in the project and similar to using EJB. In most cases, it does not require it. For medium-size
The combination of combination and multi-relational relational databases, O / R mappings become quite complicated. Because the inherent complexity of the O / R mapping solution itself, such as lazy loading, high speed buffer, you will bring your project
To make greater complexity (and risk).
In order to further support my point of view, I will point out the entity bean (O / R mapping) in accordance with Sun Microsystem.
A lot of failures of many failures, this is a problem that has been tortured since version 1.0. Defense measures in Sun
In some early issues, it is to achieve the developer of the EJB specification. This proofs the complexity of entity beans to specify their own
Sex. As a result, most J2EE architects generally believe that it is a good idea from entity beans.
Most applications can only perform a limited number of queries when processing their data. In such applications,
An effective way to access data is to implement a data access layer that implements a series of services (or right) to execute these queries (or
Icon, or API). As described above, in this case, an O / R mapping is not required. O / R mapping when you ask query flexibility
Positive, but remember: This additional flexibility is not cost.
As I promised, in this article, I try to avoid the best practices of Chen. On the contrary, each of the J2EE projects
The most important decision of the architect must make, I concentrated on my point of view. Finally, you should remember: J2EE is not a certain
Specific technologies, nor is it forced to join some of the first letters in the solution. Instead, you should be in place
Machine, appropriate place, use appropriate technology, and follow J2EE guidelines and important than technology itself included in J2EE itself
Many practices.
