WEB Development Technique Series - My Web Framework (Hack Struts)

xiaoxiao2021-03-06 17

I. problem

Why not use the struts framework

Struts is an open framework that many of its underlying is a model of web development. Many classic patterns listed in the "J2EE Design Mode" are reflected in Struts. I think that the most useful Struts is its control framework, that is, Action, others are supporting.

It is very inconvenient to use Struts to develop, and the configuration is cumbersome, although there are many auxiliary tools, but it is still very troublesome. TAG provided by Struts is also very complicated. It takes a lot of time to learn. When a page requires a lot of JavaScript interaction, these TAGs are more complicated, so on the page layer or the original HTML tag practical.

As for the MODEL layer of Struts, it is also redundant because it may be completely Hibernate instead of the JDBC connection. So the database connection provided by Struts is almost unused.

2.Struts Control Framework

It is most useful to mention the Struts control framework, what works do Struts doing on the control layer?

1) Automatic transmission value of page layer parameters

When a Struts Form is defined, the parameter value of the page containing the FORM can be received. For example, there is a Name member variable in the form, there is a

2) Extended automatic values

The auto-transmitted values mentioned above also apply to the upload form. Since the FORM containing the upcoming form must be defined as

so request.getParameter () is not available. The Struts framework is shielded, and you can still use GetName () to get the value in the form in Form.

3) Parameter value test

When the form is submitted, JavaScript can be used to perform or perform a test in the background. Struts placed the actual mechanism in Form, which belongs to the background test, only the application logic can be performed, and the application logic is protected.

The JavaScript test is very intuitive and the biggest problem is very unsafe. You can use the JavaScript (using GET or entering parameters directly) to submit data because the client (ie IE) is fully written or simulated. There are currently more than 80% of websites, JavaScript, if the background does not have additional verification, this vulnerability is very dangerous!

4) Safety Submit

In "J2EE mode" mentioned to ensure that the form is submitted once, use the Token mechanism to prevent repetitive submission of the form. This mechanism is also available in Struts.

In IE, after the data is submitted, "back" can be "back" in submission, or when the data is being submitted, the continuous refresh page submitted data, if there is a token mechanism to prevent repetitive mechanisms, protect the application logic.

II. My web framework

It is analyzing the underlying mechanism of Struts to develop a framework that is more direct than Struts. Simply, it is to achieve a control layer similar to Struts, reserved the display layer, the most original HTML tag, model layer Then define themselves, techniques such as JDBC or Hibernate can be used.

The core code is as follows: The framework directly inherits the servlet, mainly complete the following tasks:

RESET (); reset

2. The initial request, complete the automatic copy of the parameter value, that is, the features 1 and 2 mentioned above, the code is as follows:

If it is a Multipart form commit, processing is more cumbersome. These codes refer to the underlying code of Struts.

3. Is the TOKEN in the test form valid.

4. Perform the parameter papers of the user part, only the application logic is performed only by the user's papers.

During the test, the picture test code mechanism (optional) is integrated, and the submission of the form is further protected.

Item. Effect

1. Display layer (JSP page, using the original HTML tag)

It can be seen that there is no difference with the ordinary JSP page, all is HTML tags. In order to interact with control, the only thing is to insert a control tag .

When this page shows the following:

The corresponding HTML code is:

You can see that the HTML code contains a unique token of the form.

2. Control layer

Control layer contains two parts

1) Execute the parameter papers and feed back the parameters to the page.

2) After the test is passed, the application logic is executed.

The above mentioned token papers are integrated in genericArt, and users only need to inherit generics.

3. File upload and array parameters

Contains Multipart's form, where there is file upload, there are arrays

Mapping relations

Actual mechanism

Application logic

Summary.

This framework is similar to the control framework in Struts, releases the display layer and the model layer, and choose the technical implementation of these two parts. In my web development, the model layer uses the Hibernate mechanism, and the display layer uses JSP 2.0, the control layer inherits this framework.

If you are interested in this frame, you can send email, I hope I can do better!

转载请注明原文地址:https://www.9cbs.com/read-56109.html

9cbs

New Post(0)