tags:

views:

1284

answers:

3
+1  Q: 

Data handling in web app with GWT, Struts and Hibernate

I am writing a Web App using Struts and Hibernate. Recently, I discovered GWT and the Visualization API. This all looked very interesting and provides AJAX functionalities that my app needs. I'm a newbie that is quite confused....

Where to put data access level checks?

In the web app, users have different level of access for the data. e.g. different combinations of read/write privileges for different data. There will be some kind of user profile that the app checks for when any data is accessed or modified. The user will be given data access according the result -- denied viewing access or can see the data but cannot change it etc. I'm not sure where to put this particular check. I guess I could have it coded in the DAO's, everytime data operation is processed, manually check the queried data against the profile. Or, put it in the business logic/display layer, if an user does not have a data access privilege, take the button away from the user. Or both? Or is there a configuration file in hibernate somewhere I can specify data access privileges for all the tables mapped?

Best practice for passing information around

There is great need to communication between the model/view/controller, make RPC call for GWT and pass data off to the Visualization code to render charts and stuff. I'm guessing it definitely need some kind of translator that converts Java objects into JSON objects in order to make gwt-rpc calls and draw charts with the Visualization API. Am I correct? Also, in terms of passing information around in Struts and Hiberante -- is writing Data Transfer Objects a good idea? Then just pass beans around all the time? Or (I just came across this today..not even sure if I understood it correctly) maybe bind the objects onto JNDI, and access them from other parts of the program?

Any input/clarification will be appreciated. Thank you very much!

+1  A: 

I can't speak much about your first question because I really don't like using Struts for anything GWT related.

As to your second question, no you shouldn't have to use any JSON. It sounds like your back end is Java, which means that the GWT RPC mechanism will just work with POJOs. So you would just create the objects you need for drawing and pass them back and forth between your client and server. GWT will do all the RPC stuff for you out of the box.

Writing Data Transfer objects might be necessary, but only if your hibernate model files contain things that the GWT compiler can't understand. I normally user EJB3 and Stripes (instead of Hibernate and Struts) and in my case I never have to write any data transfer objects, I just use the EJB3 POJOs and pass them between my client and server.

rustyshelf  2009-02-06 03:01:08
if you use hibernate, your domain object can not be serialized by gwt, even if it only contains gwt serializable objects. thats because hibernate proxies the results, especially sets/lists. you will beed DTO's unless the objects participating in rpc are not from hibernate.
Chii  2009-02-07 02:10:30
Thanks for your input! I still have to explore more about RPC...
tomato  2009-02-13 02:16:41
+2  A: 

access level checks:

i would seperate the access level checks into its own class, and have your "controllers" call the access managers first before calling DAO's. i.e., each action performs a check before doing the DAO calls to get/insert data.

but a better method, if you are using gwt, is to make RPC calls instead of using struts actions. the rpc calls becomes the "controllers" i mentioned above, and can do access checks using the managers i mentioned above - i.e., elminitate actions.

as for the access managers, i recommend enumerating all granular access privileges, and the compose these priviledges into a set that can be associated with each user/profile/whatever.

passing info around gwt is a pain to work with hibernate - you can try using Gilead , but i havent had much success with it, its too cumbersome for me. your idea with json converting is the right way to go in gwt imho. gwt 1.5 supports whats called javascript object overlay, which lets you return json, and "superimpose" it into a gwt java object directly with little code on your part. check out this post for more info.

the other method is to roll your own DTO generation facility (which is what Gilead is meant to do, but i dont think it does autogeneration?not sure). implement it as part of your build. its a bit of extra work that wouldnt be worth it if its not a large project.

Chii  2009-02-07 02:23:12
A: 

Data access level checks in server side is the safest way. But still GWT generates a packed JS. You can do it on Client side. But in that case user profile should be checked/fetched in/from the server side every time.

passing info around: I am using delimited strings in vector. And it is running good...

iftee  2009-10-30 19:52:59

related questions

Stop a event from bubbling in GWT
How can I format text in GWT label widget
GWT FileUpload initial path
Can't compile class calling a method in an interface with a generic list argument
Which effects library should I integrate with GWT?
Client side Callback in GWT
GWT Table that supports sorting, scrolling and filtering
Google Web Toolkit
Extract all string from a java project
http/AJAX (GWT) vs Eclipse gui for thin client deployment
Why does GWT ignore browser locale?
How do I add a type to GWT's Serialization Policy whitelist?
How do I make a gwt-ext window not resize when its content resizes?
Best practice for parameterizing GWT app?
GWT-EXT - What is the best way to widgets to a specific ContentPanel after an event?
GWT or DOJO or something else?
How can I best connect Seam and GWT in a stateful web application?
Biggest GWT Pitfalls?
Creating a fluid panel in GWT to fill the page?
Widget notifying other widget(s)
gwt lazy loading
GWT context.xml in shell mode
Should I use Google Web Toolkit for my new webapp?
how to get locale information on a GWT application
Stand alone charts in GWT