struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Perry" <>
Subject RE: Theoretical debate
Date Fri, 18 Jun 2004 10:30:06 GMT
I personally think struts is spot on.  I think it does follow Java & OO
principles, and many J2EE patterns.

My struts apps generally consist of DAOs which handle simple methods, and
some services which handle more complex operations.  These interact with
beans which are persisted using OJB.

The actions (and jsps) provide the view layer.  All my actions do is parse
submitted data, and call methods in services/DAOs.  I would not be atall
happy at providing direct access to services due to lack of
validation/security checks.  Some of my actions are quite big, providing
multi level checks on data.

This whole idea of "transparent" access to beans/services scares me.  It
reminds me of CGI programming, and all the security problems that came with

Web apps are very different to traditional apps.  With traditional apps the
user has no access to variables being passed between the user interface and
service layer.  With webapps they can do anythign they like to data that
gets as far as them.

Eg.  Say a users looks at their list of transactions, and clicks on a link
to view details: ""  The user can change
the url to "=750" and try to access someone elses transaction.

The first thing a struts app should do is load transaction 753, and see who
it belongs to. If it doesnt belong to the user (who is probably recorded in
the session) then send them on to an error page.  Without the struts action
doing this check, the method in the service: getTransaction(int
transactionId) will probably be called directly.  Normally a service would
not be expected to do the check, as it will probably be used by UI
components as well as low level system components.

The struts actions (if coded well) add a nice isolation layer between the
view and business services.

Anyway, that's my take on things!


> -----Original Message-----
> From: mike []
> Sent: 17 June 2004 21:45
> To: Struts Users Mailing List; Struts Users Mailing List
> Subject: RE: Theoretical debate
> +1  I personally do not find what you have to or can do with
> Struts much of
> a problem at all.  I like the freedom the separation gives me.  It is
> rather like the defensive idea of Aaron Nitzovitch in chess.  If you just
> defend a square or piece as much as required, all the defensive
> pieces are
> tied down.  However, if you add an additional defender, then all your
> pieces incorporated into the defense are free to abandon that task and a
> very interesting and deep interchange of offense and defense
> results.  The
> separation of functions in Struts does this for me.  I think I prefer the
> Struts approach to the JSF approach as well, although like
> everyone else, I
> would like and try to achieve a hybrid for my purposes.
> Michael
> At 01:29 PM 6/17/2004, Hubert Rabago wrote:
> >  > From: Frank Zammetti []
> >  > Most likely you would have a ShoppingCart class with a
> number of methods
> >in it,
> >  > things like addItem(), removeItem(), totalPrice(), etc.
> >
> >I follow this design on my applications, on the *business logic* tier.
> >On that tier (whether I implement it as EJBs or POJOs), I would have an
> >actual business object that would have these methods.
> >I tend to look at Struts as a necessary add-on to the application to give
> >it a web front end.
> >To me, my web application isn't "a collection of services that
> are executed
> >to form a coherent larger application", rather it's just an interface
> >to the actual application that runs on the server.
> >
> >
> >  --- "Hookom, Jacob" <> wrote:
> >  > With Struts, I have to create an ActionForm objects (can't just use a
> >  > business object I already have), and then create separate
> Action objects
> >to
> >
> >Because of the way I view my app, I have no problem separating
> my view of the
> >objects in my interface and my app's business objects.  I fully
> understand
> >the need for separate ActionForm objects (users work with untyped string
> >values, my business tier works with typed values, the Action
> object goes in
> >between).  Still, I don't like having to create string-ified
> counterparts of
> >my business objects.  That's how the FormDef project began (
> > and ).
> >
> >I haven't tried JSF yet, but I don't think I want my business
> tier objects
> >"contaminated" with presentation-tier specifics, such as the
> callback methods
> >JSF needs on their managed beans.
> >
> >  >
> >  > Any thoughts?
> >  >
> >  > Frank
> >  >
> >
> >
> >Hubert
> >
> >
> >
> >
> >__________________________________
> >Do you Yahoo!?
> >Yahoo! Mail is new and improved - Check it out!
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> >For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message