It took me a while and the help from Quinton McCombs, Rodney Schneider and
Scott Eade to come to appreciate what Turbine is doing, though my
understanding is still not complete yet.
According to my understanding, Turbine follows a structured sequence in
displaying a page. It always look for a java class file to execute prior
to the display/action, if it fails that, it will execute the Default.class
file as pre-defined in the TR.props file.
To use your example, if you have a html page that is going to post a form,
then you need to write this line in your html page:
<form method="post" action="$link.setAction("FormAction")">
</form>
or
<form method="post" action="$link.setPage("A.vm").setAction("FormAction")">
</form>
(see setPage("A.vm") below).
upon submitting this form, Turbine will look for a FormAction.class to
execute. I stumbled on this for a while, because of the security
restriction imposed upon the FormAction.class. There are three ways this
security can be done:
/ 1. No security your FormAction extends VelocityAction
/
/
submit Form--- 2. Standard security your FormAction extends SecureAction
\
\
\ 3. overriding security your FormAction extends SecureAction
but overrides it.
The SecureAction.java defines how security is implemented, if you want to
do some global redirection / or assign things to roles/group/permission,
you can do it here. The trick is in the isAuthorized() method which is
automatically executed (in the SecureAction class if it is extension to
the your class) everytime the class is invoked - this is not clear in any
of the documentation given, so a bit confusing for beginners.
If you are only interested in applying some special security stuff to a
specific FormAction, you then write your isAuthorized() method explicitly
in your FormAction.java, the one in SecureAction() is then overriden.
Alternatively, if you are not interested in having any security at all,
just extend VelocityAction, then no security check is performed.
A.vm page:
After performing the Form action and submitting the form itself, we need
to return to a page somewhere, this is where is
<form method="post" action="$link.setPage("A.vm").setAction("FormAction")">
</form>
comes into picture. It this setPage("A.vm") is not given in the above line
in your html file, you then need to define it in your FormAction.java
file:
data.setScreenTemplate("Somepage.vm");
if neither is given, then Turbine will throw you back to the Login.vm -
which really confuses me a lot, because each screen is subject to its own
set of security checks!!
The security check for each screen is set out just like the forms,
however, it is called SecureScreen.java under screen dir.
/ 1. No security your SomePage extends VelocityScreen
/
/
submit HTML--- 2. Standard security your SoemPage extends
VelocitySecureAction
\
\
\ 3. overriding security your SomePage extends
VelocitySecureAction
but overrides it.
So, if you want your Secure Form to work smoothly, you need to go through
the whole works with the Screen as well.
hope that helps, I am sorry it is a bit long, I am not good at being
concise, appology to others.
michael
> I am trying to figure out the design of the presentation layer in my
> application. Please let me know your suggestions, and standard coding
> techniques based on the MVC model -
>
> Here's a typical case I need to design -
> 1. A form is displayed for the first time the user logs on.
> 2. After form submit, the data is either saved to the database or in
> case of data-error, the form is re-displayed with the error message.
>
> a. I would like to know if the following code represents a standard way
> of implementing the above case.
> b. As you can see, I am not using any screen java class corresponding to
> form.java(the ones under the screen directory). So when is a screen
> class used? Basically I am trying to figure out the line between an
> action and a screen class.
>
> public class FormAction extends VelocityAction
> {
> public void doView(Rundata data, Context context)
> {
> //get the request params
> .
> //on the basis of request params, populate the context for the
> template .
> setTemplate( data, "form.vm" )
> .
> //set data in HttpSession
> }
>
> public void doSubmit(Rundata data, Context context)
> {
> //get the request params
> .
> //get data from HttpSession
> .
> biz = new Biz( request );
> biz.validate();
> if ( formDataError )
> {
> context.put( "Data invalid. Please reenter data" );
> this.doView(Rundata data, Context context);
> }
>
> biz.saveToDatabase();
> }
> }
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
