Hi Chris, what do you mean by "interfaces to filter" (sorry for the stupidness)??? Is it an ordinary Servlet filter?? If so, i remember once using a few filters but i coulnd`t get a reference to the request it self, only to the context as a whole. Could you give an example?
--- "McCormack, Chris" <[EMAIL PROTECTED]> escreveu: > Look at using interfaces to filter the sensitive > data away from each user when putting the data > object in the request. > > Chris McCormack > > -----Original Message----- > From: Leandro Melo > [mailto:[EMAIL PROTECTED] > Sent: 15 October 2004 13:53 > To: Struts Users Mailing List > Subject: RE: Exposing ActionForm and MVC fields > > > Hi guys, thanks for your opinions, it seems that > both > of you stick with approach 2. > > However, none of you mentioned that "exposing > ActionForm fields" problem. > > Suppose if build then 2 different pages (as you > adviced me). I guess my Action for this both pages > would still be the same, it will only send the > request > to 2 different pages depending the type of the > company. Usually, i set the jsps pages form`s inside > this Action (normally with BeanUtils), what will > force > me to give the correct names for the jsp form fields > (even if they are labels for the case the user > cannot > alter them). In this case, i`m still suceptible to > be > hacked by javascript, because of the ActionForm > fields > exposure. > What about that??? > > > > --- "McCormack, Chris" > <[EMAIL PROTECTED]> escreveu: > > +1 > > > > You could still create common elements to both > pages > > which will help maintain a look and feel and reuse > > existing code, look at using different tile > layouts > > for each user type but the elements in the page > are > > common jsp/tile definitions. > > If the spec for one user changes then you could > > simply just copy the tile fragment that was > changing > > to a new location and work on it, then change the > > tile definition for that user to point to the > > updated fragement. > > You would still maintain a majority of common code > > and in the long run even if both user views > totally > > change you can deal with it as and when the > changes > > happen by copying and altering each tile fragment > > that is changing and updating the tile definition > to > > point to the new fragment. > > > > Chris McCormack > > > > -----Original Message----- > > From: Freddy Villalba A. > > [mailto:[EMAIL PROTECTED] > > Sent: 15 October 2004 11:54 > > To: Struts Users Mailing List > > Subject: RE: Exposing ActionForm and MVC fields > > > > > > Hi, > > > > I'd go for approach #2. After all, they are > > different VIEWS of the same > > Model. > > > > I've faced this situation in a couple of projects > > before, and in both cases > > buyer's and seller's views differed in the long > run. > > The more complex your > > business rules / model gets, the higher is the > > chance for that happening. It > > may seem the right way to go at first (specially > if > > the differences are > > insignificant), but after a few meetings with the > > corporate managers, you'll > > realize it was not such a smart move after all! :P > > > > My humble oppinion, > > Freddy. > > > > -----Mensaje original----- > > De: Leandro Melo > [mailto:[EMAIL PROTECTED] > > Enviado el: viernes, 15 de octubre de 2004 3:30 > > Para: struts jakarta > > Asunto: Exposing ActionForm and MVC fields > > > > > > Hi, > > i'd like to hear some opinions. > > > > I got a b2b application. I'm facing a desing > > problem. > > This problems is associated basically to 2 themes: > > - MVC > > - Exposing AcfionForm fields. > > > > I got a page where the BUYER fills a form to buy > an > > specific item. The steps are very simple. > > > > 1 - He sends a request for a quotation. > > 2 - After the quotation, he sends a request for an > > order. > > > > The point is... > > When the SELLER goes to make the quotation he's > > supposed to see a very similar page to the one the > > BUYER filled the information. This is obvious as > the > > information is the same for both parts. So, should > i > > implement the page for the SELLER: > > > > ======>>>>>>> APPROACH 1 - using the same exact > page > > as the BUYER for the SELLER. Then i'd make the > > fields > > the BUYER filled disabled (or just make them > labels) > > using some kind o scriptlet like this. > > > > <input .... <%= sellerVisibility %> .../> , > > > > where sellerVisibility would be something = > > "disabled=true" > > > > This approach seems nice to but i'd say that it's > > just > > not that cool!!! It doesn't look nice from an MVC > > point of view. I'll take the risk of having a lot > of > > this kind of scripts in pages as the times goes > by. > > I know that the Action (control layer) is actually > > responsible for setting the "sellerVisibility", > what > > means that it's also not that bad from the MVC > point > > of view. > > But any way, the major problem with this approah > is > > that i use BeanUtils to copy data from the > > ActionForms > > to the VOs and vice-versa. So even with the fields > > disabled, i would take the risk of some smart guy > > cheatting and setting via javascript the fields > he's > > not supposed to set. And as i copy the data with > > BeanUtils, my data will be changed when it's not > > supposed to do so. > > > > > > ========>>>>> APPROACH 2 - just create another > page > > for the BUYER. This page would look exactly the > same > > for the BUYER and the SELLER, but they'll be > > different > > pages. This way, i can build this other very > similar > > page without exposing my ActionForma attributes. > > This > > approach seems to me allright from the MVC point > of > > view. > > But the problem of this approach is that i'd start > > building some kind of redundant and duplicated > code. > > > > > > Any opinions...???? > > > > Leandro. > > > > > > > > > > > > > _______________________________________________________ > > Yahoo! Acesso Grátis - Internet rápida e grátis. > > Instale o discador agora! > > http://br.acesso.yahoo.com/ > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > *********************************************** > > This e-mail and its attachments are confidential > > and are intended for the above named recipient > > only. If this has come to you in error, please > > notify the sender immediately and delete this > > e-mail from your system. > > You must take no action based on this, nor must > > you copy or disclose it or any part of its > contents > > to any person or organisation. > > Statements and opinions contained in this email > may > > not necessarily represent those of Littlewoods. > > Please note that e-mail communications may be > > monitored. > > The registered office of Littlewoods Limited and > its > > subsidiaries is 100 Old Hall Street, Liverpool, > L70 > > 1AB. > > Registered number of Littlewoods Limited is > 262152. > > ************************************************ > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > _______________________________________________________ > > Yahoo! Acesso Grátis - Internet rápida e grátis. > Instale o discador agora! > http://br.acesso.yahoo.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > *********************************************** > This e-mail and its attachments are confidential > and are intended for the above named recipient > only. If this has come to you in error, please > notify the sender immediately and delete this > e-mail from your system. > You must take no action based on this, nor must > you copy or disclose it or any part of its contents > to any person or organisation. > Statements and opinions contained in this email may > not necessarily represent those of Littlewoods. > Please note that e-mail communications may be > monitored. > The registered office of Littlewoods Limited and its > subsidiaries is 100 Old Hall Street, Liverpool, L70 > 1AB. > Registered number of Littlewoods Limited is 262152. > ************************************************ > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > _______________________________________________________ Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
