堆栈内存溢出
  简体   繁体   English

在客户端-服务器环境中为用户类建模的最佳实践

[英]Best practice for modelling a user class in a client-server-environment

 原文  2012-06-02 14:30:22       java/ model/ client-server/ modeling

问题描述

We're developing a client and server application for the library of the university. 我们正在为大学图书馆开发客户端和服务器应用程序。 Beside all book managing and lending functions the application has to be able to manage users. 除了所有图书管理和借阅功能外,该应用程序还必须能够管理用户。

We decided on 3 different user types : 我们决定了3种不同的用户类型

  1. Guests (may view basic information) 来宾 (可以查看基本信息)
  2. Logged in users (access basic functions like book borrowing) 登录的用户 (访问基本功能,例如借书)
  3. Administrators (full access, including managing books and users) 管理员 (完全访问权限,包括管理书籍和用户)

This is my first bigger project and even though I read many Java lectures I cannot decide on a good way of modelling the following requirements *on the client side : 这是我的第一个更大的项目,即使我阅读了许多Java讲座,也无法决定在客户端*以下需求建模的好方法:

  • The client application has to manage the current login. 客户端应用程序必须管理当前登录名。 The current user may change their basic information. 当前用户可以更改其基本信息。
  • Administrators may change all information 管理员可以更改所有信息

Now my problem: Shall every User class have the getters and setters, even though the current user may only be a Guest? 现在我的问题是:即使当前用户只能是Guest,每个User类都应该具有getter和setters吗? What shall happen in the case when a setXY() is called without the rights to change information? 在没有更改信息权限的情况下调用setXY()会发生什么情况? Where in the code shall the authorization happen? 授权应在代码中的何处进行? User class? 用户类别? Server-API class? 服务器API类?

A example or a link to an existing model like this would be very helpful. 这样的示例或指向现有模型的链接将非常有帮助。 Thanks in advance. 提前致谢。

2 个解决方案

解决方案1
 2 已采纳  2012-06-02 15:32:22

One approach would be to use inheritance, ie a base abstract User class and AnonymousUser, GuestUser and AdminUser. 一种方法是使用继承,即基础抽象User类以及AnonymousUser,GuestUser和AdminUser。 Each class extends the capabilities of its parent. 每个类都扩展了其父级的功能。 That works in simple scenarios but it is not flexible and especially hard to extend afterwards. 这在简单的场景中有效,但不灵活,尤其难以扩展。

A better solution would be to create a User class that implements all required functionality (~ AdminClass in former example) and wrap it in a proxy that is aware of the different user roles and may restrict access to single methods. 更好的解决方案是创建一个实现所有必需功能的User类(在前面的示例中为〜AdminClass),并将其包装在知道不同用户角色并可能限制对单个方法访问的代理中。

These checks should always take place at the server, as you can not prevent requests from malicious clients. 这些检查应始终在服务器上进行,因为您不能阻止恶意客户端的请求。

解决方案2
 1  2012-06-02 14:43:55

Just curious - is this a homework assignment? 只是好奇-这是一项家庭作业吗? You don't mean that you're creating a real system for a real university that will be run in production, do you? 您并不是说您要为一所真正的大学创建一个可以在生产环境中运行的真实系统,对吗?

I think you need a role based security solution, not a class hierarchy. 我认为您需要基于角色的安全解决方案,而不是类层次结构。 I'd recommend not rolling your own and going with something like Spring Security. 我建议不要自己动手,不要使用诸如Spring Security之类的工具。

I'll add that you should use Spring as well. 我要补充一点,您也应该使用Spring。 It'll make that app better. 它将使该应用程序更好。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 客户端服务器最佳实践 java - Client server best practice java 客户端/服务器通信最佳实践Android - Best practice for client/server communication Android Java“用户”类命名最佳实践? - Java “User” class naming best practice? 来自客户端或服务器的时间戳-最佳做法是什么? - Timestamp from the client or the server - What's the best practice? GWT从服务器向客户端发送大量数据的最佳实践 - GWT Best practice to send huge amount of data from server to client Android客户端使用线程与服务器通信的最佳实践 - Best practice for android client to communicate with a server using threads 在webapp中建模用户约束的最佳实践? - Best practices in modelling user constraints in a webapp? 班级最佳实践 - Class best practice 单客户端服务器的最佳实践? - Best practice for single client servers? 客户端的 REST API 响应建模 - 最佳实践 - REST API response modelling on client side - best practices
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM