stackoom
  简体   繁体   中英

Best practice for modelling a user class in a client-server-environment

 原文  2012-06-02 14:30:22       java/ model/ client-server/ modeling

Question

We're developing a client and server application for the library of the university. Beside all book managing and lending functions the application has to be able to manage users.

We decided on 3 different user types :

  1. Guests (may view basic information)
  2. Logged in users (access basic functions like book borrowing)
  3. Administrators (full access, including managing books and users)

This is my first bigger project and even though I read many Java lectures I cannot decide on a good way of modelling the following requirements *on the client side :

  • The client application has to manage the current login. The current user may change their basic information.
  • Administrators may change all information

Now my problem: Shall every User class have the getters and setters, even though the current user may only be a Guest? What shall happen in the case when a setXY() is called without the rights to change information? Where in the code shall the authorization happen? User class? Server-API class?

A example or a link to an existing model like this would be very helpful. Thanks in advance.

2 answers

solution1
 2 ACCPTED  2012-06-02 15:32:22

One approach would be to use inheritance, ie a base abstract User class and AnonymousUser, GuestUser and AdminUser. Each class extends the capabilities of its parent. That works in simple scenarios but it is not flexible and especially hard to extend afterwards.

A better solution would be to create a User class that implements all required functionality (~ AdminClass in former example) and wrap it in a proxy that is aware of the different user roles and may restrict access to single methods.

These checks should always take place at the server, as you can not prevent requests from malicious clients.

solution2
 1  2012-06-02 14:43:55

Just curious - is this a homework assignment? You don't mean that you're creating a real system for a real university that will be run in production, do you?

I think you need a role based security solution, not a class hierarchy. I'd recommend not rolling your own and going with something like Spring Security.

I'll add that you should use Spring as well. It'll make that app better.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Client server best practice java Best practice for client/server communication Android Java “User” class naming best practice? Timestamp from the client or the server - What's the best practice? GWT Best practice to send huge amount of data from server to client Best practice for android client to communicate with a server using threads Best practices in modelling user constraints in a webapp? Class best practice Best practice for single client servers? REST API response modelling on client side - best practices
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM