I am writing a Web App using Struts and Hibernate. Recently, I discovered GWT and the Visualization API. This all looked very interesting and provides AJAX functionalities that my app needs. I'm a newbie that is quite confused....
In the web app, users have different level of access for the data. e.g. different combinations of read/write privileges for different data. There will be some kind of user profile that the app checks for when any data is accessed or modified. The user will be given data access according the result -- denied viewing access or can see the data but cannot change it etc. I'm not sure where to put this particular check. I guess I could have it coded in the DAO's, everytime data operation is processed, manually check the queried data against the profile. Or, put it in the business logic/display layer, if an user does not have a data access privilege, take the button away from the user. Or both? Or is there a configuration file in hibernate somewhere I can specify data access privileges for all the tables mapped?
There is great need to communication between the model/view/controller, make RPC call for GWT and pass data off to the Visualization code to render charts and stuff. I'm guessing it definitely need some kind of translator that converts Java objects into JSON objects in order to make gwt-rpc calls and draw charts with the Visualization API. Am I correct? Also, in terms of passing information around in Struts and Hiberante -- is writing Data Transfer Objects a good idea? Then just pass beans around all the time? Or (I just came across this today..not even sure if I understood it correctly) maybe bind the objects onto JNDI, and access them from other parts of the program?
Any input/clarification will be appreciated. Thank you very much!
access level checks:
i would seperate the access level checks into its own class, and have your "controllers" call the access managers first before calling DAO's. i.e., each action performs a check before doing the DAO calls to get/insert data.
but a better method, if you are using gwt, is to make RPC calls instead of using struts actions. the rpc calls becomes the "controllers" i mentioned above, and can do access checks using the managers i mentioned above - i.e., elminitate actions.
as for the access managers, i recommend enumerating all granular access privileges, and the compose these priviledges into a set that can be associated with each user/profile/whatever.
passing info around gwt is a pain to work with hibernate - you can try using Gilead , but i havent had much success with it, its too cumbersome for me. your idea with json converting is the right way to go in gwt imho. gwt 1.5 supports whats called javascript object overlay, which lets you return json, and "superimpose" it into a gwt java object directly with little code on your part. check out this post for more info.
the other method is to roll your own DTO generation facility (which is what Gilead is meant to do, but i dont think it does autogeneration?not sure). implement it as part of your build. its a bit of extra work that wouldnt be worth it if its not a large project.