Web DbForms (续二)
Advanced Features
高级特征
Fine-grained Security
精密的安全机制
DbForms' security model builds on top of the Java Servlet security model, with its concept of users (principals) and roles.
DbForms的安全模型建立在Java Servlet安全模型之上,使用了用户和角色的概念。
DbForms provides fine-grained declarative definition of rights for data access and manipulation. DbForms can attach security constraints to each table defined in the XML configuration, telling DbForms which kind of database operations may be executed by which user groups.
DbForms对数据访问和操作权限提供了严密而明确的定义。DbForms可以对XML配置中定义的每个表格安装安全约束,告诉DbForms哪些用户组可以操作哪些数据库。
Listing 4. Defining privileges
<dbforms-config>
<table name="customer" >
<field name="id" fieldType="int" isKey="true" />
<field name="firstname" fieldType="char" />
<field name="lastname" fieldType="char" />
<field name="address" fieldType="char" />
<granted-privileges
select = "A,B"
insert = "A"
update = "A,B"
delete = "A" />
</table>
</dbforms-config>
The attributes of the <granted-privileges> element tell DbForms: "Members of group A may select, insert, update and delete customers, and members of B may read and update customers." All other groups (for example, a group C) may not access this table at all.
<granted-privileges>元素的属性对DbForms来说是:“A组成员可以查询,增加,更新和删除客户,B组成员可以读取和更新客户。”其他组成员(例如C组)根本不能访问此表。
File Uploads
文件上传
Managing BLOB Fields is a very easy task when using DbForms; first you have to tell DbForms about BLOB-Fields in the XML configuration file:
用DbForms来管理BLOB字段是很简单的事情;首先,你要在XML配置文件中告诉DbForms有关BLOD字段信息:
Listing 5. Defining fields of type "BLOB"
<dbforms-config>
<table name="pets">
<field name="pet_id" fieldType="int" isKey="true" autoInc="true" />
<field name="name" fieldType ="char" />
<field name="portrait_pic" fieldType ="blob" />
<field name="story" fieldType ="blob" />
</table>
</dbforms-config>
The configuration code-snippet shown in Listing 5 tells DbForms that the fields portrait_pic and story are BLOBs. As you can see, DbForms allows more than one field in a row to be a BLOB.
Listing5所示的配置代码段,告诉了DbForms照片和简历是用BLOB字段保存的。正如你所见的,DbForms允许一行中有多个字段是BLOB类型的。
After defining our BLOB-powered table, we would want to build a JSP for managing the BLOB fields. For this purpose, a new custom tag is introduced:
定义好BLOB表后,我们还要建立一个JSP文件来管理这些BLOB字段。为此,这里引入一个新的自定义标签:
Listing 6. Implementing a file tag
<db:file fieldName="portrait_pic">
The attribute fieldName refers to the name of the field the file needs to be uploaded to. (There exist additional attributes available for this element that are not shown here.)
fieldName的属性值由文件要上传到的字段名决定。(这个元素还有其他属性,这里没有列出来)
This custom tag gets rendered as a HTML <input type="file"> tag, as shown in Figure 6.
此标签显示为一个HTML标签<input type="file">,如图6所示。
Figure 6. The result visible to the user.
This HTML element enables multipart-enabled browsers to submit files to the server.
此HTML元素允许支持multipart的浏览器将文件提交到服务器上。
If we were using BLOBs for storing images in a database, we could write the following JSP code to retrieve and render such a field:
如果我们在数据库中使用BLOB来保存图片,我们可以用下面的JSP代码来取出并显示这个字段:
Listing 7. Rendering images using a blobURL
<img src="<db:blobURL fieldName="portrait_pic"/>" width="100" height="80" border="0">
Special DbForms Feature: DISKBBLOBs
DbForms特性:DISKBBLOBs
There are situations where BLOBs are not an option: if the application uses a RDBMS or JDBC driver without BLOB support, if BLOB support is too slow or even buggy, or if the files should be accessible by other applications without using a database layer.
在一些情况下,不选择BLOBs:如果应用程序使用不支持BLOB的RDBMS或者JDBC驱动,如果BLOB速度太慢甚至有臭虫,或者其他程序不使用数据库层也可以访问这些文件。
DbForms also manages uploads to a file system instead of a database. This is completely transparent to the JSP view developer! For uploading and retrieving file-system-stored objects, the same tags and attributes are used as for uploading and retrieving regular BLOBs.
DbForms管理上传到文件系统而不是数据库。这对JSP视图开发者来说是完全透明的。为了上传和取回作为文件系统保存的对象,上传和取回常规BLOBs使用相同的标签和属性。
The only difference lies in the definition of the Model, where a server directory for storing the files must additionally be specified.
唯一的不同点是在模型的定义方面,即必须另外指定保存文件的服务器目录。
Listing 8. Defining fields of type "DISKBLOB"
<field name="story" fieldType ="diskblob" directory="x:\stories" />
