ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Web DbForms
Pages: 1, 2, 3, 4, 5

Advanced Features

Fine-grained Security

DbForms' security model builds on top of the Java Servlet security model, with its concept of users (principals) and roles.

DbForms provides fine-grained declarative definition of rights for data access and manipulation. DbForms can attach security constraints to each table defined in the XML configuration, telling DbForms which kind of database operations may be executed by which user groups.

Listing 4. Defining privileges


  <table name="customer" >
    <field name="id" fieldType="int" isKey="true" />
    <field name="firstname" fieldType="char" />
    <field name="lastname" fieldType="char" />
    <field name="address" fieldType="char" />

      select = "A,B"
      insert = "A"
      update = "A,B"
      delete = "A" />


The attributes of the <granted-privileges> element tell DbForms: "Members of group A may select, insert, update and delete customers, and members of B may read and update customers." All other groups (for example, a group C) may not access this table at all.

File Uploads

Managing BLOB Fields is a very easy task when using DbForms; first you have to tell DbForms about BLOB-Fields in the XML configuration file:

Listing 5. Defining fields of type "BLOB"


  <table name="pets">
    <field name="pet_id" fieldType="int" isKey="true" autoInc="true" />
    <field name="name" fieldType ="char" />
    <field name="portrait_pic" fieldType ="blob" />
    <field name="story" fieldType ="blob" />


The configuration code-snippet shown in Listing 5 tells DbForms that the fields portrait_pic and story are BLOBs. As you can see, DbForms allows more than one field in a row to be a BLOB.

After defining our BLOB-powered table, we would want to build a JSP for managing the BLOB fields. For this purpose, a new custom tag is introduced:

Listing 6. Implementing a file tag

<db:file fieldName="portrait_pic">

The attribute fieldName refers to the name of the field the file needs to be uploaded to. (There exist additional attributes available for this element that are not shown here.)

This custom tag gets rendered as a HTML <input type="file"> tag, as shown in Figure 6.

Screen shot.
Figure 6. The result visible to the user.

This HTML element enables multipart-enabled browsers to submit files to the server.

If we were using BLOBs for storing images in a database, we could write the following JSP code to retrieve and render such a field:

Listing 7. Rendering images using a blobURL

<img src="<db:blobURL fieldName="portrait_pic"/>" width="100" height="80" border="0">

Special DbForms Feature: DISKBBLOBs

There are situations where BLOBs are not an option: if the application uses a RDBMS or JDBC driver without BLOB support, if BLOB support is too slow or even buggy, or if the files should be accessible by other applications without using a database layer.

DbForms also manages uploads to a file system instead of a database. This is completely transparent to the JSP view developer! For uploading and retrieving file-system-stored objects, the same tags and attributes are used as for uploading and retrieving regular BLOBs.

The only difference lies in the definition of the Model, where a server directory for storing the files must additionally be specified.

Listing 8. Defining fields of type "DISKBLOB"

<field name="story" fieldType ="diskblob" directory="x:\stories" />

Pages: 1, 2, 3, 4, 5

Next Pagearrow