Update object properties

点点圈 提交于 2019-12-02 07:06:50

If you need to store informations that

  • must be persistent across the requests;
  • must not be shown in the page;

then you have to use the Session, by implementing SessionAware:


That said, I'm not sure you should store the user password, nor associate passwords to users;

You should make a login page in your web application, handling the password in that Action only, validating it against the database (or whatever), and storing some authentication id in the Session, not the password itself (you won't validate the user again, unless the session expires, then the user will be redirected to login page... no need to keep the password in memory).


That said too, the best practices for user authentication discourage to validate entered passwords against stored passwords on database;

you should use some one-way hashing algorithm (adding a salt to prevent Rainbow Tables attacks) to hash a password, and checking it against the hashed password on the database. This way, not even the database administrator could know the passwords of the users, and in case of a forgotten password, it will be resetted, not retrieved.

In Java one of the best implementations out there is jBCrypt, based on BCrypt.

Hope that helps...


EDIT

As a way to conceptually separate the objects you handle in your Web Application, you can use two different beans: a "Full Bean" for reading, with all the properties, and a "Subset Bean" for writing, containing only the properties that could change.

For example, ID and Password should not change... you could read from Database the "Full", and write to the JSP and then to database the "Subset" (except that in user registration, where you will write the full)...

To make it more understandable, the Full Bean is the Dao Object mapping exactly the database fields, while the Subset Bean is a Presentation Object, that you will create by copying only the desired attributes from the Dao Object... they're both DTOs, but with two different levels of semantic.

Otherwise just put in session your bean, it is one row of code, and you will be ok.

You can check "null"(or a unique value) value at server-side (If it is null, it means : There is no change.) . or you can use this class for update request

Public class person
{

  protected name;
  protected email;
}
Public class personNew: person // inherit from person
{
    private password;
}

I dont use "Struts 2", but in my Web-app(APS.NET C#). I go on this way

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!