• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Advice needed on how to connect to a database in JSP

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I'm trying to make a web app with form-based user authentication, with connection to a database. Very classical.
All examples I've seen so far (2 or 3) establish the connection to the database directly on the page and hardcode the database user and password in it.
Even if this is jsp code and isn't sent back to the client, I believe this is stupid from a security standpoint.
So I thought it was better to establish the connection through a custom bean and call it in the JSP page. The bean must :
1. call the jdbc driver and make the connection to the database.
2. run a query against it with request-specific parameters.
It seems obvious that the bean should have a session scope.
However, the connection to the database need not be specific to each request. Only the query is specific.
So what should i do ?
create a "connection" bean with application scope and a query bean with session scope ? or use the same bean for both and a connection pooling ?
Any remarks welcome. Thanks.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Howdy and welcome to the Ranch!

Any remarks welcome.


Well, since you put it that way, I'll pipe in my 2-cents in that I don't think you should do any of this from JSP pages at all. I'd recommend that you investigate the "Model 2" architecture pattern and perform all database activity in a servlet that then forwards off to a JSP page for display.
If you reject such a pattern, then I'd say that abstracting your logic into beans (and off the pages) is the next best thing.
In either pattern, I'd create a connection pool that 'lives' in application scope (no real need to make it per-session, is there?) to supply connections to the servlet or beans that need them for database operations.
hth,
bear
P.S. Searching this and the Servlets forum for "Model 2" or "MVC" will yield lots of useful info.
[ August 22, 2003: Message edited by: Bear Bibeault ]
 
Tarek Riabi
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Excellent ! Many thanks !
I actually saw this Model 2 / MVC talked about in several places and specifically related to jsp, on Sun's site. I know the Struts framework is a well-known implementation of it, but it's too complicated for me to digest now.
I think I'm going to return to this site I saw the model 2 explained. I'm all for using patterns whenever possible. Thanks again.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As you rightly pointed out, Struts is merely an implementation of a Model 2 framework. You do not need to get involved with Struts in order to design your app to the Model 2 pattern.
I think it's great to have frameworks that make writing complex web apps easier and more orderly (I've written one myself for use in all my web apps), but sometimes people get scared into thinking that they must adopt one of these frameworks to go the Model 2 route, and so they end up writing page-centric (so-called Model 1) web apps instead.
I'd also go as far as to say that it's probably best to do some brute-force Model 2 work on your own to begin with. That way, once (or if) you do decide to adopt a framework, it'll seem less like black magic if you understand the pattern it is based upon.
Another pattern to look for in understanding Model 2 is the Front Controller pattern.
And rememeber, we're here for any questions you might have.
hth,
bear
 
Ranch Hand
Posts: 285
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Bear,
I have a small question along the lines of your first answer above. Should there never ever be any database queries in a JSP page?
For example, I am re-writing my app using the model 2 MVC and I have a template where the menu gets loaded from a database table. Here what I have done is to use JSTL and place the query inside my JSP page.
In another page display_content.jsp > the controller checks which pages should simply load info from the database, it sets the categoryID, places it inside the request scope and then the display_content.jsp has a query and displays the content from the table. Again, I have placed the actual query inside the JSP.
Would it better done in a different way?
Thanks in advance.
 
Ranch Hand
Posts: 251
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Whenever you're serious about creating a web application, you'll want to steer clear of doing any work in the JSPs. The Model 2/MVC/n-tier architectures are very popular for a reason, that they make developing, understanding, web applications much much easier. In the long run, anyway - if this is just a quick and dirty job, then you probably won't see much benefit to taking the time to architect it "properly." But if it's a serious application, then separate any logic other than presentation from JSPs. Everything on a JSP should be for presentation purposes, or input/output, etc. But all the business rules and logic should happen behind the scenes, kicked off by a servlet. I'm currently developing an n-tiered application, and it's gotten to the point to where it will work with either JSPs/servlets or Swing! It's a very good design when you can use the same backend code for different GUIs
Keep everything loosely coupled, and things will be organized much better.
View(presentation) <- model(objects) <- controller <-> non web-specific java <-> database
[ August 25, 2003: Message edited by: Phil Chuang ]
 
reply
    Bookmark Topic Watch Topic
  • New Topic