File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes Controlling Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Controlling "setXXX" access by caller?" Watch "Controlling "setXXX" access by caller?" New topic
Author

Controlling "setXXX" access by caller?

Phil Chuang
Ranch Hand

Joined: Feb 15, 2003
Posts: 251
I'm working on a J2EE model-view-controller type framework, and I was wondering about how I should go about making view objects immutable (read-only). I want to make sure that on the off chance that ppl make malicious JSPs (intentionally or not) that none of the server-side objects are changed. I suppose I could just create a copy of all my current objects and remove the set methods, but there's got to be a better, easier way of doing this. Perhaps extend the original classes and override the set methods? Or is there a way in a method to check who's calling the method?
Jason Menard
Sheriff

Joined: Nov 09, 2000
Posts: 6450
Transfer data between your business layer and view and application layers using data transfer objects (DTOs), sometimes also called "value objects". DTOs are simply objects that encapsulate the data of another object.
A quick example:

Then in your application code you would do something along the lines of:

There are of course various implementations, but this is the general idea. For instance, maybe you would make your view object immutable:

So while maybe using this design pattern isn't easier, it is certainly safer and maintains a separation between the various layers of your application.
Phil Chuang
Ranch Hand

Joined: Feb 15, 2003
Posts: 251
thanks, just what I was looking for. I knew there was a pattern for this but couldn't quite remember what it was.
Phil Chuang
Ranch Hand

Joined: Feb 15, 2003
Posts: 251
On a similar question, is there a way to detect what the calling object is inside a method? Is there a way to do this programmatically? It'd be kind of handy to limit method access by calling object as well as the normal package/protected/public modifiers.
Phil Chuang
Ranch Hand

Joined: Feb 15, 2003
Posts: 251
I'm thinking I could make a sort of key class where the constructor is package-only - then use that to pass to a method to identify that the calling object is from that package...? That way no servlet or jsp could access that method since it wouldn't be able create the key object.
 
 
subject: Controlling "setXXX" access by caller?