Integrating databases and security in Struts2 enables nothing special,this article provides you different database accessing ways and various authentication and authorization occurring ways. The authentication and authorization occurring levels will be decided by the developer.
Database Integration
Different database accessing ways are through
1. Tag Libraries
In Struts2, Accessing data directly from the JSPs through tag library is possible. These tag libraries are custom libraries or JSTL. After accessing the data, the information will be formatted. But database integration using this method is a bad idea because our framework is action based.
2. Custom DAOs(Through Dependency Injection)
By using dependency injection, we can make use of the library for injecting in your DAO which is useful in the action. Creating the instance and calling the methods are possible, if there is reference from action to DAO.
3. DAO or ORM(Through Dependency Injection)
If we are using libraries such as ORM or advanced DAO like Hibernate or iBatis, we can make utilize the framework like Spring. For configuring and initializing different ORM and DAO libraries, Spring will provide all the necessary things. Here all the DAO instances will be ready, while the action want to access a business logic.
4. Business Services (Indirect Accessing)
Here the direct accessing of DAO does not take place. Instead of that it will call the business services, through which the DAO will be called. Using the ‘dependency injection’ framework the business services will be injected to the action.
Security Integration
Authentication can occur external or with in the application. But the authorization can occur at the level of URI, level of sub-page, level of action, level of business service, level of database or domain object.
In Struts2 the URI accessing authentication is made by the user. After accessing the application, there are some options. The first option is that through the ‘HttpServletRequest’ object, an external solution gives the clients the credentials. From here at the action level itself the user name and other information about the user is fetched. The next option is that the ‘HttpServletRequest’ gets the users’ credentials which have not been populated. Here for authentication and populating the information, there needs the development of interceptor. The next option is that, get everything from a third party solution. This third party will be responsible for all our secure web application. In this case an action could be paired with an interceptor for supplying the ‘Authz’ instance from the interceptor to the action.