译者:Flyingis
译文链接:http://www.blogjava.net/flyingis/archive/2006/11/18/81898.html
http://gis.iteye.com/blog/34853
原文链接:http://getahead.ltd.uk/dwr/server/servlet
翻译目录:http://www.blogjava.net/flyingis/archive/2006/11/17/81862.html
声明:文章可以转载,但请注明原文及译文出处。
Reference to DWR entries in WEB-INF/web.xml
The minimum possible additions to your web.xml, are simply those to declare the DWR servlet without which none of this would work. So the least you can get away with looks something like this:
使用 DWR 需要在 web.xml 中声明 DWR servlet ,以下是保证 DWR 运行的最基本的代码,缺少哪一部分 DWR 都不能正常运行:
- <servlet>
- <servlet-name>dwr-invoker<<!---->servlet-name>
- <servlet-class>uk.ltd.getahead.dwr.DWRServlet<<!---->servlet-class>
- <!----><servlet>
- <servlet-mapping>
- <servlet-name>dwr-invoker<<!---->servlet-name>
- <url-pattern>/dwr/*<<!---->url-pattern>
- <!----><servlet-mapping>
In addition to this there are several extra servlet parameters that are somewhere between important and vaguely useful.
除了这些外,还有一些额外的 servlet 参数,它们或多或少都会起到一定的作用。
Logging
Multiple dwr.xml files
Plug-ins
Test Mode
Logging
DWR works in JDK 1.3 which does not support java.util.logging, but we don't want to force anyone to use commons-logging or log4j, so DWR will work if no logging classes are present by using the HttpServlet.log() methods. However if DWR discovers commons-logging then it will use that.
在 JDK1.3 下运行的 DWR 不支持 java.util.logging ,而我们又不想强迫任何人去使用 commons-logging 或 log4j ,因此当没有任何日志包可以使用的时候, DWR 将使用 HttpServlet.log() 方法。当然,如果 commons-logging 存在, DWR 将使用它。
Commons-Logging
Almost everyone will be using commons-logging because most servlet containers use it. So even if your webapp isn't explicitly using commons-logging it is probably available by default.
几乎所有人都会使用 commons-logging ,因为大多数 servlet 容器都会用到它。因此,即使你的 Web 应用没有明确指定使用 commons-logging ,它也很可能是默认的选择。
In these cases logging will be controlled by the config files of either java.util.logging or log4j. See the respective documentation for more details.
在一些情况下,日志将使用 java.util.logging 或 log4j 的配置文件来控制。请参考相关的详细文档。
HttpServlet.log()
If you are using HttpServlet.log(), the following stanza controls DWR logging:
如果你使用 HttpServlet.log() ,下面的代码会控制 DWR 日志的记录方式。
- <init-param>
- <param-name>logLevel<<!---->param-name>
- <param-value>DEBUG<<!---->param-value>
- <!----><init-param>
The valid values are: FATAL, ERROR, WARN (the default), INFO and DEBUG.
有效的取值为: FATAL 、 ERROR 、 WARN( 默认 ) 、 INFO 以及 DEBUG 。
Multiple dwr.xml files and J2EE security
Generally speaking you will only need one dwr.xml file and that will be in the default position: WEB-INF/dwr.xml. So you can leave this paramter out.There are 3 reasons why you might wish to specify a different position for dwr.xml:
一般情况下,你只需要一个 dwr.xml 文件,并且保存在默认的位置: WEB-INF/dwr.xml 。因此你可以不用做过多的考虑。但是,有三个原因让你可能将 dwr.xml 放在其它的位置:
1. You wish to keep dwr.xml with the files that it gives access to. In which case the section might have a param-value something like <param-value></param-value> WEB-INF/classes/com/yourco/dwr/dwr.xml .
1. 你希望将 dwr.xml 放在可以访问的地方。这种情况下可能会有 param-value 标签,如 <param-value></param-value> WEB-INF/classes/com/yourco/dwr/dwr.xml 。
2. You may have a large number of remoted classes and wish to keep the definitions in separate files. In this case you will have the section above repeated several times each with a different param-name that begins 'config' and each pointing at a different file. DWR will read them all in turn.
2. 也许你需要大量的远程类(的方法、属性)在客户端访问,希望将它们分别定义在不同的文件中。这时,你需要将上面的代码片断复制在多处,并在 config 中使用不同的 param-name 指定每个文件。 DWR 将依次读取。
3. DWR can use J2EE URL security built into the servlet spec to give different groups of users access to different functions. You simply define more than one dwr servlet by repeating the stanza at the top of the page with different names, urls and permissions.
3.DWR 能在指定的 servlet 中使用 J2EE URL 链接的安全机制,使不同的用户组访问不同的方法。你可以在文件的顶部使用不同的名称、 url 链接和许可权限,简单重复 dwr servlet 代码来实现这种安全机制。
If you do wish to use it then the syntax is as follows:
如果你确实需要使用该安全机制,代码构造如下:
- <init-param>
- <param-name>config*****<<!---->param-name>
- <param-value>WEB-INF/dwr.xml<<!---->param-value>
- <description>What config file do we use?<<!---->description>
- <!----><init-param>
Where config***** means any param-name that begins with the string 'config'. This parameter can be specified as many times as required, however the param-name should be different for each.
config***** 代表命名以 'config' 开始的 param-name 。只要保证没有重复的 param-name ,该参数可以根据需要被声明多次。
An example configuration to use J2EE servlet security is as follows:
下面是基于 J2EE servlet 安全机制的配置示例:
- <servlet>
- <servlet-name>dwr-user-invoker<<!---->servlet-name>
- <servlet-class>uk.ltd.getahead.dwr.DWRServlet<<!---->servlet-class>
- <init-param>
- <param-name>config-user<<!---->param-name>
- <param-value>WEB-INF/dwr-user.xml<<!---->param-value>
- <!----><init-param>
- <!----><servlet>
- <servlet>
- <servlet-name>dwr-admin-invoker<<!---->servlet-name>
- <servlet-class>uk.ltd.getahead.dwr.DWRServlet<<!---->servlet-class>
- <init-param>
- <param-name>config-admin<<!---->param-name>
- <param-value>WEB-INF/dwr-admin.xml<<!---->param-value>
- <!----><init-param>
- <!----><servlet>
- <servlet-mapping>
- <servlet-name>dwr-admin-invoker<<!---->servlet-name>
- <url-pattern>/dwradmin/*<<!---->url-pattern>
- <!----><servlet-mapping>
- <servlet-mapping>
- <servlet-name>dwr-user-invoker<<!---->servlet-name>
- <url-pattern>/dwruser/*<<!---->url-pattern>
- <!----><servlet-mapping>
- <security-constraint>
- <display-name>dwr-admin<<!---->display-name>
- <web-resource-collection>
- <web-resource-name>dwr-admin-collection<<!---->web-resource-name>
- <url-pattern>/dwradmin/*<<!---->url-pattern>
- <!----><web-resource-collection>
- <auth-constraint>
- <role-name>admin<<!---->role-name>
- <!----><auth-constraint>
- <!----><security-constraint>
- <security-constraint>
- <display-name>dwr-user<<!---->display-name>
- <web-resource-collection>
- <web-resource-name>dwr-user-collection<<!---->web-resource-name>
- <url-pattern>/dwruser/*<<!---->url-pattern>
- <!----><web-resource-collection>
- <auth-constraint>
- <role-name>user<<!---->role-name>
- <!----><auth-constraint>
- <!----><security-constraint>
Using Plug-ins
Most of the guts of DWR is pluggable so it is possible to alter the functionallity of DWR by replacing default classes. You can override the default implementations by including an <init-param></init-param>that specifies the interface to replace in the param-name and the replacement implementation in the param-value.
<init-param></init-param>
大多数 DWR 的核心功能都是可以通过插件功能实现的,通过替换默认的类来改变 DWR 的功能。你可以引入一个 <init-param></init-param>,在 param-name 处指定替换的接口,以及更改 param-value 所指定的类,重写默认的实现方式。
The plug-in points are:
这些插件包括:
uk.ltd.getahead.dwr.AccessControl
uk.ltd.getahead.dwr.Configuration
uk.ltd.getahead.dwr.ConverterManager
uk.ltd.getahead.dwr.CreatorManager
uk.ltd.getahead.dwr.Processor
uk.ltd.getahead.dwr.ExecutionContext
The default implementations of these plug-in points are all in the uk.ltd.getahead.dwr.impl package.
默认插件的实现在 uk.ltd.getahead.dwr.impl 包中。
Using debug/test mode
You put DWR into debug/test mode by adding the following parameter:
通过加入以下参数,将 DWR 设置为调试 / 测试模式:
- <init-param>
- <param-name>debug<!---->param-name>
- <param-value>true<<!---->param-value>
- <!----><init-param>
DWR will generate test pages for each of the allowed classes (see dwr.xml below) in debug mode. These can be very useful in seeing what DWR can do and how it works. This mode can also alert you to problems like javascript reserved word clashes or overloading problems.
在调试模式下, DWR 将为每个 allow 类(参考下一章节 dwr.xml ) 生成测试页面。这非常有用,可以了解 DWR 做了些什么工作,以及它是如何工作的。该模式还能通知你 javascript 保留字冲突或重载方面的问题。
However this mode should not be used in live deployment as it could give an attacker a lot of information about the services that you export. If you have designed your website properly then this extra information will not help an attacker exploit your website however it is generally wise not to give anyone a route map to exploit any mistakes you might have made.
但是在该模式下你导出的服务的许多信息都暴露给了攻击者,真正部署的时候应该避免使用这种模式。如果网站能够得到良好的设计,就能避免攻击者获取网站的重要信息。通常不应给任何人提供网站的导航图来试图发现你留下的设计缺陷。
DWR is provided 'as is', without any warranty, so the security of your website is your responsibility. Please take care to keep it secure.
DWR is provided 'as is' (不知道怎么翻译?), DWR 不提供任何保证,因此网站的安全性由你个人负责。请尽量保证网站的安全。