译者:Flyingis
译文链接:http://www.blogjava.net/flyingis/archive/2006/11/18/81898.html
http://gis.javaeye.com/blog/34853
原文链接:http://getahead.ltd.uk/dwr/server/servlet
翻译目录:http://www.blogjava.net/flyingis/archive/2006/11/17/81862.html
声明:文章可以转载,但请注明原文及译文出处。
Reference to DWR entries in WEB-INF/web.xml
The minimum possible additions to your web.xml, are simply those to declare the DWR servlet without which none of this would work. So the least you can get away with looks something like this:
使用
DWR
需要在
web.xml
中声明
DWR servlet
,以下是保证
DWR
运行的最基本的代码,缺少哪一部分
DWR
都不能正常运行:
<
servlet
>
<
servlet-name
>
dwr-invoker
</
servlet-name
>
<
servlet-class
>
uk.ltd.getahead.dwr.DWRServlet
</
servlet-class
>
</
servlet
>
<
servlet-mapping
>
<
servlet-name
>
dwr-invoker
</
servlet-name
>
<
url-pattern
>
/dwr/*
</
url-pattern
>
</
servlet-mapping
>
In addition to this there are several extra servlet parameters that are somewhere between important and vaguely useful.
除了这些外,还有一些额外的
servlet
参数,它们或多或少都会起到一定的作用。
Logging
Multiple dwr.xml files
Plug-ins
Test Mode
Logging
DWR works in JDK 1.3 which does not support java.util.logging, but we don't want to force anyone to use commons-logging or log4j, so DWR will work if no logging classes are present by using the HttpServlet.log() methods. However if DWR discovers commons-logging then it will use that.
在
JDK1.3
下运行的
DWR
不支持
java.util.logging
,而我们又不想强迫任何人去使用
commons-logging
或
log4j
,因此当没有任何日志包可以使用的时候,
DWR
将使用
HttpServlet.log()
方法。当然,如果
commons-logging
存在,
DWR
将使用它。
Commons-Logging
Almost everyone will be using commons-logging because most servlet containers use it. So even if your webapp isn't explicitly using commons-logging it is probably available by default.
几乎所有人都会使用
commons-logging
,因为大多数
servlet
容器都会用到它。因此,即使你的
Web
应用没有明确指定使用
commons-logging
,它也很可能是默认的选择。
In these cases logging will be controlled by the config files of either java.util.logging or log4j. See the respective documentation for more details.
在一些情况下,日志将使用
java.util.logging
或
log4j
的配置文件来控制。请参考相关的详细文档。
HttpServlet.log()
If you are using HttpServlet.log(), the following stanza controls DWR logging:
如果你使用
HttpServlet.log()
,下面的代码会控制
DWR
日志的记录方式。
<
init-param
>
<
param-name
>
logLevel
</
param-name
>
<
param-value
>
DEBUG
</
param-value
>
</
init-param
>
The valid values are: FATAL, ERROR, WARN (the default), INFO and DEBUG.
有效的取值为:
FATAL
、
ERROR
、
WARN(
默认
)
、
INFO
以及
DEBUG
。
Multiple dwr.xml files and J2EE security
Generally speaking you will only need one dwr.xml file and that will be in the default position: WEB-INF/dwr.xml. So you can leave this paramter out.
There are 3 reasons why you might wish to specify a different position for dwr.xml:
一般情况下,你只需要一个
dwr.xml
文件,并且保存在默认的位置:
WEB-INF/dwr.xml
。因此你可以不用做过多的考虑。但是,有三个原因让你可能将
dwr.xml
放在其它的位置:
1.
You wish to keep dwr.xml with the files that it gives access to. In which case the section might have a param-value something like <param-value>WEB-INF/classes/com/yourco/dwr/dwr.xml</param-value>.
1.
你希望将
dwr.xml
放在可以访问的地方。这种情况下可能会有
param-value
标签,如
<param-value>WEB-INF/classes/com/yourco/dwr/dwr.xml</param-value>
。
2.
You may have a large number of remoted classes and wish to keep the definitions in separate files. In this case you will have the section above repeated several times each with a different param-name that begins 'config' and each pointing at a different file. DWR will read them all in turn.
2.
也许你需要大量的远程类(的方法、属性)在客户端访问,希望将它们分别定义在不同的文件中。这时,你需要将上面的代码片断复制在多处,并在
config
中使用不同的
param-name
指定每个文件。
DWR
将依次读取。
3.
DWR can use J2EE URL security built into the servlet spec to give different groups of users access to different functions. You simply define more than one dwr servlet by repeating the stanza at the top of the page with different names, urls and permissions.
3.DWR
能在指定的
servlet
中使用
J2EE URL
链接的安全机制,使不同的用户组访问不同的方法。你可以在文件的顶部使用不同的名称、
url
链接和许可权限,简单重复
dwr servlet
代码来实现这种安全机制。
If you do wish to use it then the syntax is as follows:
如果你确实需要使用该安全机制,代码构造如下:
<
init-param
>
<
param-name
>
config*****
</
param-name
>
<
param-value
>
WEB-INF/dwr.xml
</
param-value
>
<
description
>
What config file do we use?
</
description
>
</
init-param
>
Where config***** means any param-name that begins with the string 'config'. This parameter can be specified as many times as required, however the param-name should be different for each.
config*****
代表命名以
'config'
开始的
param-name
。只要保证没有重复的
param-name
,该参数可以根据需要被声明多次。
An example configuration to use J2EE servlet security is as follows:
下面是基于
J2EE servlet
安全机制的配置示例:
<
servlet
>
<
servlet-name
>
dwr-user-invoker
</
servlet-name
>
<
servlet-class
>
uk.ltd.getahead.dwr.DWRServlet
</
servlet-class
>
<
init-param
>
<
param-name
>
config-user
</
param-name
>
<
param-value
>
WEB-INF/dwr-user.xml
</
param-value
>
</
init-param
>
</
servlet
>
<
servlet
>
<
servlet-name
>
dwr-admin-invoker
</
servlet-name
>
<
servlet-class
>
uk.ltd.getahead.dwr.DWRServlet
</
servlet-class
>
<
init-param
>
<
param-name
>
config-admin
</
param-name
>
<
param-value
>
WEB-INF/dwr-admin.xml
</
param-value
>
</
init-param
>
</
servlet
>
<
servlet-mapping
>
<
servlet-name
>
dwr-admin-invoker
</
servlet-name
>
<
url-pattern
>
/dwradmin/*
</
url-pattern
>
</
servlet-mapping
>
<
servlet-mapping
>
<
servlet-name
>
dwr-user-invoker
</
servlet-name
>
<
url-pattern
>
/dwruser/*
</
url-pattern
>
</
servlet-mapping
>
<
security-constraint
>
<
display-name
>
dwr-admin
</
display-name
>
<
web-resource-collection
>
<
web-resource-name
>
dwr-admin-collection
</
web-resource-name
>
<
url-pattern
>
/dwradmin/*
</
url-pattern
>
</
web-resource-collection
>
<
auth-constraint
>
<
role-name
>
admin
</
role-name
>
</
auth-constraint
>
</
security-constraint
>
<
security-constraint
>
<
display-name
>
dwr-user
</
display-name
>
<
web-resource-collection
>
<
web-resource-name
>
dwr-user-collection
</
web-resource-name
>
<
url-pattern
>
/dwruser/*
</
url-pattern
>
</
web-resource-collection
>
<
auth-constraint
>
<
role-name
>
user
</
role-name
>
</
auth-constraint
>
</
security-constraint
>
Using Plug-ins
Most of the guts of DWR is pluggable so it is possible to alter the functionallity of DWR by replacing default classes. You can override the default implementations by including an <init-param> that specifies the interface to replace in the param-name and the replacement implementation in the param-value.
大多数
DWR
的核心功能都是可以通过插件功能实现的,通过替换默认的类来改变
DWR
的功能。你可以引入一个
<init-param>
,在
param-name
处指定替换的接口,以及更改
param-value
所指定的类,重写默认的实现方式。
The plug-in points are:
这些插件包括:
uk.ltd.getahead.dwr.AccessControl
uk.ltd.getahead.dwr.Configuration
uk.ltd.getahead.dwr.ConverterManager
uk.ltd.getahead.dwr.CreatorManager
uk.ltd.getahead.dwr.Processor
uk.ltd.getahead.dwr.ExecutionContext
The default implementations of these plug-in points are all in the uk.ltd.getahead.dwr.impl package.
默认插件的实现在
uk.ltd.getahead.dwr.impl
包中。
Using debug/test mode
You put DWR into debug/test mode by adding the following parameter:
通过加入以下参数,将
DWR
设置为调试
/
测试模式:
<
init-param
>
<
param-name
>
debug
</
param-name
>
<
param-value
>
true
</
param-value
>
</
init-param
>
DWR will generate test pages for each of the allowed classes (see dwr.xml below) in debug mode. These can be very useful in seeing what DWR can do and how it works. This mode can also alert you to problems like javascript reserved word clashes or overloading problems.
在调试模式下,
DWR
将为每个
allow
类(参考下一章节
dwr.xml
)
生成测试页面。这非常有用,可以了解
DWR
做了些什么工作,以及它是如何工作的。该模式还能通知你
javascript
保留字冲突或重载方面的问题。
However this mode should not be used in live deployment as it could give an attacker a lot of information about the services that you export. If you have designed your website properly then this extra information will not help an attacker exploit your website however it is generally wise not to give anyone a route map to exploit any mistakes you might have made.
但是在该模式下你导出的服务的许多信息都暴露给了攻击者,真正部署的时候应该避免使用这种模式。如果网站能够得到良好的设计,就能避免攻击者获取网站的重要信息。通常不应给任何人提供网站的导航图来试图发现你留下的设计缺陷。
DWR is provided 'as is', without any warranty, so the security of your website is your responsibility. Please take care to keep it secure.
DWR is provided 'as is'
(不知道怎么翻译?),
DWR
不提供任何保证,因此网站的安全性由你个人负责。请尽量保证网站的安全。