Java Reference
In-Depth Information
Joe Asks. . .
What
Happens
If
I
Use
@HttpCache(allow=false,
expires=120)?
The default value for
allow=
is
true
, which is why
@Http-
Cache(expires=120)
works to allow caching for two minutes. If
you set
allow=
to
false
, you are disallowing caching completely,
and whatever value that you set for the
expires=
attribute will be
ignored.
Action beans inherit the
@HttpCache
annotation from parent classes.
So, for example, we can annotate
ContactBaseActionBean
with
@Http-
Cache(allow=false)
, and its subclasses,
ContactListActionBean
and
Con-
tactFormActionBean
, will not be cached.
You can also use
@HttpCache
on event handler methods of action beans
to have different settings for different events. When you use
@HttpCache
on both an action bean class and some of its event handlers, the anno-
tation on an event handler has priority over the annotation on the class.
That way, you can put the default setting on the class and override it
as necessary on specific event handlers.
14.5
Showing Users Their
Data, Not Other People's
Being logged in is all well and good, but once users are inside, we don't
want to let them see the folders, messages, and contacts of other users.
how we can use
@Validate(encrypted=true)
to prevent users from entering
random parameters. But say we wanted to keep plain parameters and
let users change them, while still making sure that they view only their
own data. Then what?
We just have to implement the logic that checks whether the data being
loaded is owned by the current user. Only if that verification passes do
we display the data to the user. In the webmail application, this applies
to folders, messages, and contacts. Each model class for those objects
provides methods to retrieve the user who owns the data; for example,
Folder
has a
getUser
( ) method. If the returned
User
object does not match
Search WWH ::
Custom Search