13. Hiding the Implementation Technology

PROBLEM

One of the best practices in web development is to avoid directly revealing the implementation technology. This prevents hackers from identifying the implementation technology, thus reducing a hackers ability to potentially interfere with the running application. This practice also makes it easier to change the implementation technology without impacting end-users of an application (i.e. bookmarks). There needs to be a strategy to hide the implementation technology in Spring applications generated by Skyway.

SOLUTION

In the context of JAVA and Spring, implementing this best practice consists of hiding the fact that you are using JSPs. Don't use JSP extensions (.jsp) in URLs, and refrain from letting the JSP extension show up in the browser's address bar. That doesn't mean you can't use JSPs for rendering the view. It just means that you hide it from the end-user. This is accomplished by mapping some other URL with a different extension to the actual JSP. Since a web application is typically emitting HTML, the generally preferred extension is .htm or .html.

HOW IT WORKS

The only server resources that a web client can access are the resources that are exposed by the developer using a URL mapping. As part of a URL mapping, the developer specifies the URL, Operation, and View. For the URL, the developer can name the URL whatever they'd like. Instead of specifying a URL with a JSP extension, the URL should have a .html extension.

For each web client request (using a URL with a .html extension), a JSP page (View configuration from the URL mapping) will generate the response. However the user's address bar will show the mapped URL, not the JSP.

Example 2.6. URL Mapping - Hiding Implementation Technology

URL                               OPERATION                             VIEW 
----------------------            --------------------------------      ---------------------------------
/index.html                   --> LoadData                          --> index.jsp 1
/edit.html                    --> InitEdit                          --> edit.jsp 2

1

Web client calls to index.html will invoke the LoadData operation and index.jsp will render the response. The end-user's browser bar will show the requested url (/index.html).

2

Web client calls to edit.html will invoke the InitEdit operation and edit.jsp will render the response. The end-user's browser bar will show the requested url (/edit.html).

RELATED RECIPES

  1. Mapping URLs to Operations and Views

  2. Creating Helper Methods using Operations

  3. Reusing Operations in Different Contexts

  4. Implementing Post/Redirect/Get (PRG) Pattern

Prev Up Next
12. Reusing Operations in Different Contexts Home 14. Implementing Post/Redirect/Get (PRG) Pattern