We need to develop an API which takes a CSV file as an input and persists them in database. Using vertical slicing we have split the reuirement into 2 stories
First story has partial implementation with no data validation
Second story completes the usecase by adding all validations.
Sprint-1 has first story and sprint-2 has second. After imlemneting first story in sprint-1 we want to release it to production. However, we dont want to make the API accessible to public which would be big security risk as invalid data could be inserted into database (story1 ignores validation)
What is the best strategy to release story1 at the end of sprint1 while addressing such security concerns?
We tried disbling the access via toggle flag such as ConfigCat. However, we dont want to implment something which is not required for actual implementation
is there really such a risk that in 1 sprint, someone may start using the API? And if you haven't added it to any documentation, how would they know of it's existance?
But let's say it is possible - what about using a feature toggle? When the toggle is activated, the end point spits out null or even a HTTP error code. Then you can enable to feature toggle when you're ready for people to start using the endpoint.
How to refresh the interface after you add a strip of data to the backend database in Vue.js?
I mean, if I add a item data to the database. there are two case for refresh the interface.
refresh the list api to get the page data.
append the added item data to local list.
what is the best way to do this?
I think both the solutions are valid it depends on what kind of write operation we are planning to do. Given that you do all the validations on the front-end which leaves lesser chance for errors on the backend. I do the following based on the use case.
Add/Update the item locally and then based on the response from the server I remove it again in case of an error. This is an optimistic technique used by a lot of websites and worls really well for CRUD kind of operations.
Let's say that your new operating is going to creaate a new user in a 3rd party api. So doing an optimistic thing might not be the best. So what I do is make the request, show a toast/alert that the request is happening, and then use sockets or long polling to get the changes. When the request is finally done show the data. In the meanwhile you can insert a dummy item showing loading.
This is more of a design question.
I figured out how to use the facebook login via the Facebook SDK c#.
QUESTION: What is the best way to check whether the user is logged into FB or not each time the user goes to a different page?
Back on ASP.NET webforms, I could simply put in code to check FB login status in the code behind of a master page. This was good ... once and done. But I don't understand how to implement something similar in Asp.Net MVC 4.0.
Given that the _Layout.cshtml file (which acts like a master page) is only a view (hence, no code behind), what is the best way to code a way to check if the user is logged into FB each time a user goes to a different web page? Because I would think, adding this bit of code to each controller can't be the optimal design solution.
The only solution that I can think of involves using Javascript on the client side to do a WebApi call ... I guess the script will be bundled with all the other scripts so that it runs on each page. But I was hoping to find a solution on the server side ...
I'm pretty new to MVC, learning things as I go along ... tips appreciated ... thanks!
I can think of a couple of points that might help you devise a solution.
You can put code in your _Layout, but I agree that you want to be careful about doing so. You could create a helper or partial view and have your _Layout call it so that it's executed for every action. Your helper/partial would need to execute the required logic and then return something. The problem that I have with this is it's a lot of overhead every request.
You could do an AJAX call after the page is loaded (as you suggested). This means that the page still loads quickly. The problem I have with this is that you're now dependant on Javascript. It's also potentially a little hacky(?)
What about storing the user's status (logged on/off) in a session/cookie and also providing a 5 minute expiry. You can use the Helper/Partial method from before or have some logic fire in OnActionExecuting (or similar). Your logic should check to see if the status has expired and then connect to the Facebook API to update the status. This has the advantage of low overhead (i.e. not checking again until 5 minutes has passed).
I don't know of your exact situation so I can't say what method, if any, is best.
I currently have several web parts:
EmailValidation
PrimaryDetails
AdditionalDetails
These are currently all connected together using similar logic to this and share a common RegistrationViewModel.
The issue is I use an Interface that holds all the values for the registration process and need these to be persisted across the web parts. In version 1 of the registration process I used a set of hidden values to hold the bits of information in between posts. We were hoping to get away from this approach and wondered if you knew of a tidier way to maintain state of an interface throughout the page calls. The issue is that each web part only has a portion of the fields on the form.
The only thing I could think of would be to store it in session data but a colleague didn’t sound keen on this due to the additional setup for that on all the servers.
Is there a way of getting the connections to maintain state across all posts?
EDIT:
My issue with using hidden fields is simply that on all the web parts I need the 15+ fields so if you add or remove anything it makes maintenance a bit annoying.
Maybe you can put that information in a cookie.
The hidden field solution doesn't seem bad, what is the exact problem with that?
EDIT: based on the problem with the Hidden fields solution:
You can have a class with the structure and serialize it into one single hidden field. If you need to add anything you just change the class and it will be replicated to the whole system. This is something similar to how the ViewState is implemented.
I'm a big fan of keeping application logic in the servlet, and keeping the JSP as simple as possible. One of the reasons for this is that any good web designer should be able to expand upon his HTML knowledge to build in a few JSTL tags to do simple iteration, access beans, etc. We also keep the more complex/ajax/js components behind a tag library (similar to displayTag but for our own components).
Most of the time everything works out ok - The servlet does any SQL it needs to, and stores the results in beans for the JSP to access. Where we have a problem is when the records we wish to access are specified by the design.
The clearest example would be the home page - it needs to be eye-catching and effective. It doesn't need to be uniform like rest of the site. There are lots of one-offs or "special cases" here, where we want to query a particular product record, or whatever.
What the designer really wants is a way to get a product bean by the product id so he can access the properties as normal. We obviously don't want to query for all products, and I don't want to query in the presentation.
I'm pretty sure I'm asking the impossible here and that I have to give something up. My question is what?
EDIT
Am I wrong in thinking that all application logic should be complete before calling the JSP? I was under the impression it was considered best practice to do all querying/calculating/processing in the servlet then pass (fairly) dumb beans to a (very) dumb JSP.
There are a couple of methods whereby the actual complexity of the query can be encapsulated in another class (custom tag or bean), and the JSP can call it. This
keeps the JSP simple (goal 1) but the JSP is still "triggering" the query - quite
late in the process.
Have I got this totally wrong and it's fine to do this.
Is it a general rule, but perfectly ok to do this in this instance.
Might I run into problems?
EDIT - Example
I'm hoping this example will help:
The home page isn't a "template" like the category/search pages - it is custom designed to work very well with say a marketing image and a couple of specific product images. It does however have information about those two products which should be obtained dynamically (so the name, and importantly price) stay in sync with the db.
The servlet can't know which products these will be, because if the designer wants to change them/remove them/add more, he should only have to edit the JSP (and possibly XML as one answer suggested).
If I understand correctly, you have logic in the JSP that wants a particular product, but at this point you don't want to query from the DB, and its too late for the servlet to be aware of it.
(A side note, while I respect your will to maintain separation of concerns, the fact that this is an issue clearly shows that your framework has too much logic in the presentation tier...but since we probably can't fix that...moving on).
My recommendation is that your designer creates a configuration XML file that contains whatever special cases it needs for the frontend, and yours servlet can read that, then pass dumb beans back to the JSP.
OR...you break things down into multiple requests using XMLHTTPRequest and call back to the servlet for each individual query, then assemble the page on the client.
It sounds like you need better separation between the display and database code. You should have separate classes that just deal with interacting with the database, and know nothing about display.
Then you just create a method that will look up the product by id and return that bean so the display can pull out the attributes it wants.
You need to create a custom bean which will perform your queries for the front end. Actually, it's probably more like a few beans to get the data for you, according to what you say here.
There's no problem with doing that from a design perspective; it's just that the specific design of the home page has more heterogenous requirements than the rest of your site. Make sure your designer knows that he needs to communicate his needs well to the development team to create the BO for your homepage (or whatever) and thing should go fine.
You are not wrong in thinking that all application logic should be complete before rendering the JSP.
If there is a need to fetch more stuff for displaying in your JSP, it would be another request to the server and another Page cycle. If you are looking for 'interactive' loading experience, you could use AJAX.
In a single page life-cycle, I find it hard to understand why do you have to invoke database calls from a JSP. Hasn't the page been previously posted with all the required form variables to help you find the data in Servlet/Helper classes?
If you could give an example of a case, it would be helpful.
[Edit] Looking at your example, yes your designer (or the admin of the site) should set that information as a configuration, not a part of JSP. Or, you could have a small app/admin page to maintain the information in a database so that it could be changed on the go. When you show your homepage, read the configs and load the appropriate data.
I am not sure what is the question. I f you want to have sql statements out of your jsp pages then you can put them in a property file and just read the property file from the jsp page.