Flyingis

聲明：文章可以轉載，但請注明原文及譯文出處。

Reference to DWR entries in WEB-INF/web.xml

?

The minimum possible additions to your web.xml, are simply those to declare the DWR servlet without which none of this would work. So the least you can get away with looks something like this:

?

使用 DWR 需要在 web.xml 中聲明 DWR servlet ，以下是保證 DWR 運行的最基本的代碼，缺少哪一部分 DWR 都不能正常運行：

?

< servlet >
< servlet-name > dwr-invoker </ servlet-name >
< servlet-class > uk.ltd.getahead.dwr.DWRServlet </ servlet-class >
</ servlet >
< servlet-mapping >
< servlet-name > dwr-invoker </ servlet-name >
< url-pattern > /dwr/* </ url-pattern >
</ servlet-mapping >

?

In addition to this there are several extra servlet parameters that are somewhere between important and vaguely useful.

?

除了這些外，還有一些額外的 servlet 參數，它們或多或少都會起到一定的作用。

?

Logging

Multiple dwr.xml files

Plug-ins

Test Mode

?

Logging

?

DWR works in JDK 1.3 which does not support java.util.logging, but we don't want to force anyone to use commons-logging or log4j, so DWR will work if no logging classes are present by using the HttpServlet.log() methods. However if DWR discovers commons-logging then it will use that.

?

在 JDK1.3 下運行的 DWR 不支持 java.util.logging ，而我們又不想強迫任何人去使用 commons-logging 或 log4j ，因此當沒有任何日志包可以使用的時候， DWR 將使用 HttpServlet.log() 方法。當然，如果 commons-logging 存在， DWR 將使用它。

?

Commons-Logging

?

Almost everyone will be using commons-logging because most servlet containers use it. So even if your webapp isn't explicitly using commons-logging it is probably available by default.

?

幾乎所有人都會使用 commons-logging ，因為大多數 servlet 容器都會用到它。因此，即使你的 Web 應用沒有明確指定使用 commons-logging ，它也很可能是默認的選擇。

?

In these cases logging will be controlled by the config files of either java.util.logging or log4j. See the respective documentation for more details.

?

在一些情況下，日志將使用 java.util.logging 或 log4j 的配置文件來控制。請參考相關的詳細文檔。

?

HttpServlet.log()

?

If you are using HttpServlet.log(), the following stanza controls DWR logging:

?

如果你使用 HttpServlet.log() ，下面的代碼會控制 DWR 日志的記錄方式。

?

< init-param >
< param-name > logLevel </ param-name >
< param-value > DEBUG </ param-value >
</ init-param >

?

The valid values are: FATAL, ERROR, WARN (the default), INFO and DEBUG.

?

有效的取值為： FATAL 、 ERROR 、 WARN( 默認 ) 、 INFO 以及 DEBUG 。

?

Multiple dwr.xml files and J2EE security

?

Generally speaking you will only need one dwr.xml file and that will be in the default position: WEB-INF/dwr.xml. So you can leave this paramter out.

There are 3 reasons why you might wish to specify a different position for dwr.xml:

?

一般情況下，你只需要一個 dwr.xml 文件，并且保存在默認的位置： WEB-INF/dwr.xml 。因此你可以不用做過多的考慮。但是，有三個原因讓你可能將 dwr.xml 放在其它的位置：

?

1. You wish to keep dwr.xml with the files that it gives access to. In which case the section might have a param-value something like <param-value>WEB-INF/classes/com/yourco/dwr/dwr.xml</param-value>.

?

1. 你希望將 dwr.xml 放在可以訪問的地方。這種情況下可能會有 param-value 標簽，如 <param-value>WEB-INF/classes/com/yourco/dwr/dwr.xml</param-value> 。

?

2. You may have a large number of remoted classes and wish to keep the definitions in separate files. In this case you will have the section above repeated several times each with a different param-name that begins 'config' and each pointing at a different file. DWR will read them all in turn.

?

2. 也許你需要大量的遠程類（的方法、屬性）在客戶端訪問，希望將它們分別定義在不同的文件中。這時，你需要將上面的代碼片斷復制在多處，并在 config 中使用不同的 param-name 指定每個文件。 DWR 將依次讀取。

?

3. DWR can use J2EE URL security built into the servlet spec to give different groups of users access to different functions. You simply define more than one dwr servlet by repeating the stanza at the top of the page with different names, urls and permissions.

?

3.DWR 能在指定的 servlet 中使用 J2EE URL 鏈接的安全機制，使不同的用戶組訪問不同的方法。你可以在文件的頂部使用不同的名稱、 url 鏈接和許可權限，簡單重復 dwr servlet 代碼來實現這種安全機制。

?

If you do wish to use it then the syntax is as follows:

?

如果你確實需要使用該安全機制，代碼構造如下：

?

< init-param >
< param-name > config***** </ param-name >
< param-value > WEB-INF/dwr.xml </ param-value >
< description > What?config?file?do?we?use? </ description >
</ init-param >

?

Where config***** means any param-name that begins with the string 'config'. This parameter can be specified as many times as required, however the param-name should be different for each.

?

config***** 代表命名以 'config' 開始的 param-name 。只要保證沒有重復的 param-name ，該參數可以根據需要被聲明多次。

?

An example configuration to use J2EE servlet security is as follows:

?

下面是基于 J2EE servlet 安全機制的配置示例：

?

< servlet >
< servlet-name > dwr-user-invoker </ servlet-name >
< servlet-class > uk.ltd.getahead.dwr.DWRServlet </ servlet-class >
< init-param >
< param-name > config-user </ param-name >
< param-value > WEB-INF/dwr-user.xml </ param-value >
</ init-param >
</ servlet >
< servlet >
< servlet-name > dwr-admin-invoker </ servlet-name >
< servlet-class > uk.ltd.getahead.dwr.DWRServlet </ servlet-class >
< init-param >
< param-name > config-admin </ param-name >
< param-value > WEB-INF/dwr-admin.xml </ param-value >
</ init-param >
</ servlet >
< servlet-mapping >
< servlet-name > dwr-admin-invoker </ servlet-name >
< url-pattern > /dwradmin/* </ url-pattern >
</ servlet-mapping >
< servlet-mapping >
< servlet-name > dwr-user-invoker </ servlet-name >
< url-pattern > /dwruser/* </ url-pattern >
</ servlet-mapping >
< security-constraint >
< display-name > dwr-admin </ display-name >
< web-resource-collection >
< web-resource-name > dwr-admin-collection </ web-resource-name >
< url-pattern > /dwradmin/* </ url-pattern >
</ web-resource-collection >
< auth-constraint >
< role-name > admin </ role-name >
</ auth-constraint >
</ security-constraint >
< security-constraint >
< display-name > dwr-user </ display-name >
< web-resource-collection >
< web-resource-name > dwr-user-collection </ web-resource-name >
< url-pattern > /dwruser/* </ url-pattern >
</ web-resource-collection >
< auth-constraint >
< role-name > user </ role-name >
</ auth-constraint >
</ security-constraint >

?

Using Plug-ins

?

Most of the guts of DWR is pluggable so it is possible to alter the functionallity of DWR by replacing default classes. You can override the default implementations by including an <init-param> that specifies the interface to replace in the param-name and the replacement implementation in the param-value.

?

大多數 DWR 的核心功能都是可以通過插件功能實現的，通過替換默認的類來改變 DWR 的功能。你可以引入一個 <init-param> ，在 param-name 處指定替換的接口，以及更改 param-value 所指定的類，重寫默認的實現方式。

?

The plug-in points are:

?

這些插件包括：

?

uk.ltd.getahead.dwr.AccessControl

uk.ltd.getahead.dwr.Configuration

uk.ltd.getahead.dwr.ConverterManager

uk.ltd.getahead.dwr.CreatorManager

uk.ltd.getahead.dwr.Processor

uk.ltd.getahead.dwr.ExecutionContext

?

The default implementations of these plug-in points are all in the uk.ltd.getahead.dwr.impl package.

?

默認插件的實現在 uk.ltd.getahead.dwr.impl 包中。

?

Using debug/test mode

?

You put DWR into debug/test mode by adding the following parameter:

?

通過加入以下參數，將 DWR 設置為調試 / 測試模式：

?

< init-param >
< param-name > debug </ param-name >
< param-value > true </ param-value >
</ init-param >

?

DWR will generate test pages for each of the allowed classes (see dwr.xml below) in debug mode. These can be very useful in seeing what DWR can do and how it works. This mode can also alert you to problems like javascript reserved word clashes or overloading problems.

?

在調試模式下， DWR 將為每個 allow 類（參考下一章節 dwr.xml ） 生成測試頁面。這非常有用，可以了解 DWR 做了些什么工作，以及它是如何工作的。該模式還能通知你 javascript 保留字沖突或重載方面的問題。

?

However this mode should not be used in live deployment as it could give an attacker a lot of information about the services that you export. If you have designed your website properly then this extra information will not help an attacker exploit your website however it is generally wise not to give anyone a route map to exploit any mistakes you might have made.

?

但是在該模式下你導出的服務的許多信息都暴露給了攻擊者，真正部署的時候應該避免使用這種模式。如果網站能夠得到良好的設計，就能避免攻擊者獲取網站的重要信息。通常不應給任何人提供網站的導航圖來試圖發現你留下的設計缺陷。

?

DWR is provided 'as is', without any warranty, so the security of your website is your responsibility. Please take care to keep it secure.

?

DWR is provided 'as is' （不知道怎么翻譯？）， DWR 不提供任何保證，因此網站的安全性由你個人負責。請盡量保證網站的安全。