Avoid Action artifacts that call packages that reference database

Rule Definition
Struts is a Framework for building Model-View-Controller 2 Web applications. This model is the Blueprints recommended architectural design pattern for interactive applications. The logical separation between presentation layer, the business logic layer, and the data access layer is basically an architectural way to minimize the amount of additional work necessary to add features to any layer that can be consumed by another layer. It separates design concerns (data persistence and behavior, presentation, and control), decreasing code duplication, centralizing control, and making the application more easily modifiable. MVC 2 also helps developers with different skill sets to focus on their core skills and collaborate through clearly defined interfaces. This is why the data access layer must be distinct from the business layer.

Remediation
Review the design in order to separate the model from the data access layer.

Violation Code Sample

public class JEEAMDA003_1_6_SHOW extends Action { public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { User user = (User) form; try{ UserManager.getInstance().saveUser(user); // Violation }catch(SQLException sqle) { ActionMessages errors = new ActionMessages(); ActionMessage error = new ActionMessage("error.generic",sqle.getMessage()); errors.add("error",error); saveErrors(request,(ActionErrors) errors); } return mapping.findForward("success"); } }

Fixed Code Sample

public class JEEAMDA003_1_2_DN_SHOW extends Action { public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { User userForm = (User) form; String user = userForm.getUserId(); String password = userForm.getPassword(); if (user.equals("admin") && password.equals("admin")) return mapping.findForward("success"); ActionMessages errors = new ActionMessages(); ActionMessage error = new ActionMessage("login.failed"); errors.add("error", error); saveErrors(request, (ActionErrors) errors); return mapping.findForward("failure"); } }

Related Technologies
JEE

Health Factor

Security

Technical Criterion
Architecture - Multi-Layers and Data Access

About CAST Appmarq

CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.

Benchmark Statistics

Global Compliance

63.17%

Total Violations

12,732

Total Opportunities

34,566

Average Violations / App.

71.93

The compliance score represents 1 minus the ratio between the number of times a rule has been violated compared to the number of opportunities in a set of applications that the rule could have been violated.

Industry Insights

Don't Know

10.23%

Financial Services

68.70%

Retail

41.50%

Want more stats? Register now!