Database Access Using Lightweight Appletsby Donald Bales, author of Java Programming with Oracle JDBC
There were, however, some drawbacks to this approach, the most important being the fact that this architecture leaves access to the database wide open. You can work around this issue by restricting which database objects can be accessed from the user id used to log into the database from
SqlServlet, or by restricting a sub-classed version of
SqlServlet to the access of a particular table; however, both of these strategies fall short of allowing you to access confidential data. Another approach is needed. We'll discuss a transparent approach shortly.
Designing an applet this way greatly reduces the size of the applet, because almost all of the classes it needs to execute already exist on the client as part of a browser's installation. All that needs to be downloaded is your custom applet and the
SqlApplet so they can be readily sub-classed to create a specialized SQL servlet or lightweight applet. We'll also cover some strategies for making
SqlApplet secure. Then, we'll finish up with a working example.
SqlServlet, receives a SQL statement as a URL parameter,
sql, executes the SQL statement, and then returns its results as tab-delimited text.
SqlApplet, parses the tab-delimited data, making it available as a series of rows and columns.
We have two modifications to make to
SqlServlet. The first is to move the dynamic query capability of the servlet to a protected method.
This will allow you to sub-class the servlet in order to create a specialized query servlet. A second modification is to add security to the servlet so that only authorized use of the servlet is possible. Then we have two possible modifications for
Rewriting SqlServlet to Enable Sub-classing
You can re-code
SqlServlet so that it is suitable for sub-classing by moving the code that dynamically executes a SQL statement, and returns the results as tab-delimited data, into a protected method,
execute(), as I have done in Example 1. In addition, if you wish to disable generic use of
SqlServlet, you can code a call to the
sendError() method in the beginning of its