What methods the DAO layer should implement?

Question

I'm being writing web application right now and got stuck at the stage of designing the DAO layer. Already have surfed through variaty of articles on that subject but still haven't reached the clarity. And my question is: What kind of methods are allowed to be declared and implemented in DAO classes? Are they just limited set of CRUD operations (create, read, update, delete)? Is it considered a good practice to extend this set with some custom methods fitting in your concrete needs in developing a business logic layer? For example: I have an entity class named User which fields fully reflect a corresponding database table. Let's suppose I'm about to validate user's login and password while authorization. What approach would be more appropriate in that situation? Should I call generic CRUD method List findAll() to retrieve all users and validate these concrete login and password in method of business logic (something like boolean validateUser(String login, String password, List users)). Or should I add some not CRUD method like boolean checkUser(String login, String password) directly in DAO class?

Sa&#239;d · Accepted Answer

I'm being writing web application right now and got stuck at the stage of designing the DAO layer.

Are you writing it by hand using plain old servlets or using a web framework (e.g Spring MVC) to ease your pain?

And my question is: What kind of methods are allowed to be declared and implemented in DAO classes? Are they just limited set of CRUD operations (create, read, update, delete)?**

Generally speaking, yes -- the methods should be limited to CRUD operations.

Is it considered a good practice to extend this set with some custom methods fitting in your concrete needs in developing a business logic layer?**

Within reason, yes.

For example: I have an entity class named User which fields are fully reflect a corresponding database table. Let's suppose I'm about to validate user's login and password while authorization. What approach would be more appropriate in that situation? Should I call generic CRUD method List findAll() to retrieve all users and validate these concrete login and password in method of business logic (something like boolean validateUser(String login, String password, List users)). Or should I add some not CRUD method like boolean checkUser(String login, String password) directly in DAO class?

In addition to the standard CRUD methods that your DAO classes are expected to have, you can add a helper method like: User findUser(String login) whose job is to return a populated User object for the specified login parameter, or null if the login is non-existent.

User findUser(String login) should leverage List findAll() which should already exist with the rest of the CRUD methods in the DAO class. It could be implemented as follows:

public User findUser(String login) {
    User user = null;
    final SearchCriteria criteria = buildSearchCriteria(login); // construct a search criteria from the login parameter
    List users = findAll(criteria);  
    if (null != users) {
       assert (users.size() == 1) : "More than one user was matched - login must be unique.";
       user = users.get(0);
    }
    return user;
}

To summarize, you only need 2 methods to implement the authorization logic:

User findUser(String login) in your DAO layer and;
boolean checkUser(String login, String password) which will be in your frontend layer. If you are not using any web framework, this method will be implemented in your servlet otherwise this method will go inside your controller class (if you are using an MVC framework).

What methods the DAO layer should implement?

Answers (2)

Related Questions