What methods the DAO layer should implement?

Question

I'm being writing web application right now and got stuck at the stage of designing the DAO layer. Already have surfed through variaty of articles on that subject but still haven't reached the clarity. And my question is: What kind of methods are allowed to be declared and implemented in DAO classes? Are they just limited set of CRUD operations (create, read, update, delete)? Is it considered a good practice to extend this set with some custom methods fitting in your concrete needs in developing a business logic layer? For example: I have an entity class named User which fields fully reflect a corresponding database table. Let's suppose I'm about to validate user's login and password while authorization. What approach would be more appropriate in that situation? Should I call generic CRUD method List<User> findAll() to retrieve all users and validate these concrete login and password in method of business logic (something like boolean validateUser(String login, String password, List<User> users)). Or should I add some not CRUD method like boolean checkUser(String login, String password) directly in DAO class?

score 2 · Accepted Answer · answered Nov 13 '15 at 16:40

I'm being writing web application right now and got stuck at the stage of designing the DAO layer.

Are you writing it by hand using plain old servlets or using a web framework (e.g Spring MVC) to ease your pain?

And my question is: What kind of methods are allowed to be declared and implemented in DAO classes? Are they just limited set of CRUD operations (create, read, update, delete)?**

Generally speaking, yes -- the methods should be limited to CRUD operations.

Is it considered a good practice to extend this set with some custom methods fitting in your concrete needs in developing a business logic layer?**

Within reason, yes.

For example: I have an entity class named User which fields are fully reflect a corresponding database table. Let's suppose I'm about to validate user's login and password while authorization. What approach would be more appropriate in that situation? Should I call generic CRUD method List findAll() to retrieve all users and validate these concrete login and password in method of business logic (something like boolean validateUser(String login, String password, List users)). Or should I add some not CRUD method like boolean checkUser(String login, String password) directly in DAO class?

In addition to the standard CRUD methods that your DAO classes are expected to have, you can add a helper method like: User findUser(String login) whose job is to return a populated User object for the specified login parameter, or null if the login is non-existent.

User findUser(String login) should leverage List<User> findAll() which should already exist with the rest of the CRUD methods in the DAO class. It could be implemented as follows:

public User findUser(String login) {
    User user = null;
    final SearchCriteria criteria = buildSearchCriteria(login); // construct a search criteria from the login parameter
    List<User> users = findAll(criteria);  
    if (null != users) {
       assert (users.size() == 1) : "More than one user was matched - login must be unique.";
       user = users.get(0);
    }
    return user;
}

To summarize, you only need 2 methods to implement the authorization logic:

User findUser(String login) in your DAO layer and;
boolean checkUser(String login, String password) which will be in your frontend layer. If you are not using any web framework, this method will be implemented in your servlet otherwise this method will go inside your controller class (if you are using an MVC framework).

Thank you for such detailed response. Yea, I'm using plain servlets here (this is just training project, using frameworks is forbidden). So as I understood it's quite allowable to supply dao with additional methods suitable for particular entity and if I want to modify some info I could as well declare updateLogin(String newLogin) and updateAddress(String newAddress) , am I right? — TonyStrych9, Nov 13 '15 at 19:27
Individual methods like `updateLogin(...), updateAddress(...)` etc are too granular and kinds of defeat the purpose of using a DAO class which is meant to help reduce tedium. Instead you should have a generic `updateEntity(Entity entity)` for Updates and [similar methods](http://stackoverflow.com/a/19154487/177696) for Create, Read and Delete operations at the _entity level_. — Saïd, Nov 15 '15 at 20:11

HRgiger · Answer 2 · 2015-11-13T14:31:55.417

1

short answer is no: dont add any business logic in dao layer. Just let every tier has its own responsibility, so when someone else (or even you) needs changes they will know where to look.

EDIT: Other answers:

Q:What kind of methods are allowed to be declared and implemented in DAO classes?

A:Methods that allow you to access database objects or their properties. i.e. public User getOldUsers(), public boolean isUserExist(Long userId)etc...

Q:Are they just limited set of CRUD operations (create, read, update, delete)?

A:Yes additionally you can control persistence or transaction properties

Q:Generic CRUDS?

A:Almost all the projects I work on we use generic CRUDS (AbstractDao classes) and add additional methods

edited Nov 13 '15 at 14:31

answered Nov 13 '15 at 14:26

HRgiger

2,750
26
37

Thank you for such quick response but can't say I fully understood you. I guess I miss some important concept. You say "dont add any business logic in dao layer". But aren't these methods you just listed (`boolean isUserExist(Long userId)` for example) part of business logic. Why can I add some similar method `boolean isUserExist(String login, String password)` and just validate user through authorization process directly in DAO class (referencing to my example)? – TonyStrych9 Nov 13 '15 at 15:43
yes isUserExist was not the best example, your generic crud can have a method that isEntityExist etc... In business logic you can make a decision to throw an exception or response to user some message, log suspicious activities etc... When you carry all of this into dao then dao will become application and there will be no point to add another tier – HRgiger Nov 13 '15 at 16:10
Did I get you right? You mean every dao should contain equal set of methods. If I've got two entities order and user can I create userDAO method to retrieve from database some specific for that entity value like `String getUserLogin(int id)`? – TonyStrych9 Nov 13 '15 at 16:21
Quantity of the methods can be totally different or equal depends on your choise. but you will use abstraction for most of the common methods. few abstract dao examples here: https://www.google.de/search?q=abstractdao&ie=utf-8&oe=utf-8&gws_rd=cr&ei=VhFGVv-nBYj7PJubjagC – HRgiger Nov 13 '15 at 16:38
And yes as you mentioned user specific methods goes to user dao – HRgiger Nov 13 '15 at 16:39

What methods the DAO layer should implement?

2 Answers2