Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [ajdt-dev] AOP question / wormhole

Hi Marco,

 

The key thing that lets the percflow aspect distinguish the users is the thread that is acting. The request for userA is on one thread and the request for userB is on another thread. In practice, EJB containers use the same thread as the Servlet request was served on when running in the same VM. Under the covers, the cflow logic in AspectJ is using a ThreadLocal to track state (for Java versions that have it!)…

 

From: ajdt-dev-bounces@xxxxxxxxxxx [mailto:ajdt-dev-bounces@xxxxxxxxxxx] On Behalf Of Marco Mistroni
Sent: Wednesday, February 15, 2006 2:45 PM
To: AspectJ Development Tools developer discussions
Subject: Re: [ajdt-dev] AOP question / wormhole

 

Hello Ron,
  thanks a lot for your reply..
Yes, EJB & webapp are running in same VM (they are in the same .ear)

there's still something that i am missing or that i can't understand

Assume i choose the approach of ServletContext..
so i will do the loginaspect as percflow.. where cflow is of a request

if two users log in one after the other, when my EJB will run how will i
know which of the two is running it?

because, i guess my EJBAspect will communicate with my LoginAspect
in order to get the user..

Let's say
Time t1 userA logs in and browse around.
Time t2 userB logs in, browse around  for a while

at time something after t2, userA decides to change some EJB..so the aspect
will get who is currently logged in..
Since this operation is happening after t2, will my LoginAspect return userB or
userA as the user who is currently doing the operation?


Yes best solution should be to get the user associated with Security Context
(the User which is in Role to call EJB), but in our app we are not using roles..so i won't
know who is calling  the EJB..

can you give me a short comment to the testcase i have described above?

thanks in advance and regards
 Marco


On 2/15/06, Ron Bodkin <rbodkin@xxxxxxxxxxxxxx> wrote:

Hi Marco,

I'm assuming your EJB's are running in the same VM as the Web application,
and that you are authenticating users to the Web application. If that is not
the case, there are other options to consider (*). In this case, you can
indeed use the wormhole pattern. The easiest way is to use a percflow
aspect, where you want the cflow of a request. I've done it like this
before:

public abstract aspect ServletAuthenticationContext
percflow(serveltRequest()) {
   public pointcut servletRequest() : execution(execution(*
HttpServlet.do*(..));

   private User user;

   protected abstract pointcut authentication(User user);

   after(User user) returning: authentication(user) {
       this.user = user;
   }

   // you can extend this aspect to define how to authenticate & you can
write advice that uses the user variable
   // there will be one instance of this aspect per Web request
}

An alternative approach is to have a singleton aspect and to use a
ThreadLocal or even an InheritedThreadLocal to manage the state. But I think
a percflow aspect is a good match for what you are trying to do.

Ron

(*) I posted to this mailing list a while ago a way to pass extra context to
distributed EJB's with an aspect. You might also consider using J2EE
security and getting the user's principal from that.


________________________________________
From: ajdt-dev-bounces@xxxxxxxxxxx [mailto:ajdt-dev-bounces@xxxxxxxxxxx ] On
Behalf Of Marco Mistroni
Sent: Wednesday, February 15, 2006 4:59 AM
To: AspectJ Development Tools developer discussions
Subject: [ajdt-dev] AOP question / wormhole

Hello all,
sorry for this partially- off-topic question
i have following usecase..
I need to track changes to some database tables (backed by EJBs), and for
that i need to
get the user who did it as well as the data which has changed

My 'changes' are in a context of a webapplication, where the user first logs
in to the application
and then will do all changes needed.

I have no problem in tracking changes (i can intercept hte methods of EJBs
which do the changes), but
i m stuck in finding out how to get the user,.since the user who logs in is
not passed down to the
EJB layer.

Obviously, i can write a LoginAspect that intercepts the login process,
store locally the user and then make it available
to other aspects in my application
THis will work fine if the system will be used by only one user (considering
the aspect will have default
association), but i have problems in undestanding
what will happen when there will be multiple users logging in,how to track
them

I can't use anymore the 'default association' LoginAspect, because (my
opinion) if user1 logs in to the system,and
after that user2 logs in, the LoginAspect will have user2 'stored' as user.
and if
user1 do changes, the ChangeAspect, invoking LoginAspect.getUser() will get
as user user2..
.
I have tried to use the wormhole pattern, but it didnt work out....

maybe i am missing something about association, but how can i have a 'Per
User' association
for my LoginAspect?

does anyone have any idea on how to do that?

thanks in advance and regards
Marco

_______________________________________________
ajdt-dev mailing list
ajdt-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/ajdt-dev

 

Back to the top