[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[aspectj-users] separation of business logic and security in ejb environment
|
Hi gurus,
please bear with me - I am new to AspectJ.
I would like to use AspectJ to separate progammatic security (and maybe
parameter validation) from the main business logic in an ejb environment. A
simple example will hopefully explain:
Consider an ejb called BusinessBean.java (the home and remote interfaces
are being generated by XDoclet). There is a single business method on the
remote interface called "Collection generateReport(int id);"
I would like to add programmatic security functionality to this bean - ie. I
would like to intercept all calls to this generateReport method, and first
do some security checking code, lets call it "reportSecurityCheck(int id)",
which will need the parameter id, and access to the ejb's SessionContext (my
beans all have a getSessionContext() method.) The security check method
should either throw a security related exception, or continue with the
business method "generateReport".
My final requirement / problem is that I don't have control of all the
client code, which (as I understand it) AspectJ's compiler will typically
modify when using "before()" in an aspect. Or stated another way; all the
aspect trickyness must be confined to the ejb bean related classes, not the
clients of this bean.
I would really appreciate any ideas on how to proceed - my feeling is that
this would be a fairly useful scenario to understand and support.
Kind regards,
Nick.
