Re: [aspectj-users] separation of business logic and security in ejb env

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [aspectj-users] separation of business logic and security in ejb environment

From: "Adrian Colyer" <adrian_colyer@xxxxxxxxxx>
Date: Fri, 11 Jul 2003 12:46:04 +0100
Delivered-to: aspectj-users@xxxxxxxxxxx
List-archive: <http://dev.eclipse.org/pipermail/aspectj-users/>
List-help: <mailto:aspectj-users-request@eclipse.org?subject=help>
List-subscribe: <http://dev.eclipse.org/mailman/listinfo/aspectj-users>, <mailto:aspectj-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <http://dev.eclipse.org/mailman/listinfo/aspectj-users>, <mailto:aspectj-users-request@eclipse.org?subject=unsubscribe>

Hi Nick,
You should be able to use the execution pointcut (which advises on the receiver side) as opposed to the call pointcut (which advises on the client side). Something like the following should do the trick:

public aspect SecurityChecking {

poincut generatingReport(int id) : execution(* BusinessBean.generateReport(int)) && args(id);

before(BusinessBean b, int id) throws SecurityRelatedException : generatingReport(id) && this(b) {
reportSecurityCheck(id, b.getSessionContext());
}

private void reportSecurityCheck(int id, SessionContext ctxt) throws SecurityRelatedException {
... // your logic here
}

public class SecurityRelatedException extends RemoteException {...};
}

-- Adrian
Adrian_Colyer@xxxxxxxxxx

Nick Airey <Nick.Airey@xxxxxxxxxxx>
Sent by: aspectj-users-admin@xxxxxxxxxxx

11/07/2003 01:37
Please respond to aspectj-users

To: "'aspectj-users@xxxxxxxxxxx'" <aspectj-users@xxxxxxxxxxx>
cc:
Subject: [aspectj-users] separation of business logic and security in ejb environment

Hi gurus, please bear with me - I am new to AspectJ. I would like to use AspectJ to separate progammatic security (and maybe parameter validation) from the main business logic in an ejb environment. A simple example will hopefully explain: Consider an ejb called BusinessBean.java (the home and remote interfaces are being generated by XDoclet). There is a single business method on the remote interface called "Collection generateReport(int id);" I would like to add programmatic security functionality to this bean - ie. I would like to intercept all calls to this generateReport method, and first do some security checking code, lets call it "reportSecurityCheck(int id)", which will need the parameter id, and access to the ejb's SessionContext (my beans all have a getSessionContext() method.) The security check method should either throw a security related exception, or continue with the business method "generateReport". My final requirement / problem is that I don't have control of all the client code, which (as I understand it) AspectJ's compiler will typically modify when using "before()" in an aspect. Or stated another way; all the aspect trickyness must be confined to the ejb bean related classes, not the clients of this bean. I would really appreciate any ideas on how to proceed - my feeling is that this would be a fairly useful scenario to understand and support. Kind regards, Nick. _______________________________________________ aspectj-users mailing list aspectj-users@xxxxxxxxxxx http://dev.eclipse.org/mailman/listinfo/aspectj-users

References:
- [aspectj-users] separation of business logic and security in ejb environment
  - From: Nick Airey

Prev by Date: Re: [aspectj-users] HTML-Based Quoting Styles (was Re: Philosophical Questions)
Next by Date: Re: [aspectj-users] Philosophical Questions
Previous by thread: [aspectj-users] separation of business logic and security in ejb environment
Next by thread: RE: [aspectj-users] passing an extra parameter to existing method s
Index(es):
- Date
- Thread

Breadcrumbs