Aspect-oriented Refactoring of a J2EE Framework for Security and Validation Concerns

Similar documents
Aspect-Oriented Programming

COMPARISON BETWEEN SPRING AND ASP.NET FRAMEWORKS

OUR COURSES 19 November All prices are per person in Swedish Krona. Solid Beans AB Kungsgatan Göteborg Sweden

Harmless Advice. Daniel S Dantas Princeton University. with David Walker

Integration of Application Business Logic and Business Rules with DSL and AOP

SPRING INTERVIEW QUESTIONS

Welcome to Spring Forward September 26, 2006 Penn State Great Valley

Aspect Oriented Programming. with. Spring

Research Article. ISSN (Print) *Corresponding author Lili Wang

Remote Pointcut - A Language Construct for Distributed AOP

Using an Aspect Oriented Layer in SOA for Enterprise Application Integration

Aspect-Oriented Multi-Client Chat Application

OXAGILE RESUMES SUMMARY OF QUALIFICATIONS TECHNICAL SKILLS SENIOR JAVA SOFTWARE ENGINEER

Generating Aspect Code from UML Models

Beginning POJOs. From Novice to Professional. Brian Sam-Bodden

Glassbox: Open Source and Automated Application Troubleshooting. Ron Bodkin Glassbox Project Leader

A COMPARISON OF AOP BASED MONITORING TOOLS

Keywords Aspect-Oriented Modeling, Rule-based graph transformations, Aspect, pointcuts, crosscutting concerns.

Rapid Application Development. and Application Generation Tools. Walter Knesel

CloudCERT (Testbed framework to exercise critical infrastructure protection)

The Spring Framework: An Open Source Java Platform for Developing Robust Java Applications

Chapter 5 Aspect Oriented Programming

JBoss JEE5 with EJB3.0 on NonStop. JAVA SIG, San Jose

Progress Report Aspect Oriented Programming meets Design Patterns. Academic Programme MSc in Advanced Computer Science. Guillermo Antonio Toro Bayona

Aspect Refactoring Verifier

Architecture Rules Enforcement and Governance Using Aspects

Aspect-Oriented Web Development in PHP

Integration of Application Business Logic and Business Rules with DSL and AOP

Kotrappa Sirbi, Prakash Jayanth Kulkarni

Table of Contents. 1. Introduction Challenges in Product Development What is Propel?...3

Component-Based Software Development with Aspect-Oriented Programming

Introducing a Graduate Course on. called Aspect-Oriented Software Development

Sav - Konnect Project Intranet

Toward Configurable Access Control for. Healthcare Information Systems

Using UML Behavioral Model to Support Aspect Oriented Model

Unification of AOP and FOP in Model Driven Development

Complete Java Web Development

Adaptable Access Control for Electronic Medical Records

Eliminating SQL Injection and Cross-Site Scripting With Aspect Oriented Programming

DTWMS Required Software Engineers. 1. Senior Java Programmer (3 Positions) Responsibilities:

Aspect Weaving for OSGi. Martin Lippert (akquinet it-agile GmbH)

Coordinated Visualization of Aspect-Oriented Programs

Converting Java EE Applications into OSGi Applications

JAVA/J2EE DEVELOPER RESUME

Efficient database auditing

Incorporating Aspects into the UML

Supporting Partial Database Migration to the Cloud Using Non-Intrusive Software Adaptations: An Experience Report

UBS Training Course Catalog

Java EE 6 development with Eclipse, Netbeans, IntelliJ and GlassFish. Ludovic Champenois Oracle Corporation

LoyaLTy ManageMenT SuiTe (LMS) for next generation customer LoyaLTy

Programma corso di formazione J2EE

Portals, Portlets & Liferay Platform

MALAYSIAN PUBLIC SECTOR OPEN SOURCE SOFTWARE (OSS) PROGRAMME BENCHMARK/COMPARISON REPORT DOCUMENT MANAGEMENT SYSTEMS (NUXEO AND ALFRESCO)

CONTRASTING ASPECTUAL DECOMPOSITIONS WITH OBJECT- ORIENTED DESIGNS IN CONTEXT-AWARE MOBILE APPLICATIONS

Web and Enterprise Applications Developer Track

AOSD - Enhancing SoC :: INF5120 :: Mansur Ali Abbasi. AOSD :: Aspect Oriented Software Development SoC :: Separation of Concerns

Combining Static and Dynamic Impact Analysis for Large-scale Enterprise Systems

Framework Adoption for Java Enterprise Application Development

Aspect-oriented software engineering

Developing modular Java applications

Customer Bank Account Management System Technical Specification Document

Foundation of Aspect Oriented Business Process Management

Enterprise Application Development using Dependency Injection and Aspect-Oriented Programming STEFAN PETTERSSON

Distributed Systems Development: Can we Enhance Evolution by using AspectJ?

Aspects for Testing Aspects?

APAC WebLogic Suite Workshop Oracle Parcel Service Overview. Jeffrey West Application Grid Product Management

How To Combine Feature-Oriented And Aspect-Oriented Programming To Support Software Evolution

MESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE

Combining Feature-Oriented and Aspect-Oriented Programming to Support Software Evolution

JBoss. choice without compromise

Core Java+ J2EE+Struts+Hibernate+Spring

Enterprise AOP with Spring Applications IN ACTION SAMPLE CHAPTER. Ramnivas Laddad FOREWORD BY ROD JOHNSON MANNING

Spring Security SAML module

Expert System and Knowledge Management for Software Developer in Software Companies

How to Model Aspect-Oriented Web Services

Java/J2EE or Web Developer. Formal Education. Technical knowledge. Spoken Languages

Compose*: Language-Independent Aspects for.net

ARM-BASED PERFORMANCE MONITORING FOR THE ECLIPSE PLATFORM

TOWARDS SELF-ADAPTABLE MONITORING FRAMEWORK FOR SELF-HEALING

Software development life cycle. Software Engineering - II ITNP92 - Object Oriented Software Design. Requirements. Requirements. Dr Andrea Bracciali

Security Design Patterns

A Guide to Migrating Enterprise Applications to Spring

Aspect-Oriented Software Development

Specialized Programme on Web Application Development using Open Source Tools

.NET and J2EE Intro to Software Engineering

How To Write An Online Shopping Application In Java Ee

ELOGIX SOFTWARE BUSINESS ADVANTAGE DELIVERED PRACTICE DETAILS

Listeners. Formats. Free Form. Formatted

BMC BladeLogic Application Release Automation TECHNICAL WHITE PAPER

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc

AOJS: Aspect-Oriented JavaScript Programming Framework for Web Development

Das Spring Framework - Einführung in leichtgewichtige J2EE Architektur. Jürgen Höller. Organized by:

Nicholas S. Williams. wrox. A Wiley Brand

1. Introduction 1.1 Methodology

The Concern-Oriented Software Architecture Analysis Method

Generation and Handcoding

HPC Portal Development Platform with E-Business and HPC Portlets

Aspect-Oriented Development of a P2P File Sharing Application

Chapter 4. Architecture. Table of Contents. J2EE Technology Application Servers. Application Models

XpoLog Competitive Comparison Sheet

Transcription:

Aspect-oriented Refactoring of a J2EE Framework for Security and Validation Concerns CS 586 Aspect-Oriented Software Development Project Group Members : Başak Çakar, Elif Demirli, Şadiye Kaptanoğlu Bilkent University, Dept. of Computer Engineering

Outline Introduction Problem Statement Requirements Analysis Identifying Aspects Spring AOP Aspect-Oriented Program in Spring AOP JBoss Implementation Conclusions & Future Work

Introduction A software system asset of modules A lot of concerns can not be implemented by module hierarchy Concerns crosscut the module hierarchy Scattering Tangling Decreased extensibility and maintainability, increased complexity

Bor Yazılım Bor Soft is a software innovation company focusing on mobile and Web 2.0 software solutions Bor Soft has a robust mobile application framework, and a suite of mobile applications Provides customer specific mobile software solutions Bor Soft develops Web 2.0 applications and customer-centered Web solutions

BORFWCORE A mobile application development framework Uses Struts, Spring, JSF and Hibernate libraries Various mobile applications had been developed by Bor Yazilim using this framework We use a small example application to show aspect implementation

Example Application

Example Application

Required Extensions Validation Check user input format Authentication (Security) Check whether user is logged in Authorization (Security) Check whether user is authorized Access Control (Security) Check whether user has rights to access data

Validation Aspect Web applications collect data from users Validation is in every class and method which takes user input This results in scattering if( sms.getfromnumber().length == 0 sms.gettonumber().length == 0 ) {...} Pattern p = Pattern.compile( \\d{11} ); Matcher m = p.matcher(sms.gettonumber()); Boolean matchfound1 = m.matches(); m = p.matcher(sms.getfromnumber()); Boolean matchfound2 = m.matches(); if(!matchfound1!matchfound2 ) {...}

Validation Aspect Web package Service package Dao Package

Authentication Aspect Authentication - verify that someone is who they claim they are In the example application: User cannot perform any system activity without logging in Check this before all method calls This causes scattering code

Authorization Aspect Authorization - finding out if a user is permitted to do something In the application: Authentication is the precondition of authorization Check whether user is authorized to perform specific operations before calling these methods Edit, delete, etc.

Access Control Aspect Access control - authenticated users access only what they should, nothing more In our example application Only admin can see all saved messages and users in the system Other authenticated users should see their own sms messages and email messages Check whether user is admin before each related method execution

Spring AOP A framework based approach Implemented in pure Java, no new language Suitable for use in a J2EE web container or application server Supports only method execution join points The aim is not to provide the most complete AOP implementation but rather to provide a close integration between AOP implementation and Spring IoC

Aspect-Oriented Program in Spring AOP We used schema support of Spring AOP An aspect is simply a regular Java object defined as a bean in the Spring application context The pointcut and advice information are captured in XML

DEMO

JBoss Implementation JBoss AOP is a 100% pure java aspectoriented framework Aspects and advice code blocks are written in regular Java Pointcut definitions are put into XML file Weaving is dynamic and performed at run time Can define method execution, constructor execution, field (get, set), and method call types of pointcuts

Discussions An aspect-oriented approach helped us to resolve the crosscutting concerns in the framework Development of applications - easier Application development effort - reduces dramatically Spring AOP is quite easy for implementing aspects on a Spring framework When compared to AspectJ, expressiveness of Spring AOP is low

Conclusions & Future Work Framework: BORFWCORE Helps to reduce the application development effort Results in code scattering and tangling for some concerns Aspect-oriented implementation of crosscutting concerns makes valuable contribution Eliminating code scattering and tangling Increasing the degree of reusability of the framework Reducing application development effort Future work: consider a larger case study

Acknowledgements We would like to thank to Özer Aydemir in Bor Yaz ılımfor providing BORFWCORE framework to us and explaining the problems they face without an aspect-oriented implementation. We also thank to Asst. Prof. Dr. Bedir Tekinerdoğan for consulting us during our project and organizing the 4th Turkish Aspect Oriented Software Development Workshop.

Thanks for Listening Questions & Comments are Welcome

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information