Article:
  Web and Enterprise Architecture Design Patterns for J2EE, Part 2
Subject:   Interceptor already used in J2EE, without AOP
Date:   2003-10-01 14:00:36
From:   dkarr
I found it curious that your mention of the Interceptor pattern didn't mention that J2EE already implements this at both the web and ejb layers, without having to know anything about Aspect-oriented programming. This doesn't help you if you have to implement access control that isn't provided by standard J2EE CMA, however. It still seems like it would have been useful to mention it.
Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • Interceptor already used in J2EE, without AOP
    2003-10-05 09:58:15  prasadgc [View]

    Well, we didn't explicitly address this under Interceptor, but covered it under the general introduction to Security.

    Ganesh Prasad

    "Most of the time, developers spend time and effort building authentication and access control subsystems, even though these features are ostensibly part of the J2EE specification. The reason for this wheel reinvention is that the standard J2EE security mechanisms are often inadequate for the purposes of many applications.

    [...]

    Similarly, authorization tags in EJB deployment descriptors control access to components, but are not fine-grained enough to enforce, for example, monetary limits on transactions, an essential requirement of many financial applications.

    In other words, most attempts to reinvent the security wheel at the application level are aimed at going beyond the coarse-grained, black-or-white logic provided by the J2EE container."