ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Web and Enterprise Architecture Design Patterns for J2EE, Part 2
Subject:   Interceptor already used in J2EE, without AOP
Date:   2003-10-05 09:58:15
From:   prasadgc
Response to: Interceptor already used in J2EE, without AOP

Well, we didn't explicitly address this under Interceptor, but covered it under the general introduction to Security.


Ganesh Prasad


"Most of the time, developers spend time and effort building authentication and access control subsystems, even though these features are ostensibly part of the J2EE specification. The reason for this wheel reinvention is that the standard J2EE security mechanisms are often inadequate for the purposes of many applications.


[...]


Similarly, authorization tags in EJB deployment descriptors control access to components, but are not fine-grained enough to enforce, for example, monetary limits on transactions, an essential requirement of many financial applications.


In other words, most attempts to reinvent the security wheel at the application level are aimed at going beyond the coarse-grained, black-or-white logic provided by the J2EE container."