1 / 18

Aspect Oriented Programming

Aspect Oriented Programming. Carlos Oviedo Secure Systems Research Group. I ntroduction. Late 90’s PARC (Palo Alto Research Center) Object Oriented Programming & Meta-object modeling protocols Capture cross-cutting concerns AspectJ  Java Under constant development.

ama
Download Presentation

Aspect Oriented Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Aspect Oriented Programming Carlos Oviedo Secure Systems Research Group

  2. Introduction • Late 90’s PARC (Palo Alto Research Center) • Object Oriented Programming & Meta-object modeling protocols • Capture cross-cutting concerns • AspectJ  Java • Under constant development

  3. Cross-cutting concerns • Not encapsulated by imperative object oriented programming languages (C, C#, Java, Pascal. Etc) [Cac04]

  4. Cross-cutting concerns • Sometimes requirements relating to a particular concern are spread among multiple requirement sources. • Example: Logging • The consequence  Code spread across several modules

  5. Cross-cutting concerns A specific concern spread along multiple classes

  6. Cross-cutting concerns • Security is a concern that has impact on each design unit. • Modifying the affected design units accordingly can be fault prone and a tedious task. • Other examples: • identity management • transaction integrity • authentication • performance

  7. Aspects Outline • Cross cutting concerns are not reusable (cannot be refined or inherited) • AOP  Modularizes cross cutting concerns • Pointcut (dynamic) • Advice (dynamic) • Inter-type declarations (static) • Aspects (encapsulates constructions)

  8. Aspects Outline JOIN POINT: • A specific execution point in the program flow POINT CUT: • Selects certain join points and values at those points

  9. Point Cuts • Call join point  actions of an object receiving a call pointcut move(): call(void FigureElement.setXY(int,int)) || call(void Point.setX(int)) || call(void Point.setY(int)) || call(void Line.setP1(Point))|| call(void Line.setP2(Point));

  10. Advices • To implement the cross cutting behaviors we use advices before(): move() { System.out.println("about to move"); } after() returning: move() { System.out.println("just successfully moved"); }

  11. Aspects • Aspects are wrappers • Very similar to “object oriented” classes aspect Logging { OutputStream logStream = System.err; before(): move() { logStream.println("about to move"); } }

  12. Aspects in security • Example: Control access to a specific resource  Account access by a bank officer

  13. Aspects in security public aspect AccountAuthorization { OutputStream logStream = System.err; boolean grantAccess(string id){ if(id != “guest”) return true else return false; } Pointcut change(): call(void Account.MakeWithDrawal()); before(): change(){ logStream.println("Change in progress..."); if(!grantAccess(context.id)) throw new UnauthorizedAccessException(); } }

  14. Aspects in security Pointcut change(): call(* MakeWithdrawal(..));

  15. Aspects in security abstract aspect SimpleAuthorization{ OutputStream logStream = System.err; public static boolean grantAccess(string id) { if(id != “guest”) return true else return false; } abstract pointcut change(): call( * Make*(..)); before(): change() { logStream.println("Change in progress..."); if(!grantAccess(context.id)) throw new UnauthorizedAccessException(); } }

  16. Aspects in security • A specialization of the aspect: public aspect TransactionAuthorization extends SimpleAuthorization { pointcut change(): within(Transaction) || within(SecureTransaction); //... }

  17. Conclusions • Aspects are capable abstract structures to capture cross cutting concerns such as security and can be applied to a system after it has been written. • Security concerns can be maintained in one place • Another example : track who did what on a system  Non-repudiation • Currently this field is under constant expansion and it is worth to exploring its potential due its ability to encapsulate concerns

  18. AOP: Aspect Oriented Programming Theserverside.com

More Related