Dean,
That's marvellous, just what I was looking for, thanks so much.
Rob
On 15/12/2007, Dean Wampler <[EMAIL PROTECTED]> wrote:
>
>
> On Dec 15, 2007, at 5:54 AM, Rob Austin wrote:
>
> Hi,
>
> I am currently looking at the extent to which AspectJ can be used to
> enhance object security.
>
>
>
> A good application, but I wouldn't just rely on AJ to solve it! ;)
>
>
> If I write a pointcut that allows me to trap all calls to the public
> methods of my objects outside of the package it resides on, I can monitor
> these calls and make sure they are legal, or at least acceptable,and through
> reflection I can tell which objects are calling these methods.
>
>
>
> Yes
>
>
> But I understand that its possible (even though I wouldn't have a clue how
> to do it) for one object to call a public method of another object loaded
> in the same JVM through introspecting the classloader. In other words there
> would be no matches on the pointcuts at compile time and the advices would
> not expect to be applied. So, what would happen at runtime if one object
> "illegally" called another's method? Is there any further runtime checking
> which would allow the advice to be matched?
>
>
>
> It's true that using reflection would "bypass" the pointcut. This is true
> because the reflection calls will refer to the classes and methods by name
> (as a string), so the invocations will be "invisible" to AJ. However, if you
> want to prevent all reflection calls, you could write a pointcut that looks
> for anyone calling the reflection API and raise an exception. In fact, for
> this task and your original plan, you can write an aspect that will detect
> these calls at compile time!
>
>
> aspect NoReflectionForYou {
> pointcut allReflectionCalls(): call(* java.lang.reflect..*.*(..));
>
>
> declare error: allReflectionCalls(): "No reflection for you!!";
> }
>
>
> You can also use declare error to prevent calls to objects in package A
> from the within objects in package B, for example.
>
>
> If you don't want to prevent all reflection calls from your code, but only
> those to "sensitive" areas, you could write an aspect that advices specific
> reflection calls, e.g., calls to the Method class, and look at the method
> name to pick out the ones you want to prevent.
>
>
> Hope this helps.
>
>
> dean
>
>
>
> Apologies if this question is full of hypotheticals (I know that 2 java
> programs would normally be launched in seprate JVMs!).
>
> Thanks
>
> Rob
>
>
>
>
> _______________________________________________
> aspectj-users mailing list
> [email protected]
> https://dev.eclipse.org/mailman/listinfo/aspectj-users
>
>
> Dean Wampler, Ph.D.
> dean at objectmentor.com
> http://www.objectmentor.com
> See also:
> http://www.aspectprogramming.com AOP advocacy site
> http://aquarium.rubyforge.org AOP for Ruby
> http://www.contract4j.org Design by Contract for Java5
>
>
>
>
>
>
>
> _______________________________________________
> aspectj-users mailing list
> [email protected]
> https://dev.eclipse.org/mailman/listinfo/aspectj-users
>
>
_______________________________________________
aspectj-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/aspectj-users
