Application design using Spring

**yelyad** · May 31st, 2006, 11:25 PM

I am relatively new to designing soa apps, and am looking for some advice on design patterns and best practices.

I am writing a service layer application which will be used to manage user accounts. The application needs to perform basic function such as registration, account activation, reset password, etc. Each function has security restrictions which would need to be enforced, such as: account verification, authentication, or password policy restrictions. This service will likely be remoted using http proxy or made into a web service. I want to know what design patterns would be good to use in this case, and how to design the interfaces to this service. I would like to use Spring AOP to implement the security restraints. Does anybody have any good ideas.

My initial idea is to have this interface:

interface AccountManager{
activateAccount(Account account);
resetPassword(Account account, String newPassword);
...
}

where account would be apart of my domain model

class Account{
String userId;
String firstName;
String lastName;
...
}

But how do I weave in the security restrictions, such as: in order to reset a password you must provide your userId, pin, dob, secret answer to question? What about enforcing a password policy?

Should I could create a class to enforce such restrictions, and use Spring AOP proxies?

class SecurityManager{
//Im not sure what this would look like?
}

Is it possible to have a rich domain model and still offer a simple service layer interface that is easy to remote, without having a bloated client jar?

Thanks for any advice you have.

**Alarmnummer** · Jun 2nd, 2006, 04:26 AM

Originally Posted by yelyad

I am relatively new to designing soa apps, and am looking for some advice on design patterns and best practices.

I am writing a service layer application which will be used to manage user accounts. The application needs to perform basic function such as registration, account activation, reset password, etc. Each function has security restrictions which would need to be enforced, such as: account verification, authentication, or password policy restrictions. This service will likely be remoted using http proxy or made into a web service. I want to know what design patterns would be good to use in this case, and how to design the interfaces to this service. I would like to use Spring AOP to implement the security restraints. Does anybody have any good ideas.

One of my collegeas as JTeam (Uri) showed me that using primitives (and not the domain objects) in the service methods are also a good approach. The Service layer should be responsible for retrieving the domain objects and delegating the task to the domain object:

Code:

interface AccountManager{
     activateAccount(long accountId);
     resetPassword(long accountId, String newPassword);
}

class AccountManagerImpl implements AccountManager{
    activateAccount(long accountId){
        Account account = accountDao.load(accountId);
        account.activate();
    }
     resetPassword(long accountId, String newPassword){
        Account account = accountDao.load(accountId);
        account.resetPassword(newPassword);
     }
}

In this case all the information can be retrieved in a single transaction. In some cases you need to retry the transaction (if you are using optimistic locking for example to pretect against other transactions updating the same info) and in those cases you don't want non transactional objects being used in multiple calls.

example:
what if you have a Employee, you want to raise his salary by 100$ and the call is retried 5 times (the last one succeeds, the first 4 fail because an optimistic locking failure was detected), the employee will have a $500 raise, and not a 100$.

Should I could create a class to enforce such restrictions, and use Spring AOP proxies?

You could do that yourself, but you also could have a look at Acegi. Acegi is a security framework for Spring that allows you to protect objects with AOP.

Is it possible to have a rich domain model and still offer a simple service layer interface that is easy to remote, without having a bloated client jar?

I don't think it has to be very difficult. In Spring Middleware choice in most cases is a configuration issue. So check out the remoting documentation.

**yelyad** · Jun 2nd, 2006, 01:21 PM

Thanks for your reply, I really appreciate the help and advice.

One question I have concerning the following code:

Code:

interface AccountManager{
     activateAccount(long accountId);
     resetPassword(long accountId, String newPassword);
}

class AccountManagerImpl implements AccountManager{
    activateAccount(long accountId){
        Account account = accountDao.load(accountId);
        account.activate();
    }
     resetPassword(long accountId, String newPassword){
        Account account = accountDao.load(accountId);
        account.resetPassword(newPassword);
     }
}

The domain object - Account, would then have a dependency on the AccountDao, correct? Is this a good approach? Is there a better approach or design pattern? If that domain object is dependent upon this dao, does it make it harder to remote as a service? For example: if the AccountManager contained:

Code:

Account findAccountByUserId(String userId)

the activate() and resetPassword() methods exposed from Account would be dependent upon a dao implementation contained on the remote server.

You could do that yourself, but you also could have a look at Acegi. Acegi is a security framework for Spring that allows you to protect objects with AOP.

I've been wanting to look at Acegi, to see how it could help in implementing the security requirements I have but as I have tried to use the Spring AOP interfaces, I have struggled with enforcing the different restraints depending on the method or function being performed. For example in order for a user to activate his account they need to provide: userId, pin, dob. But in order for a user to reset his password they must provide: userId, pin, dob, and answer to challenge question.

So for example, say a user wants to change his challenge question, he must first be authenticated (logged in). If he is logged in he is able to change his challenge question. But if a user has forgotten his password he is not able to login, but instead needs to verify his identity by providing his userId, pin, dob, and challenge answer. So before resetPassword() can be called his identity must be verified.

A simple approach to this would be to have resetPassword take those as parameters and enforce the requirements itself.

Code:

public void activate(String userId, String pin, String dob)throws SecurityException

public void resetPassword(String userId, int pin, Date dob, String answer, String newPassword) throws SecurityException

public void changeChallengeQuestion(String userId, String currentPassword, String newQuestion, String newPassword) throws SecurityException

But this seems to push those security requirements into the domain object. Especially when that information is not needed to actually perform the function. It also has a bad side effect of if a user has already authenticated or verified his identity during the session, he must do so again if he wishes to perform one of these functions. Can Acegi offer this type of protection to my objects? If so can you point me to some examples?

Thanks again, any help is appreciated.

Thread: Application design using Spring

Thread Tools

Display

Application design using Spring

Posting Permissions