4th International Conference on Principles and Practices ... - MADOC
4th International Conference on Principles and Practices ... - MADOC
4th International Conference on Principles and Practices ... - MADOC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Enterprise Editi<strong>on</strong> (J2EE). It enables applicati<strong>on</strong> developers<br />
to deal with persistent objects in a transparent fashi<strong>on</strong>.<br />
Thus, JDO as a data store independent abstracti<strong>on</strong> layer<br />
enables the mapping of domain object architectures to any<br />
type of data store. The recent versi<strong>on</strong> of JDO (JDO 2.0)<br />
was finally approved in may 2006 [7]. Its objective is to<br />
simplify the usage of JDO e.g. by providing a st<strong>and</strong>ardized<br />
object/relati<strong>on</strong>al mapping format to allow a higher degree of<br />
applicati<strong>on</strong> portability. It also introduces an attach/detach<br />
mechanism for persistent objects to facilitate middle tier<br />
architectures. One of its most beneficial features is the extensi<strong>on</strong><br />
of the JDO Query language (JDOQL) to support<br />
e.g projecti<strong>on</strong>s, aggregates, or named queries.<br />
The JDO specificati<strong>on</strong> defines two packages: The JDO<br />
Applicati<strong>on</strong> Programming Interface (API) allows applicati<strong>on</strong><br />
developers to access <strong>and</strong> manage persistent objects.<br />
The classes <strong>and</strong> interfaces of the Service Providers Interface<br />
(SPI) are intended to be used exclusively by a JDO<br />
implementati<strong>on</strong>.<br />
The interfaces <strong>and</strong> classes of the JDO API are located<br />
in the package javax.jdo [6, 7]. The Transacti<strong>on</strong> interface<br />
provides methods for initiati<strong>on</strong> <strong>and</strong> management<br />
of transacti<strong>on</strong>s under user c<strong>on</strong>trol. The Query interface<br />
allows obtaining persistent instances from the data store<br />
by providing a Java-oriented query language called JDO<br />
Query Language (JDOQL). The PersistenceManager<br />
serves as primary applicati<strong>on</strong> interface <strong>and</strong> provides<br />
methods to c<strong>on</strong>trol the life cycle of persistent objects.<br />
An instance implementing this interface could<br />
be c<strong>on</strong>structed by calling the getPersistenceManager()<br />
method of a PersistenceManagerFactory instance.<br />
Since PersistenceManagerFactory itself is just another<br />
interface, c<strong>on</strong>structing an instance prior to<br />
this type becomes necessary. It usually could be<br />
c<strong>on</strong>structed by calling the static JDOHelper method<br />
getPersistenceManagerFactory(Properties props). The<br />
class JDOHelper is also part of the JDO API <strong>and</strong> enables<br />
an easy replacement of the currently preferred JDO implementati<strong>on</strong><br />
without source code modificati<strong>on</strong>s in c<strong>on</strong>text of<br />
an applicati<strong>on</strong>. The informati<strong>on</strong> about the currently used<br />
JDO implementati<strong>on</strong> <strong>and</strong> data store specific parameters<br />
has to be passed to this method by a Properties object.<br />
A user identificati<strong>on</strong> <strong>and</strong> a password in order to access<br />
the underlying data store are also part of the Properties<br />
object. In order to prevent misunderst<strong>and</strong>ings, the JDO<br />
persistence approach does not distinguish between different<br />
user identificati<strong>on</strong>s or individual permissi<strong>on</strong>s. With the<br />
c<strong>on</strong>structi<strong>on</strong> of a PersistenceManager instance, the c<strong>on</strong>necti<strong>on</strong><br />
to the data store will be established <strong>and</strong> users are<br />
able to access the resource without further restricti<strong>on</strong>s.<br />
Every instance that should be managed by a JDO implementati<strong>on</strong><br />
has to implement the PersistenceCapable<br />
interface. As part of the JDO SPI package, the<br />
PersistenceCapable interface does not have to be implemented<br />
explicitly by an applicati<strong>on</strong> developer. Instead,<br />
the JDO specificati<strong>on</strong> prefers a post-processor<br />
tool (JDO-Enhancer) that automatically implements the<br />
PersistenceCapable interface. It transforms regular Java<br />
classes into persistent classes by adding the code to h<strong>and</strong>le<br />
persistence. An XML-based persistence descriptor has to<br />
be c<strong>on</strong>figured previously. The JDO-Enhancer evaluates this<br />
informati<strong>on</strong> <strong>and</strong> modifies the Java bytecode of these classes<br />
adequately. The JDO specificati<strong>on</strong> assures the compatibility<br />
of the generated bytecode for the use within different JDO<br />
implementati<strong>on</strong>s. The StateManager interface as part of<br />
the JDO SPI provides the management of persistent fields<br />
<strong>and</strong> c<strong>on</strong>trols the object lifecycle of persistent instances.<br />
Although JDO provides a st<strong>and</strong>ardized, transparent<br />
<strong>and</strong> data store independent persistence soluti<strong>on</strong> including<br />
tremendous benefits to Java applicati<strong>on</strong> developers, the<br />
JDO specificati<strong>on</strong> has also been critized in the Java community.<br />
Besides technical details like the JDO enhancement<br />
process [15], the substantial overlaps between the Enterprise<br />
JavaBeans specificati<strong>on</strong> [5] <strong>and</strong> JDO [8], as well as<br />
the c<strong>on</strong>ceptual design as a lightweight persistence approach<br />
has been criticized. Some experts even argue that shifting<br />
JDO to a more comprehensive approach including distributed<br />
access functi<strong>on</strong>s <strong>and</strong> multi-address-space communicati<strong>on</strong><br />
[14] is necessary. As a result of it’s lightweight<br />
nature, JDO does not provide a role-based security architecture,<br />
e.g. to restrict the access of individual users to<br />
the data store. C<strong>on</strong>sequently, the JDO persistence layer<br />
does not provide any methods for user authenticati<strong>on</strong> or authorizati<strong>on</strong>.<br />
Every user has full access privileges to store,<br />
query, update <strong>and</strong> delete persistent objects without further<br />
restricti<strong>on</strong>s. For example, using the getObjectById()<br />
method allows him to receive any persistent object whereas<br />
the deletePersistent() method enables a user to delete<br />
objects from the data store.<br />
At first glance, a slight improvement could be achieved<br />
by setting up individual user identificati<strong>on</strong>s at the level of<br />
the data store. This would allow the c<strong>on</strong>structi<strong>on</strong> of different<br />
<strong>and</strong> user dependent PersistenceManagerFactory instances.<br />
If, however, all users should have access to a comm<strong>on</strong><br />
database, individual user identificati<strong>on</strong>s <strong>and</strong> appropriate<br />
permissi<strong>on</strong>s have to be defined inside the data store.<br />
However, c<strong>on</strong>figuring user permissi<strong>on</strong>s to restrict the access<br />
to certain objects is quite complex. For example, when using<br />
a relati<strong>on</strong>al database management system, the permissi<strong>on</strong>s<br />
would have to be c<strong>on</strong>figured, based <strong>on</strong> the object-relati<strong>on</strong>al<br />
mapping scheme <strong>and</strong> the structure of the database tables.<br />
Thus, it leads to the disadvantage of causing a str<strong>on</strong>g dependency<br />
between the user applicati<strong>on</strong> <strong>and</strong> the specific data<br />
store. In additi<strong>on</strong> to that, a later replacement of the data<br />
store preferred currently leads to a time-c<strong>on</strong>suming <strong>and</strong> expensive<br />
migrati<strong>on</strong>. It is obvious that the str<strong>on</strong>g binding of<br />
security permissi<strong>on</strong>s to a specific data store c<strong>on</strong>tradicts the<br />
intenti<strong>on</strong> of JDO, which is providing applicati<strong>on</strong> programmers<br />
a data-store-independent persistence abstracti<strong>on</strong> layer.<br />
As JDOSecure is based <strong>on</strong> the Java Authenticati<strong>on</strong> <strong>and</strong><br />
Authorizati<strong>on</strong> Service, the following secti<strong>on</strong> will give a brief<br />
overview to this approach.<br />
2.2 The Java Authenticati<strong>on</strong> <strong>and</strong> Authorizati<strong>on</strong><br />
Service<br />
The Java security architecture is based <strong>on</strong> three comp<strong>on</strong>ents:<br />
Bytecode verifier, class loader <strong>and</strong> security manager<br />
(cf. [13] <strong>and</strong> [4]). The bytecode verifier checks the correctness<br />
of the bytecode <strong>and</strong> prevents stack overflows. The<br />
class loader locates <strong>and</strong> loads classes into the Java Virtual<br />
Machine (JVM) <strong>and</strong> defines a unique namespace for<br />
each class. The security manager or, more accurately, the<br />
AccessC<strong>on</strong>troller instance checks the invocati<strong>on</strong> of operati<strong>on</strong>s<br />
relevant to security e.g. local file system access, the<br />
setup of system properties or the use of network sockets (cf.<br />
figure 1).<br />
86