'Re: [JBoss-dev] Example of how careless handling of AOP pointcut'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jboss-development
Subject:    Re: [JBoss-dev] Example of how careless handling of AOP pointcut
From:       Bill Burke <bill () jboss ! org>
Date:       2006-01-30 20:29:34
Message-ID: 43DE772E.3060907 () jboss ! org
[Download RAW message or body]

Yeah, will need special IDE support for this.  BTW, this is a often 
talked about problem in AOP land.  And the only complete solution is an 
IDE.  I guess what we could do is to validate that a 
class/method/field/constructor exists if the expression is fully 
qualitifed without wildcards.

Ovidiu Feodorov wrote:
> 
> Yes, it does that. But not for the method name.
> 
> Bill Burke wrote:
> 
>> FYI, if you refactor code with Intelllij, and have the AOP XML in your 
>> classpath, it will discover and change the XML for at least the 
>> classname.
>>
>> Ovidiu Feodorov wrote:
>>
>>>
>>> Yes, that's why I said Tim does a very good job at surrounding the 
>>> functionality he writes with test cases that check whether the 
>>> expected good things happen, but also probe for potential bad things.
>>>
>>> Adding lots of tests has two major benefits:
>>> 1. Provide you with a safety mesh. Thicker, the better, it may help 
>>> you catch problems by exposing random interactions never thought 
>>> about. Machines to run testsuites are cheap.
>>> 2. Help you better understand the functionality you write, help you 
>>> discover edge cases and potential pitfalls, and quite often help you 
>>> to find a better way to write the very functionality you're working on.
>>>
>>> Writing tests increases the development time, but the benefits far 
>>> exceed the drawbacks. Just think at a production down situation that 
>>> can have been prevented by having the right (and trivial) test in place.
>>>
>>> The Messaging project's capital sin is to modify/remove a 
>>> semantically correct test :)
>>>
>>> Scott M Stark wrote:
>>>
>>>> I would suspect that the tests simply asserted that someone could be
>>>> denied access. This is a general failing in the tests I see written.
>>>> Tests only assert that the expected good things happen. There are not
>>>> enough tests written to validate that bad behaviors are also 
>>>> constrained
>>>> to expected and recoverable behaviors.
>>>>
>>>> -----Original Message-----
>>>> From: jboss-development-admin@lists.sourceforge.net
>>>> [mailto:jboss-development-admin@lists.sourceforge.net] On Behalf Of
>>>> Ovidiu Feodorov
>>>> Sent: Friday, January 27, 2006 11:44 AM
>>>> To: jboss-development@lists.sourceforge.net
>>>> Subject: [JBoss-dev] Example of how careless handling of AOP pointcut
>>>> expressions can screw you up good
>>>>
>>>>
>>>> A succinct example of how AOP pointcut expressions without proper 
>>>> tests and/or compile-time check tools can screw you up good:
>>>>
>>>> JMS lets you create anonymous message producers, and for this case, 
>>>> security checks must be applied on each message send. The following 
>>>> pointcut expression enforces that:
>>>>
>>>>   <bind pointcut="execution(* 
>>>> org.jboss.jms.server.endpoint.advised.ProducerAdvised->send(..))">
>>>>      <advice name="handleSend" 
>>>> aspect="org.jboss.jms.server.container.SecurityAspect"/>
>>>>   </bind>
>>>>
>>>> Recently, the ProducerAdvised's send() method name and signature has 
>>>> been changed upon a refactoring:
>>>>
>>>> $ cvs diff -r 1.3 -r 1.2 ProducerAdvised.java
>>>> Index: ProducerAdvised.java
>>>> ===================================================================
>>>> RCS file:
>>>> /cvsroot/jboss/jboss-jms/src/main/org/jboss/jms/server/endpoint/advised/ 
>>>>
>>>> ProducerAdvised.java,v
>>>> retrieving revision 1.3
>>>> retrieving revision 1.2
>>>> diff -r1.3 -r1.2
>>>>
>>>> ...
>>>>
>>>> 68c69
>>>> <    public void sendMessage(Message message) throws JMSException
>>>> ---
>>>>  
>>>>
>>>>>   public void send(Destination destination, Message message, int
>>>>>   
>>>>
>>>>
>>>> deliveryMode, int priority, long timeToLive) throws JMSException
>>>>
>>>> ...
>>>>
>>>>
>>>> As result, no security checks were applied anymore on individual 
>>>> message
>>>>
>>>> sends for anonymous producers, leading to a very silent, subtle and 
>>>> potentially dangerous error condition.
>>>>
>>>> Praises to Tim for adding test cases that helped us catch the 
>>>> problem on
>>>>
>>>> our work benches and not in some customer's production environment.
>>>>
>>>> Can the Eclipse AOP plugin help in catching this type of error at 
>>>> refactoring time?
>>>>
>>>> Ovidiu
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.net email is sponsored by: Splunk Inc. Do you grep through 
>>>> log files
>>>> for problems?  Stop!  Download the new AJAX search engine that makes
>>>> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
>>>> http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
>>>> _______________________________________________
>>>> JBoss-Development mailing list
>>>> JBoss-Development@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/jboss-development
>>>>
>>>>  
>>>>
>>>
>>
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> JBoss-Development mailing list
> JBoss-Development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jboss-development
> 

-- 
Bill Burke
Chief Architect
JBoss Inc.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic