Master of Computer Science - University of Grenoble

Aspect-Oriented Programming / AspectJ

Contact : Sara Bouchenak, Sara.Bouchenak@imag.fr

TP 4: Authentication

1. Objective

Design and implement application user authentication with AOP/AspectJ.

2. Software environment

If not already installed, install the following software:

• Java 2 SDK
• AspectJ
• Ant
• McKoi database server
• IDE (e.g. Eclipse)

If not already defined, define the following environment variables:

• JAVA_HOME

• ASPECTJ_HOME

• ANT_HOME

• MCKOI_HOME

• PATH (includes JAVA_HOME/bin, ASPECTJ_HOME/bin, ANT_HOME/bin, MCKOI_HOME/bin)

Examples for defining such variables are given in the file named env-tcsh for Unix/tcsh (run: source env-tcsh), and in the file named env-win.bat for Windows (run: env-win.bat).

3. Original banking application

Download the application code.

The banking application is available in TP4/Basic/:

• TP4/Basic/docs/api/index.html provides the API documentation of the application.

• TP4/Basic/src contains the source code of the application.

Configure the database:

• Choose a port number for the McKoi database server

  • Configure file db.conf with theport number in jdbc_server_port

  • Configure file build.xml with port number in mckoi.port

Compile and run the application:

• Compile: ant compile
   

• Start the database server: ant create_db
   

• Create and initialize database content: ant pop_db
   

• Start the database GUI client for interactive execution of SQL queries: ant client_db
  Examples: SHOW TABLES or SELECT * FROM accounts
   

• Run the main program: ant run
   

• Use the GUI client to browe the new content of the database

4. Hand-coded security of banking application

As an example, TP4/Authentication_HandCoded/ contains a "hand-coded" version of the banking application extended with security and authentication features using the JAAS Java library.

More details on JAAS are given in http://java.sun.com/products/jaas/ and http://java.sun.com/security/jaas/doc/api.html.

The hand-coded version of the application is organized as follows:

• TP4/Authentication_HandCoded/docs/api/index.html provides the API documentation of the application.

• TP4/Authentication_HandCoded/src contains the source code of the application.

Compile and run the application:

• Compile: ant compile
   

• Start the database server: ant create_db
   

• Create and initialize database content: ant pop_db
   

• Start the database GUI client for interactive execution of SQL queries: ant client_db
  Examples: SHOW TABLES or SELECT * FROM accounts
   

• Run the main program: run-win.bat (for Windows), run-tcsh.sh (for Unix/tcsh) or run-bash.sh (for Unix/bash), configure the DB server port number accordingly
   

• Use the GUI client to browse the new content of the database

5. Description of work

Implement user authentication using AspectJ in the TP4/Authentication_Aspects/ directory, by writing an aspect in TP4/Authentication_Aspects/aspects/authentication/AuthAspect.java

• Compile: ant compile_aj
   

• Start the database server: ant create_db
   

• Create and initialize database content: ant pop_db
   

• Start the database GUI client for interactive execution of SQL queries: ant client_db
  Examples: SHOW TABLES or SELECT * FROM accounts
   

• Run the main program: run-win.bat (for Windows), run-tcsh.sh (for Unix/tcsh) or run-bash.sh (for Unix/bash), configure the DB server port number accordingly
  Modify run-win.bat (run-tcsh.sh, run-bash.sh) to use the AspectJ implementation
   

• Use the GUI client to browse the new content of the database

5. Combine logging and security aspects

Combine the Logging aspect implemented in TP2 and Security aspect implemented in TP4, and automatically include both to the banking application.

Do not modify the aspects' code, neither the application code.