aspect-oriented modeling of access control in web applications gefei zhang joint work with hubert...
TRANSCRIPT
Aspect-Oriented Modeling of Access Control in Web
Applications
Gefei Zhang
Joint work withHubert Baumeister, Nora Koch and Alexander
Knapp
UML-BASEDWEB
ENGINEERING
Ludwig-Maximilians-Universität München, Germany
WAOM 2005, Chicago
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 2
Motivation & Goal
Access control in Web applications: In current Web engineering methods:
entangled with navigation design redundant modeling
We propose: viewing access control as a cross-cutting concern using aspects for better modularization
Extension of UML-based Web Engineering (UWE)1 by aspect-oriented modeling of access control
1 UML’00, IWWOST’01-03, ICWE’03, UML’04
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 3
Content
UWE overview Example of modeling access control Aspect orientation Conclusions and future work
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 4
UWE Approach: Overview
Common language for data interchange is a conservative extension of the UML metamodel
UWEmetamodel
An approach for the development of Web applications Based on UML and the Unified Process
Supports requirement elicitation, content, navigation, business process, and presentation modeling
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 5
UWE Metamodel: Navigation
*
Class(Foundation Core)
NavigationNode
Association(Foundation Core)
Link+source
+outLinks
{derived} +inLinks+target1
1
*
Structure
Behavior
NavigationNode StateMachinecontext
0..1
behavior
*
Default State Machine
inv: self.oclAsType(ModelElement).behavior.size() = 1
{derived}
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 6
Example: Online Library
Indexes & Menu: public
Journals, Books and Papers: for registered users only
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 7
Example: Access Control (Naïve)
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 8
Modularization with Aspects: Syntax
Pointcut Advice
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 9
Modularization with Aspects: Weaving
State Machine of AspectState Machine of ClassesResulting State Machine
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 10
Modularization with Aspects: Metamodel
Aspect StateMachinecontext
0..1
behavior{derived}
inv: self.oclAsType(ModelElement).behavior.size() = 1
*
Structure
Behavior
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 11
Aspects of Aspects
Pointcut State Machine of AccessControl
State Machine of Limit
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 12
Conclusions modularized modeling using aspect-oriented state machines weaving result: substates metamodel extension
Future Work formal semantics tool support aspect-oriented UML (AO class diagrams for
modeling user adaptivity summitted to ICWE’05)
Summary
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 13
Thanks for your attention!!
Questions & Answers
We appreciate your feedback [email protected]
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 14
Example: Access Control (Book)
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 15
Example: Access Control (Paper)
G. Zhang et al., Workshop Aspect-Oriented Modeling @ AOSD’05, March 05, Chicago 16
UWE Metamodel: The Big Picture
UML 1.5
UWE
Model Management
Behavioral Elements
Foundation
Foundation
Behavioral Elements Model
Management
Core
ContextUser Environment
PresentationNavigationConceptual
Adaptation Process
Process