Adding where clauses from database

Question

We are using MyBatis 3.0.3 & Spring 3.0.5 in our project. We are trying to implement data level security through a table which stores where clauses (userid < 200, active == true, ...). So, the problem comes when we want to add a clause to a select query dinamically in execution time. We are thinking about the possibility of using Spring AOP but we are not sure if it is possible or not, if it is a good solution and appart from that we don't know how to implement it. Please share your thoughts. Thanks in advance, Silvia. JavaScript questions and answers, JavaScript questions pdf, JavaScript question bank, JavaScript questions and answers pdf, mcq on JavaScript pdf, JavaScript questions and solutions, JavaScript mcq Test , Interview JavaScript questions, JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)

Answer 1

I think this is possible. Implement the service layer so you can fetch the user (userID) via the security context (Spring security) or you can also give the user as a parameter in your service layer methodes. An example of a possible Aspect implementation: @Aspect public class MyAspect { @Pointcut("within(my.package.MyClass)") public void pointcutClass() { } @Pointcut("execution(* create*(..))") public void pointcutMethod() { } @Pointcut("pointcutClass() && pointcutMethod()") public void myPointcut() { } @Before("myPointcut()") public void checkAuthorization(final JoinPoint joinPoint) { // Fetch User via spring security: Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (principal == null) throw new Exception("No principal found"); if (!(principal instanceof User)) { throw new Exception("principal is not a User"); } User user = (User) principal; // Or fetch User via the joinPoint: Object[] args = joinPoint.getArgs(); User user = (User) args[0] if (user.getUserId == null || user.getUserId > 200) throw new Exception("User is not authorised."); }