Home/ Questions/Q 561323
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T12:26:16+00:00

I have a data access API that say looks something like: public interface IDataAccess

  • 0

I have a data access API that say looks something like:

public interface IDataAccess {
   void save(Doc doc);
   Doc retrieve(DocId id);
   void delete(Doc doc);
}

I need to restrict the operations a user can perform on a document based upon their permissions. The idea I had to do this was to create another API that mirrored the data access operations but also took in the user credential to validate them before performing the operations:

public interface IAuthDataAccess {

   // User is a previously authenticated user
   void save(Doc doc, User user) throws SecurityException;
   ...
}

public class AuthDataAccess implements IAuthDataAccess {
   IAuth auth = ...
   IDataAccess dataAccess = ...

   public void save(Doc doc, User user) throws SecurityException {
      if (auth.saveAllowed(doc, user)) {
         dataAccess.save(doc);
      } else {
         throw new SecurityException("access denied");
      }
   }
   ...
}

The IAuthDataAccess API would be used to access the data layer. Is there a better way to tie the authorization/authentication together with the data access layer?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A better design would be incorporating aspect programming on your code. This can be achieved by using Annotation.

    Example:

    public interface IAuthDataAccess {

   @Restricted
   void save(Doc doc, User user) throws SecurityException;
   ...
}

    Obviously, you have to create other code to do the real check.

    • 0