Using Java Annotations for Access Control && Authorization

Amrish
Amrish
Aug 27, 2017 · 2 min read

Code samples https://github.com/amrish7/android-annotations

Annotations introduced with JDK 1.5 is used to provide syntactic metadata to your classes. At PayPal, I have seen it widely used for reporting purposes, namely, for counting the number of times a specific method has been invoked, among others. There are many more use cases for annotations that are overlooked and this article will cover one such use as a validator to help write better code.

Following is the a common way of providing access/validations to your methods

The repetitive validator logic within each method introduces code-smell from duplicity and it should be avoided. With a little help from ANNOTATIONS and DYNAMIC PROXIES, here is how the same class would look like

As the validations are baked into the annotations, the above refactor makes your class readable, smaller and easier to test. You could in fact go a step further and pull the ‘annotations’ and ‘throw-definitions’ fully into an interface and leave them out of the concrete classes.

Code samples + Demo

In this example, you will see ANNOTATIONS & DYNAMIC PROXIES in action (The code sample is intentionally kept simple in order to get only the idea across).

The first thing to define is an empty annotation that could be used to flag a method for validation

public @interface MyValidator {}

Next, define the interface

public interface ICardGame {
void initialize();

@MyValidator
void start() throws GameNotStartedException;
}

…and here is the implementation of the ICardGame interface

public class Poker implements ICardGame {
public static boolean initialized = false;
@Override
public void initialize() {
initialized = true;
}
@Override
public void start() {
// Game start logic goes here
}
}

So far, we have decorated the Interface with the required annotations and implemented the interface. The missing parts are the logic to intercept calls to start() and perform the validations. Here is where dynamic proxies come in handy.

Following parts assume that you have some background on Dynamic Proxy API’s introduced in Java 1.3. If not, this article should help you with it

The Proxy does a couple of things. Firstly, invoke() method intercepts every method defined in ICardGame.java and secondly, it searches for annotation decorations and performs the actual validations

I next define a BUILDER that returns an instance of Poker class wrapped with the Dynamic Proxy

ICardGame instance retrieved through PokerGameBuilder.getPokerGame() will have all the wirings in place to do the validations.

You are all set


A working Android sample with all these validations could be found here

)
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade