We would like to use AOP to help restrict object access to users who have specific privileges. We would like to use AspectJ.
One way to do this is to use annotations to specify which privileges the class would require. However, this seems a lot like hard-coding. Any change in privileges would require class level changes and a recompile. Granted, there is not much of a chance the privileges will change in the future, but it still rubs me backward. My instinct tells me to stay far away from that.
The other way would be to specify pointcuts for each class. That seems like the same thing, but now it is not in the class itself. Not much better.
Yet another way would be to specify pointcuts for each privilege. This is still hard-coding a bit, but it can be centralized in the aspect, which makes it more flexible. However, recomplie is still required.
As much as I feel like this last option is much better than the first, I feel like I am still missing something.
Is there a better way to do this? Have you ever done anything like this before?
The squeaky wheel gets the grease. Well, that or replaced...