aspose file tools*
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes How to handle securityException in Service layer Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "How to handle securityException in Service layer" Watch "How to handle securityException in Service layer" New topic
Author

How to handle securityException in Service layer

Colin Duggan
Ranch Hand

Joined: Feb 23, 2008
Posts: 41
In my Urlybird DB interface i have an unlock method which throws a RecordNotFoundExecption and SecurityException.

Im wondering how should i handle the SecurityException in my service layer? If the exception is thrown in the first place it means that someone is violating the rules of the api. There doesnt seem to be any point bubling this up to the UI layer?

Should i just override the DB interface unlock method and replace the SecurityException with a RuntimeException or do i need to handle this?? Thanks

Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5534
    
  13

Colin Duggan wrote:There doesnt seem to be any point bubling this up to the UI layer?

You should not handle this exception, because it indicates wrong api usage.


Colin Duggan wrote:Should i just override the DB interface unlock method and replace the SecurityException with a RuntimeException or do i need to handle this??

If you don't want to fail automatically you should not make any changes to the interface you got. In my opinion the SecurityException should be a runtime exception, not a checked exception. Using the search engine of this forum, you'll can find many threads about this topic, e.g. this one.


SCJA, SCJP (1.4 | 5.0 | 6.0), SCJD
http://www.javaroe.be/
Colin Duggan
Ranch Hand

Joined: Feb 23, 2008
Posts: 41
thanks Roel. Had a quick look at some of the other posts but alot of varying answers. (Thats my excuse anyway )

when i say override - i have a custom interface which extends the one supplied by Sun. I think most people have taken this approach. Then in my custom interface i override the unlock method signature
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5534
    
  13

Colin Duggan wrote:when i say override - i have a custom interface which extends the one supplied by Sun. I think most people have taken this approach. Then in my custom interface i override the unlock method signature

As long as you provide a valid override, you don't have to worry (I followed same approach), but if it's declared as a runtime exception no need to override these methods
Colin Duggan
Ranch Hand

Joined: Feb 23, 2008
Posts: 41
I was concerned that because the SecurityException appeared in the throws clause of the Sun interface that it had to be declared as checked but declaring as unchecked makes alot more sense.


The other reason I override the method is because i dont want to throw RNFE so my override just looks like this.




Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5534
    
  13

I would assume you followed same approach for update and delete methods?
Colin Duggan
Ranch Hand

Joined: Feb 23, 2008
Posts: 41
yes, only Runtime exceptions thrown in those methods.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to handle securityException in Service layer