Blogs

Gary's Blog

> All Tags

XPO - N-Tier, Instance/Field-level Security And Much More in XPO (Coming in v2010 vol 2)

      

Psst, hey you! Yes you… can you keep a secret? You can? Good. Remember we said in our 2010 Roadmap

“The same goes for improvements to security: we shall be adding enough support for the security scenarios needed for XAF in the first part of the year, which will be fleshed out for other scenarios in the second.

Instance and field-level security will be made available in the second half of the year, building on the implementation in XPO from the first half.”

Well I have some news on that front. Coming in 2010.2 there will be some “undocumented features” to help support these required scenarios and I’ll let you in on the secret, if you promise not to tell the team that I told you. Winking smile

We’ve added a new interface, IObjectLayer, the main implementer of this which is SimpleObjectLayer which serves as a bridge between the Session and the IDataLayer. To facilitate this, Session now has a new constructor which takes an implementer of IObjectLayer, in this case SimpleObjectLayer. The old constructor, which took an IDataLayer, still remains but this just creates a SimpleDataLayer for use with the Session, so we’ve maintained compatibility with your legacy code. Here’s a small example of what I’m talking about. Both the constructors in the example below, create a new UnitOfWork with a SimpleObjectLayer…

public void Example()
{
    //Get the data layer
    IDataLayer dataLayer = XpoDefault.GetDataLayer(connectionString, AutoCreateOption.DatabaseAndSchema);

    //Create a new unit of work, passing in a SimpleObjectLayer
    using (UnitOfWork uow = new UnitOfWork(new SimpleObjectLayer(dataLayer)))
    {
        //Do work with the objects
    }

    //SimpleObjectLayer created inside the constructor
    using (UnitOfWork uow = new UnitOfWork(dataLayer))
    {
        //Do work with objects
    }
}

Going forward, the changes we’ve made mean that the source of a Session need not only be a database, but can now be other sessions. To facilitate this we have created an Object, SessionObjectLayer, which will turn any UnitOfWork into a NestedUnitOfWork, like so…

using(UnitOfWork uow = new UnitOfWork(dataLayer)) {
    
    //Create a Person object
    Person person = new Person(uow);
    person.Name = "Thomas Anderson";
    person.Age = 27;
    
    //Save it
    uow.CommitChanges();
    
    //Create a nested UnitOfWork using the new SessionObjectLayer
    using(UnitOfWork nestedUow = new UnitOfWork(new SessionObjectLayer(uow))) {
        
        //Load the Person object by key in a nested UnitOfWork
        Person personNested = nestedUow.GetObjectByKey<Person>(person.Oid);
        
        //Change it
        personNested.Age = 35;
        
        //And save to the basic UnitOfWork
        nestedUow.CommitChanges();
    }

    //Check that the object has changed in the basic UnitOfWork
    System.Diagnostics.Debug.Assert(person.Age == 35);
    uow.CommitChanges();
}

The next step is to serialise objects between a basic and a NestedUnitOfWork. To do this, we created two classes SerializableObjectLayerClient and SerializableObjectLayer, which behave like they are two halves of a SessionObjectLayer object. Meaning that the data that is sent between them, via ISerializableObjectLayer, can be serialised. This means our previous example, becomes…

using(UnitOfWork uow = new UnitOfWork(dataLayer)) {
    
    //Create a Person object
    Person person = new Person(uow);
    person.Name = "Thomas Anderson";
    person.Age = 27;
    
    //Save it
    uow.CommitChanges();
    
    //Create a serialized ObjectLayer
    ISerializableObjectLayer sol = new SerializableObjectLayer(uow);
    
    //Create a client of serializable ObjectLayer
    IObjectLayer ol = new SerializableObjectLayerClient(sol);
    
    //Create a nested UnitOfWork
    using(UnitOfWork nestedUow = new UnitOfWork(ol)) {
            
        //Load the Person object by key in a nested UnitOfWork
        Person personNested = nestedUow.GetObjectByKey<Person>(person.Oid);
        
        //Change it
        personNested.Age = 35;
        
        //And save to the basic UnitOfWork
        nestedUow.CommitChanges();
    }

    //Check that the object has changed in the basic UnitOfWork
    System.Diagnostics.Debug.Assert(person.Age == 35);
    uow.CommitChanges();
}

Of course, the instance of SerializableObjectLayer can be anywhere, on another process, or even on another machine and you can access it via WCF, Remoting or any data transmission technology of your choice. This means that, at last, it is possible to build more complex N-tier systems using XPO! Smile

It also enables a couple of different scenarios. Firstly, thin clients can push complex validation onto a server and simply load the processed objects. Secondly, it enables the long awaited field level and object instance security as the SessionObjectLayer object has a number of options that allow you to implement specific object processing – such as filtering – based on rules for loading and saving. Lastly, you can write a custom implementation of IObjectLayer which would allow you to write a wrapper for other ORMs.

So why’s this stuff going to be undocumented in 10.2? Well it’s because these changes are really there to support the upcoming rewrite of XAF’s security system. As we stated in comments to previous blog posts, this rewrite will not be completed in the 10.2 timeframe so we decided to leave these XPO features undocumented at this time. So remember, no telling the team that I spilled the beans. Winking smile

Well that’s all for this post, until next time, happy XPOI’ing Smile

UPDATE: XPO – 11.1 Sneak Peek - WCF services for IObjectLayer

Published Nov 01 2010, 06:19 PM by Gary Short (DevExpress)
Filed under: , , , ,
Technorati tags: v2010.2, XPO, IDataStore, IObjectLayer, ISerializableObjectLayer
Bookmark and Share

Comments

 

Michael Proctor [DX-Squad] said:

Gary and XPO Team,

Next time your in Cairns, QLD, Australia I will happily suppy you with what ever beverage you desire.

This looks fantastic. now all we need is the beta ;)

November 2, 2010 6:02 AM
 

Gary Short (DevExpress) said:

Michael, if I'm ever in Oz, I'll take you up on that. As for the beta... Real Soon Now... honest! ;-)

November 2, 2010 6:32 AM
 

Luca Poretti said:

"Lastly, you can write a custom implementation of IObjectLayer which would allow you to write a wrapper for other ORMs"

... maybe not a so good news for XPO ...

November 2, 2010 7:49 AM
 

daniel weisel said:

Hi Gary,

Is it possible to provide some code examples for these classes? Since it is undocumented, it will help allot to learn about these so I can get started with implementing my own security system for XAF.

Thanks, and great work DX!  :-)

November 2, 2010 9:09 AM
 

Steve Sharkey said:

Excellent! Now I just need someone to tell me what all that means ;o)

November 2, 2010 9:12 AM
 

Dennis (DevExpress Support) said:

@Daniel: thank you for the feedback! It is possible that we will provide a Code Central example showing some basic features.

As for building your own security system right after 10.2 is out, it may be difficult without a complete documentation. Plus, the current XPO implementation will be further polished, and there definitely will be some changes.

So, I think it is better to wait for the official XAF implementation.

November 2, 2010 10:12 AM
 

Dennis (DevExpress Support) said:

@Luca: We appreciate your feedback greatly.

Could you please email me and specify which features you need and which ones XPO currently lacks (but other ORMs provide)? I will be glad to see this list and provide you with the latest updates on it. Thank you in advance!

November 2, 2010 10:21 AM
 

Dennis (DevExpress Support) said:

@Steve, thank you for your comments.

I believe that once this feature is released, we will have more examples (above and beyond of what Gary already provided: implementing server-side validation, building instance/field level security and distributed applications, etc.), showing when it comes in handy in real life. Please stay tuned!

November 2, 2010 10:24 AM
 

Nate Laff said:

Very nice. I'll wait for XAF do to the heavy lifting for me. I like being able to create Session based UOW though. Did ObjectSpace implement this change, too?

November 2, 2010 10:33 AM
 

Dennis (DevExpress Support) said:

@Nate: With every XAF release ObjectSpace becomes more and more abstracted from XPO. In 10.2, most of XAF methods even deal with the IObjectSpace interface.

However, it is still possible to cast it to the specific ObjectSpace class, access its Session property and do whatever you want with it.

November 2, 2010 11:16 AM
 

Trevor Lane said:

just WOW.

Nothing more apart from WHEN. I am waiting to put it to use right now!!!

fantastic news guys, Thanks.

November 2, 2010 6:28 PM
 

Luca Poretti said:

@Dennis

As many here, I just welcome the long awaited strong n-tier support in XPO. This post seems a good point in this direction.

I'm just wondering about the global devexpress path for XPO.

If this change can provide more abstraction from XPO in XAF, when XAF is completly decupled from XPO, what can prevent devexpress to forget the XPO product ? Maybe this is the last improvment we can see on XPO.

Sorry for my fear, and my bad english, but at this point XPO is far more important for my work than XAF. I see devexpress more and more on XAF and less on XPO (even in this post and followup). Just my 2c.

(please, I'm aware of all the XPO improvment in 2010.2, I'm speaking of the general devx path for XPO here)

November 4, 2010 3:29 AM
 

Dennis (DevExpress Support) said:

@Luca:

Thank you for the detailed reply and your interest in XPO. We appreciate it greatly.

I can assure you that decoupling XAF from XPO does not mean abandoning XPO by DevExpress in any way . This just means that we are clearing XAF's core to be able to perform further improvements more effectively.

Furthermore, the XPO team was doubled recently. And, the improvement shown in this blog is certainly not the last improvement in XPO - it will definitely receive attention and more love in the future, since it is positioned as a very important product for us, and our customers.

Currently, XAF provides the most power with the help of XPO. The latest XAF technology - Domain Components (DC), is also based on a persistent interface, a feature provided by XPO.

So, do be afraid:-)

If you want to discuss the XPO features which you like most, or which you want to see in this product in the future, feel free to email me directly.

November 4, 2010 1:32 PM
More from DevExpress
DevExpress
About Us
Awards
Community Events
User Comments
Careers
Licensing
Contact Information		Press
DevExpress News
Logos
Reviews and Publications
Case Studies
DevExpress on Facebook
DevExpress on Twitter		Support
Knowledge Base
Ask a Question
Report an Issue
Online Documentation
Download Documentation
Technical Blogs		Training
Online Demos
Webinars
Videos
Courses
Partners
DXSquad
MVP Program
Community Group Support		Version History
What's New
Current Version/Build
Version History
Live Chat
Have a pre-sales question?
Need assistance with your evaluation?
We are here to help.
Chat is one of the many ways you can contact members of the DevExpress Team. We are available Monday-Friday between 8:30am and 5:00pm Pacific Time.
If you need additional product information, require pre-sales assistance, or want help with your order, write to us at info@devexpress.com or call us at
+1 (818) 844-3383.
DevExpress engineers feature-complete Presentation Controls, IDE Productivity Tools, Business Application Frameworks, and Reporting Systems for Visual Studio. Whether using WPF, Silverlight, ASP.NET or WinForms, DevExpress tools help you build and deliver your best in the shortest time possible.
Your Privacy - Legal Statements
Copyright © 1998-2012 Developer Express Inc.
ALL RIGHTS RESERVED
All trademarks or registered trademarks
are property of their respective owners