Business Layer Frame

- J.D. Meier, Alex Homer, Jason Taylor, Prashant Bansode, Lonnie Wall, Rob Boucher Jr, Akshay Bogawat

There are several common issues that you must consider as your develop your design. These issues can be categorized into specific areas of the design. The following table lists the common issues for each category where mistakes are most often made.

Category Common issues
Authentication Applying authentication in a business layer when not required.
Designing a custom authentication mechanism.
Failing to use single-sign-on where appropriate.
Authorization Using incorrect granularity for roles.
Using impersonation and delegation when not required.
Mixing authorization code and business processing code.
Business Components Overloading business components, by mixing unrelated functionality.
Mixing data access logic within business logic in business components.
Not considering the use of message-based interfaces to expose business components.
Business Entities Using the Domain Model when not appropriate.
Choosing incorrect data formats for your business entities.
Not considering serialization requirements.
Caching Caching volatile data.
Caching too much data in the business layer.
Failing to cache data in a ready-to-use format.
Caching sensitive data in unencrypted form.
Coupling and Cohesion Tight coupling across layers.
No clear separation of concerns within the business layer.
Failing to use a message-based interface between layers.
Concurrency and Transactions Not preventing concurrent access to static data that is not read-only.
Not choosing the correct data concurrency model.
Using long-running transactions that hold locks on data.
Data Access Accessing the database directly from the business layer.
Mixing data access logic within business logic in business components.
Exception Management Revealing sensitive information to the end user.
Using exceptions to control application flow.
Not logging sufficient detail from exceptions.
Failing to appropriately notify users with useful error messages.
Logging and Instrumentation Failing to add adequate instrumentation to business components.
Failing to log system-critical and business-critical events.
Not suppressing logging failures.
Service Interface Breaking the service interface.
Implementing business rules in the service interface.
Failing to consider interoperability requirements.
Validation Relying on validation that occurs in the presentation layer.
Failure to validate for length, range, format and type.
Not reusing the validation logic.
Workflows Not considering application management requirements.
Choosing an incorrect workflow pattern.
Not considering how to handle all exception states.
Choosing an incorrect workflow technology.

Last edited Feb 2, 2009 at 5:20 PM by prashantbansode, version 1

Comments

No comments yet.