International Journal of Computer & Information Science, Vol. 16, No. 3, July - September 2015 11 ABTC: Multi-purpose Adaptable Business Tier Components Based on Call Level Interfaces Óscar Mortágua Pereira, Rui L. Aguiar Instituto de Telecomunicações, DETI - University of Aveiro, Portugal Abstract Call Level Interfaces (CLI) are low level API that play a key role in database applications whenever a fine tune control between application tiers and the host databases is a key requirement. Unfortunately, in spite of this significant advantage, CLI were not designed to address organizational requirements and contextual runtime requirements. Among the examples we emphasize the need to decouple or not to decouple the development process of business tiers from the development process of application tiers and also the need to automatically adapt to new business and/or security needs at runtime. To tackle these CLI drawbacks, and simultaneously keep their advantages, this paper proposes an architecture relying on CLI from which multi-purpose business tiers components are built, herein referred to as Adaptable Business Tier Components (ABTC). This paper presents the reference architecture for those components and a proof of concept based on Java and Java Database Connectivity (an example of CLI). Keywords: software architecture, components, reuse, access control, information security, call level interfaces. 1. Introduction This paper is an extended version of the paper presented at ICIS 2015 (IEEE ACIS) [1]. Software systems have increasingly played a key role in small, medium and large organizations by managing the data from which everyday decisions are taken. Data is mostly kept and managed by database management systems. Among the several paradigms, the relational database management systems (RDBMS) continue to be one of the most successful to manage data and, therefore, to build database applications. To be useful, data needs to be inserted, updated, retrieved and processed. In this case Call Level Interfaces (CLI) are effective solutions for building business tiers whenever a fine tune control on the interactions with the host databases is a key requirement [2]. The fine tune control comprises not only the services provided by CLI but also the possibility of using the full expressiveness of the SQL language. In spite of these important advantages, CLI convey some drawbacks, hereafter described. __________________________________________ Electronics, Telecommunications and Informatics Department 3810-193 Aveiro, Portugal {omp, ruilaa}@ua.pt Problem definition: CLI are general low level API that do not provide any high level assistance to address organizational requirements and runtime requirements. Three examples are provided: 1) in some organizations, business tiers and application tiers are developed by different actors (people playing different roles); 2) in other organizations, the actor is the same for the two tiers and 3) in some database applications, business tiers need to be dynamically adapted, at runtime, to address runtime needs, for example, to address security policies or to address new business needs. These CLI drawbacks are mainly derived from their technical and architectural aspects. Figure 1 presents a typical and simple case based on a CLI, in this case Java Database Connectivity (JDBC) [3]. Hereafter, all examples use Java, JDBC and the Microsoft Northwind database (http://www.microsoft.com/download/en/details.aspx?id =23654). Figure 1 depicts a program to retrieve data from a table named Products and also to update the attribute unitPrice of a list of products. The list of products to be updated is included in List<Integer> productId and the new values for unitPrice are included in List<BigDecimal> unitPrice (see arguments of method updUnitPrice). The product list is iterated (line 31), the Select expression is prepared and executed (line 32-35), if a product is found (line 36) some attributes are read (line 37-39) and unitPrice is updated (line 40-42). From this example, we can see: a) Organizational requirements: Source-code of business and application tiers is tangled and, therefore, the roles of programmers cannot be decoupled. Programmers play the business tier developer role: when they need to write Create, Read, Update, Delete (CRUD) expressions (line 32); when they need to create the environment to execute them (line 33-35) and when they are requested to master the database schema (line 37,38,41). They play the application tier developer role when they use the application data and the retrieved data (line 32, 37-41). b) Runtime requirements: If any modification occurs in the established access control policies leading to maintenance activities at the level of the business logics, there is no other possibility than making them manually and in advance. For example if an attribute of the returned relation is no more authorized to be selected, it will entail a modification on the Select expression and also on the source code. In reality, CLI were not devised to address any of the presented drawbacks. CLI were mainly devised to tackle the impedance mismatch [4] issue.