On Tue, Nov 20, 2012 at 10:12 AM, Mark Struberg <strub...@yahoo.de> wrote:
> Heh, the other option has been 'privilator' > > Catchy as well, and would have given a nice slogan: 'Privilator - I'll be > secure, baby' > > It's a bit less self-explaining though. > > > We are looking forward to use it in Apache BVal, OpenWebBeans, DeltaSpike > and probably MyFaces for now. > > One thing I like to give a try is to generate private method wrappers in > all _caller_ classes. That would even allow for public helper methods which > are perfectly save. > > This is a point on which Mark and I differ, so if this is implemented I prefer to do it as an option, perhaps using a different annotation, e.g. @RequiresPrivileges. My concern is that there could be any number of callers, so the task of finding and weaving them all is a large one (I wouldn't even know what existing libraries will perform for me a search for all callers of method Foo#bar(), and what about reflection-based invocations?), and it means you can't simply distribute a library and call it "privilized." :) Of course, none of this is anything you can't do with e.g. AspectJ, but as mentioned in the overview the [privilizer] code adds no runtime dependencies (not even its own API jar!). Matt > LieGrue, > strub > > > > ----- Original Message ----- > > From: Matt Benson <gudnabr...@gmail.com> > > To: Commons Developers List <dev@commons.apache.org> > > Cc: > > Sent: Tuesday, November 20, 2012 6:40 AM > > Subject: Re: [privilizer] new sandbox component > > > >G lad to hear it, Phil! I was originally calling it "privileged method > > weaver" but that's a little long for a Commons component. Mark > > Struberg > > came up with "privilizer" for me--short, but still fairly suggestive > > of the > > component's purpose. > > > > Matt > > > > > > On Mon, Nov 19, 2012 at 8:04 PM, Phil Steitz <phil.ste...@gmail.com> > > wrote: > > > >> On 11/19/12 2:42 PM, Matt Benson wrote: > >> > Hi all, > >> > I have recently been working on some code to simplify the task of > >> working > >> > with the Java security APIs and an ASF colleague convinced me that > the > >> > package had a chance of being a viable Commons component. I have > > added > >> it > >> > to the sandbox and it is available on the website by now as well. > >> > Typically code that is too "done" doesn't fare too well > > at the ASF in > >> > general; one obvious improvement that might be made would be the > >> > replacement of Javassist with ASM or perhaps BCEL, but the existing > >> > implementation represented a path of least resistance for me. > Anyway, > >> I'd > >> > be glad for any feedback, questions, or tomatoes. > >> > > >> > Thanks, > >> > Matt > >> > > >> Sweet! I recently had need for exactly this. Lets argue about the > >> name - or not ;) I love it! > >> > >> Phil > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >> For additional commands, e-mail: dev-h...@commons.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >