|
I'm implementing AOP security for an application,
and find that there are some process dependencies in security. For example,
while some methods (e.g., createNNN) only require that the user is logged in,
others (such as editNNN) require that the user be both logged in and authorized
for the NNN in question. I can see three possibilities for implementing this and
wondered what the best practice might be.
1. Add all the methods that require authorization
to my LoginAdvisor as well as to the AuthorizationAdvisor, then add both
advisors to the proxy bean.
2. Create a proxy bean that uses the LoginAdvisor
for each proxy bean that uses the AuthorizationAdvisor (double
proxy)
3. Make the AuthorizationAdvice dependent on
the LoginAdvice and call the LoginAdvice's before() method at the top of the
AuthorizationAdvice's before() method.
I see pros and cons to each of these approaches. Is
there one that should be preferred?
Thanks,
Christopher Bradford |
- [coldspring-dev] AOP proxy dependencies Christopher Bradford
- [coldspring-dev] AOP proxy dependencies Chris Scott
