Thanks, Hasini. This is an interesting point. Compared to Web services implementations in the past, we have lost in Thrift the notions of headers and message contexts. Thinking beyond security aspects, do you see other applications for Guice in the Thrift server?
Marlon From: Hasini Gunasinghe <[email protected]<mailto:[email protected]>> Reply-To: dev <[email protected]<mailto:[email protected]>> Date: Sunday, July 19, 2015 at 1:10 PM To: dev <[email protected]<mailto:[email protected]>> Subject: Enforcing cross cutting aspects on Thrift API calls with Guice AOP framework Hi Devs, Just wanted to inform that Guice [1] (an aspect oriented programming framework provided by Google and released under Apache 2.0 license) can be used to enforce cross cutting aspects such as security, logging etc, without embedding the code related to such aspects within the API methods themselves. Since Thrift doesn't support interception of Thrift service calls, earlier, the security enforcement was applied as the first line of execution in each API call, which I felt is not a clean way of doing that. With the support of Guice (about which I got to know from a recent discussion in thrift mailing list), security enforcement could be moved to a separate interceptor and is enforced on each method only by an annotation. Hope the same mechanism could be used to enforce any other cross cutting aspects on the airavata thrift API calls. This change is implemented in the pull request[2], along with API method changes related to security. Thanks, Hasini. [1] https://github.com/google/guice/wiki/AOP#example-forbidding-method-calls-on-weekends [2] https://github.com/apache/airavata/pull/23
