Hi Animesh,
Yep, you're on the right track. Basically in Spring environments,
JSecurity uses the Spring built-in and annotation processing support.
If you look in the Spring sample application's applicationContext.xml
file, you'll see two bean definitions:
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean
class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
That's all it takes in Spring to support annotations because Spring
does all the heavy lifting. If you look at the source for
AuthorizationAttributeSourceAdvisor, you might get ideas on how to do
this same thing in a Guice-specific way.
Btw, please keep track of your Guice integration efforts
(GuiceIniWebConfiguration + annotations, etc). We'd love it if you
could contribute that back to the project!
Please keep us posted!
Regards,
Les
On Thu, Sep 18, 2008 at 1:20 PM, Animesh Jain <[EMAIL PROTECTED]> wrote:
> Well, can't really do the AOP part in Spring and the rest in Guice, its just
> making things unnecessarily intertwined. So I think I'll read up on what
> capabilities Guice has for AOP and try and write a Guice implementation for
> the RequiresRoles and RequiresPermissions tags. Any pointers will be
> appreciated on what I should try to do (on a higher level), because I've
> never tried my hand at AOP before this. Guice does have method interceptors
> I believe and that should be enough here, isn't it?
>
> Animesh
>
> On Thu, Sep 18, 2008 at 6:54 PM, Animesh Jain <[EMAIL PROTECTED]> wrote:
>>
>> Aah! This helps a lot. So I hope I can use this without using Spring for
>> the Jsecurity Realm injection - for that I'm using Guice. Anyway.. I'll try
>> this asap and update on the results. I think Jsecurity definitely needs some
>> more documentation in a few areas. I'll try and write down a few tutorials
>> when I find time.
>>
>> Animesh
>>
>> On Thu, Sep 18, 2008 at 6:45 PM, Jeremy Haile <[EMAIL PROTECTED]> wrote:
>>>
>>> Animesh,
>>>
>>> Have you added these bean definitions to Spring?
>>>
>>> <bean id="lifecycleBeanPostProcessor"
>>> class="org.jsecurity.spring.LifecycleBeanPostProcessor"/>
>>> <bean
>>>
>>> class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
>>> depends-on="lifecycleBeanPostProcessor"/>
>>> <bean
>>>
>>>
>>> class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
>>> <property name="securityManager" ref="securityManager"/>
>>> </bean>
>>>
>>> These are declared in webroot/WEB-INF/applicationContext.xml in the
>>> spring sample application along with some additional documentation.
>>>
>>> The first bean helps initialize and destroy JSecurity related beans.
>>> The DefaultAdvisorAutoProxyCreator is required to enable Spring's
>>> auto-proxying of beans based on annotations. The last bean adds support
>>> for auto-proxying method calls to beans that use JSecurity annotations.
>>>
>>> I hope this helps - let me know if you have more questions!
>>>
>>> Jeremy
>>>
>>> On Thu, 18 Sep 2008 18:30:40 +0530, "Animesh Jain"
>>> <[EMAIL PROTECTED]> said:
>>> > I guess I'm missing setting it up with some AOP framework is it?
>>> >
>>> > On Wed, Sep 17, 2008 at 11:25 PM, Animesh Jain <[EMAIL PROTECTED]>
>>> > wrote:
>>> >
>>> > > Hi
>>> > >
>>> > > As I understood from the documentation, a checked exception will be
>>> > > thrown
>>> > > if for eg. a user does not have the role specified by @RequiresRoles.
>>> > > But
>>> > > nothing's happening, the method gets executed regardless. In my
>>> > > particular
>>> > > case I want the method to fire only when a user of a particular role
>>> > > is
>>> > > logged in, but that method is executing even if I try after logout.
>>> > > What am
>>> > > I missing :|
>>> > >
>>> > > Animesh
>>> > >
>>
>
>
