Animesh,
I only have light experience with Guice, but I know it supports AOP
Alliance method interceptors, just like Spring uses - and just like
JSecurity provides.
I think you'd simply need to bind those method interceptors as
appropriate. I haven't tried it yet, but I imagine something like the
following code would work. Could you please try it out and let me
know if it works?
binder.bindInterceptor( any(), annotatedWith(RequiresRoles.class), new
RoleAnnotationMethodInterceptor());
binder.bindInterceptor( any(),
annotatedWith(RequiresPermissions.class), new
PermissionAnnotationMethodInterceptor());
Jeremy
On Sep 18, 2008, at 1:20 PM, Animesh Jain wrote:
Well, can't really do the AOP part in Spring and the rest in Guice,
its just making things unnecessarily intertwined. So I think I'll
read up on what capabilities Guice has for AOP and try and write a
Guice implementation for the RequiresRoles and RequiresPermissions
tags. Any pointers will be appreciated on what I should try to do
(on a higher level), because I've never tried my hand at AOP before
this. Guice does have method interceptors I believe and that should
be enough here, isn't it?
Animesh
On Thu, Sep 18, 2008 at 6:54 PM, Animesh Jain <[EMAIL PROTECTED]>
wrote:
Aah! This helps a lot. So I hope I can use this without using Spring
for the Jsecurity Realm injection - for that I'm using Guice.
Anyway.. I'll try this asap and update on the results. I think
Jsecurity definitely needs some more documentation in a few areas.
I'll try and write down a few tutorials when I find time.
Animesh
On Thu, Sep 18, 2008 at 6:45 PM, Jeremy Haile <[EMAIL PROTECTED]>
wrote:
Animesh,
Have you added these bean definitions to Spring?
<bean id="lifecycleBeanPostProcessor"
class="org.jsecurity.spring.LifecycleBeanPostProcessor"/>
<bean
class
=
"org
.springframework
.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean
class
=
"org
.jsecurity
.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
These are declared in webroot/WEB-INF/applicationContext.xml in the
spring sample application along with some additional documentation.
The first bean helps initialize and destroy JSecurity related beans.
The DefaultAdvisorAutoProxyCreator is required to enable Spring's
auto-proxying of beans based on annotations. The last bean adds
support
for auto-proxying method calls to beans that use JSecurity
annotations.
I hope this helps - let me know if you have more questions!
Jeremy
On Thu, 18 Sep 2008 18:30:40 +0530, "Animesh Jain"
<[EMAIL PROTECTED]> said:
> I guess I'm missing setting it up with some AOP framework is it?
>
> On Wed, Sep 17, 2008 at 11:25 PM, Animesh Jain
<[EMAIL PROTECTED]>
> wrote:
>
> > Hi
> >
> > As I understood from the documentation, a checked exception will
be thrown
> > if for eg. a user does not have the role specified by
@RequiresRoles. But
> > nothing's happening, the method gets executed regardless. In my
particular
> > case I want the method to fire only when a user of a particular
role is
> > logged in, but that method is executing even if I try after
logout. What am
> > I missing :|
> >
> > Animesh
> >
