Although it appears that the role check is working. Because the annotated
method is not executing when the roles do not match. But no error is being
thrown and the debugger is not reaching the
AopAllianceAnnotationsAuthorizingMethodInterceptor class. I've even put a
System.out there and it only prints when the roles match, so its not a
debugger problem.
I'm lost.
Animesh
On Mon, Sep 22, 2008 at 5:36 PM, Animesh Jain <[EMAIL PROTECTED]> wrote:
> Yes Jeremy, you're right. It works with a slight modification (but.. not
> fully, which I'll explain below) -
>
> bindInterceptor(Matchers.any(),
> Matchers.annotatedWith(RequiresRoles.class), new
> AopAllianceAnnotationsAuthorizingMethodInterceptor());
>
> Basically Guice supports the AOP Alliance api, so
> RoleAnnotationMethodInterceptor and PermissionAnnotationMethodInterceptor
> cannot be bound directly as they are not implementing the alliance api's
> method interceptor. But I think Les has written
> AopAllianceAnnotationsAuthorizingMethodInterceptor for this very purpose.
>
> Now lets come to the problem.. when I login with a user who has a role
> (lets say "person") and call a method with the annotation
> RequiresRole("person"), then the
> AopAllianceAnnotationsAuthorizingMethodInterceptor is getting called and the
> call is infact going all the way upto RoleAnnotationMethodInterceptor as
> expected. But if the role is something else then it is supposed to throw a
> runtime error, which is not happening, the control is not even coming to
> AopAllianceAnnotationsAuthorizingMethodInterceptor. This is very strange.
> I'm just using Idea's debugger to see where the calls are going.
>
> So basically when all's well i.e. the subject role matches the annotation
> role, then aop seems to be working. But if the roles are different then aop
> doesn't seem to be working at all. No errors. Not even getting called.
>
> Any clue on what could be happening?
>
> Kind regards
> Animesh
>
>
>
> On Fri, Sep 19, 2008 at 8:14 PM, Jeremy Haile <[EMAIL PROTECTED]> wrote:
>
>> Animesh,
>> I only have light experience with Guice, but I know it supports AOP
>> Alliance method interceptors, just like Spring uses - and just like
>> JSecurity provides.
>>
>> I think you'd simply need to bind those method interceptors as
>> appropriate. I haven't tried it yet, but I imagine something like the
>> following code would work. Could you please try it out and let me know if
>> it works?
>>
>> binder.bindInterceptor( any(), annotatedWith(RequiresRoles.class), new
>> RoleAnnotationMethodInterceptor());
>> binder.bindInterceptor( any(),
>> annotatedWith(RequiresPermissions.class), new
>> PermissionAnnotationMethodInterceptor());
>>
>> Jeremy
>>
>>
>>
>> On Sep 18, 2008, at 1:20 PM, Animesh Jain wrote:
>>
>> Well, can't really do the AOP part in Spring and the rest in Guice, its
>> just making things unnecessarily intertwined. So I think I'll read up on
>> what capabilities Guice has for AOP and try and write a Guice implementation
>> for the RequiresRoles and RequiresPermissions tags. Any pointers will be
>> appreciated on what I should try to do (on a higher level), because I've
>> never tried my hand at AOP before this. Guice does have method interceptors
>> I believe and that should be enough here, isn't it?
>>
>> Animesh
>>
>> On Thu, Sep 18, 2008 at 6:54 PM, Animesh Jain <[EMAIL PROTECTED]>wrote:
>>
>>> Aah! This helps a lot. So I hope I can use this without using Spring for
>>> the Jsecurity Realm injection - for that I'm using Guice. Anyway.. I'll try
>>> this asap and update on the results. I think Jsecurity definitely needs some
>>> more documentation in a few areas. I'll try and write down a few tutorials
>>> when I find time.
>>>
>>> Animesh
>>>
>>>
>>> On Thu, Sep 18, 2008 at 6:45 PM, Jeremy Haile <[EMAIL PROTECTED]>wrote:
>>>
>>>> Animesh,
>>>>
>>>> Have you added these bean definitions to Spring?
>>>>
>>>> <bean id="lifecycleBeanPostProcessor"
>>>> class="org.jsecurity.spring.LifecycleBeanPostProcessor"/>
>>>> <bean
>>>>
>>>> class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
>>>> depends-on="lifecycleBeanPostProcessor"/>
>>>> <bean
>>>>
>>>>
>>>> class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
>>>> <property name="securityManager" ref="securityManager"/>
>>>> </bean>
>>>>
>>>> These are declared in webroot/WEB-INF/applicationContext.xml in the
>>>> spring sample application along with some additional documentation.
>>>>
>>>> The first bean helps initialize and destroy JSecurity related beans.
>>>> The DefaultAdvisorAutoProxyCreator is required to enable Spring's
>>>> auto-proxying of beans based on annotations. The last bean adds support
>>>> for auto-proxying method calls to beans that use JSecurity annotations.
>>>>
>>>> I hope this helps - let me know if you have more questions!
>>>>
>>>> Jeremy
>>>>
>>>> On Thu, 18 Sep 2008 18:30:40 +0530, "Animesh Jain"
>>>> <[EMAIL PROTECTED]> said:
>>>> > I guess I'm missing setting it up with some AOP framework is it?
>>>> >
>>>> > On Wed, Sep 17, 2008 at 11:25 PM, Animesh Jain <[EMAIL PROTECTED]>
>>>> > wrote:
>>>> >
>>>> > > Hi
>>>> > >
>>>> > > As I understood from the documentation, a checked exception will be
>>>> thrown
>>>> > > if for eg. a user does not have the role specified by
>>>> @RequiresRoles. But
>>>> > > nothing's happening, the method gets executed regardless. In my
>>>> particular
>>>> > > case I want the method to fire only when a user of a particular role
>>>> is
>>>> > > logged in, but that method is executing even if I try after logout.
>>>> What am
>>>> > > I missing :|
>>>> > >
>>>> > > Animesh
>>>> > >
>>>>
>>>
>>>
>>
>>
>
