At the time I wrote them, my thinking is that they wouldn't implement
them because AOP Alliance is not an industry/JSR standard - so there
are other implementations (like the JBoss one, that I've since removed
until we can focus on a more complete JBoss solution), or maybe
WebLogic or WebSphere that would have a different implementations.
So, I abstracted the little that JSecurity needed into an interface,
and left the specific AOP framework's APIs to implementations.
On Mon, Sep 22, 2008 at 8:52 AM, Jeremy Haile <[EMAIL PROTECTED]> wrote:
> Les,
>
> I'm curious - why don't our method interceptors implement the AOP alliance
> interfaces? This is a pretty standard thing, used by Spring, Guice, etc.
> Either way, seems like the AOP Alliance class is misplaced in the Spring
> module - since AOP Alliance is not Spring-specific. I think this should all
> be moved into core.
>
> Jeremy
>
>
> On Sep 22, 2008, at 8:48 AM, Les Hazlewood wrote:
>
>> Cool!
>>
>> Could you give us a summary of everything that is required to get up
>> and running in Guice? I can add this to a tutorial. If you needed to
>> write any code also, that'd be great to have. :)
>>
>> Thanks!
>>
>> Les
>>
>> On Mon, Sep 22, 2008 at 8:41 AM, Animesh Jain <[EMAIL PROTECTED]>
>> wrote:
>>>
>>> Umm.. i made a very stupid mistake which I just found. All's working well
>>> now. Sorry for bothering :P
>>>
>>> So Les it seems its pretty easy to integrate annotation with Guice, just
>>> one
>>> lie config needed.
>>>
>>> Cheers
>>> Animesh
>>>
>>> On Mon, Sep 22, 2008 at 6:01 PM, Animesh Jain <[EMAIL PROTECTED]>
>>> wrote:
>>>>
>>>> Although it appears that the role check is working. Because the
>>>> annotated
>>>> method is not executing when the roles do not match. But no error is
>>>> being
>>>> thrown and the debugger is not reaching the
>>>> AopAllianceAnnotationsAuthorizingMethodInterceptor class. I've even put
>>>> a
>>>> System.out there and it only prints when the roles match, so its not a
>>>> debugger problem.
>>>>
>>>> I'm lost.
>>>>
>>>> Animesh
>>>>
>>>> On Mon, Sep 22, 2008 at 5:36 PM, Animesh Jain <[EMAIL PROTECTED]>
>>>> wrote:
>>>>>
>>>>> Yes Jeremy, you're right. It works with a slight modification (but..
>>>>> not
>>>>> fully, which I'll explain below) -
>>>>>
>>>>> bindInterceptor(Matchers.any(),
>>>>> Matchers.annotatedWith(RequiresRoles.class), new
>>>>> AopAllianceAnnotationsAuthorizingMethodInterceptor());
>>>>>
>>>>> Basically Guice supports the AOP Alliance api, so
>>>>> RoleAnnotationMethodInterceptor and
>>>>> PermissionAnnotationMethodInterceptor
>>>>> cannot be bound directly as they are not implementing the alliance
>>>>> api's
>>>>> method interceptor. But I think Les has written
>>>>> AopAllianceAnnotationsAuthorizingMethodInterceptor for this very
>>>>> purpose.
>>>>>
>>>>> Now lets come to the problem.. when I login with a user who has a role
>>>>> (lets say "person") and call a method with the annotation
>>>>> RequiresRole("person"), then the
>>>>> AopAllianceAnnotationsAuthorizingMethodInterceptor is getting called
>>>>> and the
>>>>> call is infact going all the way upto RoleAnnotationMethodInterceptor
>>>>> as
>>>>> expected. But if the role is something else then it is supposed to
>>>>> throw a
>>>>> runtime error, which is not happening, the control is not even coming
>>>>> to
>>>>> AopAllianceAnnotationsAuthorizingMethodInterceptor. This is very
>>>>> strange.
>>>>> I'm just using Idea's debugger to see where the calls are going.
>>>>>
>>>>> So basically when all's well i.e. the subject role matches the
>>>>> annotation
>>>>> role, then aop seems to be working. But if the roles are different then
>>>>> aop
>>>>> doesn't seem to be working at all. No errors. Not even getting called.
>>>>>
>>>>> Any clue on what could be happening?
>>>>>
>>>>> Kind regards
>>>>> Animesh
>>>>>
>>>>>
>>>>> On Fri, Sep 19, 2008 at 8:14 PM, Jeremy Haile <[EMAIL PROTECTED]>
>>>>> wrote:
>>>>>>
>>>>>> Animesh,
>>>>>> I only have light experience with Guice, but I know it supports AOP
>>>>>> Alliance method interceptors, just like Spring uses - and just like
>>>>>> JSecurity provides.
>>>>>> I think you'd simply need to bind those method interceptors as
>>>>>> appropriate. I haven't tried it yet, but I imagine something like the
>>>>>> following code would work. Could you please try it out and let me
>>>>>> know if
>>>>>> it works?
>>>>>> binder.bindInterceptor( any(), annotatedWith(RequiresRoles.class), new
>>>>>> RoleAnnotationMethodInterceptor());
>>>>>> binder.bindInterceptor( any(),
>>>>>> annotatedWith(RequiresPermissions.class), new
>>>>>> PermissionAnnotationMethodInterceptor());
>>>>>> Jeremy
>>>>>>
>>>>>>
>>>>>> On Sep 18, 2008, at 1:20 PM, Animesh Jain wrote:
>>>>>>
>>>>>> Well, can't really do the AOP part in Spring and the rest in Guice,
>>>>>> its
>>>>>> just making things unnecessarily intertwined. So I think I'll read up
>>>>>> on
>>>>>> what capabilities Guice has for AOP and try and write a Guice
>>>>>> implementation
>>>>>> for the RequiresRoles and RequiresPermissions tags. Any pointers will
>>>>>> be
>>>>>> appreciated on what I should try to do (on a higher level), because
>>>>>> I've
>>>>>> never tried my hand at AOP before this. Guice does have method
>>>>>> interceptors
>>>>>> I believe and that should be enough here, isn't it?
>>>>>>
>>>>>> Animesh
>>>>>>
>>>>>> On Thu, Sep 18, 2008 at 6:54 PM, Animesh Jain <[EMAIL PROTECTED]>
>>>>>> wrote:
>>>>>>>
>>>>>>> Aah! This helps a lot. So I hope I can use this without using Spring
>>>>>>> for the Jsecurity Realm injection - for that I'm using Guice.
>>>>>>> Anyway.. I'll
>>>>>>> try this asap and update on the results. I think Jsecurity definitely
>>>>>>> needs
>>>>>>> some more documentation in a few areas. I'll try and write down a few
>>>>>>> tutorials when I find time.
>>>>>>>
>>>>>>> Animesh
>>>>>>>
>>>>>>> On Thu, Sep 18, 2008 at 6:45 PM, Jeremy Haile <[EMAIL PROTECTED]>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Animesh,
>>>>>>>>
>>>>>>>> Have you added these bean definitions to Spring?
>>>>>>>>
>>>>>>>> <bean id="lifecycleBeanPostProcessor"
>>>>>>>> class="org.jsecurity.spring.LifecycleBeanPostProcessor"/>
>>>>>>>> <bean
>>>>>>>>
>>>>>>>>
>>>>>>>> class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
>>>>>>>> depends-on="lifecycleBeanPostProcessor"/>
>>>>>>>> <bean
>>>>>>>>
>>>>>>>>
>>>>>>>> class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
>>>>>>>> <property name="securityManager" ref="securityManager"/>
>>>>>>>> </bean>
>>>>>>>>
>>>>>>>> These are declared in webroot/WEB-INF/applicationContext.xml in the
>>>>>>>> spring sample application along with some additional documentation.
>>>>>>>>
>>>>>>>> The first bean helps initialize and destroy JSecurity related beans.
>>>>>>>> The DefaultAdvisorAutoProxyCreator is required to enable Spring's
>>>>>>>> auto-proxying of beans based on annotations. The last bean adds
>>>>>>>> support
>>>>>>>> for auto-proxying method calls to beans that use JSecurity
>>>>>>>> annotations.
>>>>>>>>
>>>>>>>> I hope this helps - let me know if you have more questions!
>>>>>>>>
>>>>>>>> Jeremy
>>>>>>>>
>>>>>>>> On Thu, 18 Sep 2008 18:30:40 +0530, "Animesh Jain"
>>>>>>>> <[EMAIL PROTECTED]> said:
>>>>>>>>>
>>>>>>>>> I guess I'm missing setting it up with some AOP framework is it?
>>>>>>>>>
>>>>>>>>> On Wed, Sep 17, 2008 at 11:25 PM, Animesh Jain
>>>>>>>>> <[EMAIL PROTECTED]>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi
>>>>>>>>>>
>>>>>>>>>> As I understood from the documentation, a checked exception will
>>>>>>>>>> be thrown
>>>>>>>>>> if for eg. a user does not have the role specified by
>>>>>>>>>> @RequiresRoles. But
>>>>>>>>>> nothing's happening, the method gets executed regardless. In my
>>>>>>>>>> particular
>>>>>>>>>> case I want the method to fire only when a user of a particular
>>>>>>>>>> role is
>>>>>>>>>> logged in, but that method is executing even if I try after
>>>>>>>>>> logout. What am
>>>>>>>>>> I missing :|
>>>>>>>>>>
>>>>>>>>>> Animesh
>>>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>
>
