The closest thing Shiro might get to bytecode enhancement might be due to an AOP framework that you use that modifies bytecode - but this is a choice you make and is not a requirement of the framework.
For example, Shiro has code annotations @RequiresRole, @RequiresAuthentication, etc, with which you can annotate code. If the AOP framework configured to support Shiro uses bytecode manipulation, then obviously bytecode changes could enforce the annotations. But this is a factor of the AOP mechanisms you use and is not controlled by Shiro directly. AspectJ for example can perform build time or runtime bytecode manipulation to support Shiro annotations, but AOPAlliance might use JDK-provided Proxying mechanisms at runtime and no bytecode manipulation. Ultimately though you need to specify somehow how the security framework is supposed to execute - either via a Servlet Filter or code @Annotations or text-based configuration, or some other mechanism. The developer needs to direct the way the security framework behaves. So if you desire bytecode enhancement, then yes, you can have it as long as you use something like, say, AspectJ to perform the bytecode manipulation which would disover and enforce the Shiro annotations. This is done by writing Advice that calls the Subject API to perform security checks, and that Advice is 'weaved' by AspectJ. Shiro does not currently have any AspectJ-specific Advice written - you'd have to do it yourself, but you could look at the classes in org.apache.shiro.aop.* for ideas. Regards, Les On Sun, Jun 28, 2009 at 8:50 PM, mksong <[email protected]> wrote: > > Hello, Manoj > > I am searching a framework which changes the bytecode directly, > without modifying source code. As you knew, this is bytecode > engineering or enhancement. Based on this idea, I thought JSecurity > modified bytecode in order to support a security functionality > relieving a programmer from the burden of having to implement > important security concerns by hand. > > So, is the method of supporting the security functionality a type > of API at JSecurity (or Apache Ki)? > > Myoungkyu > > > > > Manoj Khangaonkar wrote: > > > > Hi Myoungkyu, > > > > Just curious, what kind of security policies are you interested in ? > > Can you give an example. > > > > Authorization policies ( role based or other ) that shiro supports > > does not necessarily require any byte code manipulation. > > > > thanks > > > > Manoj > > > > On 6/28/09, mksong <[email protected]> wrote: > >> > >> Thanks for your reply. > >> > >> For example, Hibernate does not perform any bytecode > >> manipulation on its own, but it uses a proxying library that > >> creates proxies at the bytecode level. > >> > >> If you do not manipulate bytecode, > >> how do you enforce security policies then? > >> > >> Regards, > >> Myoungkyu > >> > >> > >> > >> Les Hazlewood-2 wrote: > >>> > >>> Hiya, > >>> > >>> The project (now named Shiro) does not perform bytecode manipulation of > >>> any > >>> sort. > >>> > >>> Regards, > >>> > >>> Les > >>> > >>> On Sat, Jun 27, 2009 at 11:26 PM, mksong <[email protected]> wrote: > >>> > >>>> > >>>> Hello, All > >>>> > >>>> I am carring out an experiment on JSecurity's bytecode engineering. > >>>> > >>>> I tested JSecurity to see if the framework would generate any > >>>> > >>>> bytecode related to security or add anything to the existing ones. > >>>> > >>>> With the attached log file, I am not sure if JSecurity does bytecode > >>>> engineering or not. > >>>> (Here are the log file at loading time and the slide file explaing > what > >>>> I > >>>> did: > >>>> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> > <http://people.cs.vt.edu/%7Emksong/jsecurity/> > >>>> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> > <http://people.cs.vt.edu/%7Emksong/jsecurity/>) > >>>> > >>>> Is it true? > >>>> > >>>> -- > >>>> View this message in context: > >>>> > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3168851.html > >>>> Sent from the Shiro User mailing list archive at Nabble.com. > >>>> > >>>> > >>> > >>> > >> > >> -- > >> View this message in context: > >> > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3170891.html > >> Sent from the Shiro User mailing list archive at Nabble.com. > >> > >> > > > > > > -- > View this message in context: > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3171896.html > Sent from the Shiro User mailing list archive at Nabble.com. > >
