Hello, Les I think it looks like you’re saying that JSecurity can do bytecode engineering by means of AspectJ. Is it right? If it is true, that is what I try to search. If you could send me a small example using annotation for adding the security functionality, I’d very appreciate it.
Thank you so much for your reply. Myoungkyu Les Hazlewood-2 wrote: > > The closest thing Shiro might get to bytecode enhancement might be due to > an > AOP framework that you use that modifies bytecode - but this is a choice > you > make and is not a requirement of the framework. > > For example, Shiro has code annotations @RequiresRole, > @RequiresAuthentication, etc, with which you can annotate code. If the > AOP > framework configured to support Shiro uses bytecode manipulation, then > obviously bytecode changes could enforce the annotations. > > But this is a factor of the AOP mechanisms you use and is not controlled > by > Shiro directly. AspectJ for example can perform build time or runtime > bytecode manipulation to support Shiro annotations, but AOPAlliance might > use JDK-provided Proxying mechanisms at runtime and no bytecode > manipulation. > > Ultimately though you need to specify somehow how the security framework > is > supposed to execute - either via a Servlet Filter or code @Annotations or > text-based configuration, or some other mechanism. The developer needs to > direct the way the security framework behaves. > > So if you desire bytecode enhancement, then yes, you can have it as long > as > you use something like, say, AspectJ to perform the bytecode manipulation > which would disover and enforce the Shiro annotations. This is done by > writing Advice that calls the Subject API to perform security checks, and > that Advice is 'weaved' by AspectJ. Shiro does not currently have any > AspectJ-specific Advice written - you'd have to do it yourself, but you > could look at the classes in org.apache.shiro.aop.* for ideas. > > Regards, > > Les > > On Sun, Jun 28, 2009 at 8:50 PM, mksong <[email protected]> wrote: > >> >> Hello, Manoj >> >> I am searching a framework which changes the bytecode directly, >> without modifying source code. As you knew, this is bytecode >> engineering or enhancement. Based on this idea, I thought JSecurity >> modified bytecode in order to support a security functionality >> relieving a programmer from the burden of having to implement >> important security concerns by hand. >> >> So, is the method of supporting the security functionality a type >> of API at JSecurity (or Apache Ki)? >> >> Myoungkyu >> >> >> >> >> Manoj Khangaonkar wrote: >> > >> > Hi Myoungkyu, >> > >> > Just curious, what kind of security policies are you interested in ? >> > Can you give an example. >> > >> > Authorization policies ( role based or other ) that shiro supports >> > does not necessarily require any byte code manipulation. >> > >> > thanks >> > >> > Manoj >> > >> > On 6/28/09, mksong <[email protected]> wrote: >> >> >> >> Thanks for your reply. >> >> >> >> For example, Hibernate does not perform any bytecode >> >> manipulation on its own, but it uses a proxying library that >> >> creates proxies at the bytecode level. >> >> >> >> If you do not manipulate bytecode, >> >> how do you enforce security policies then? >> >> >> >> Regards, >> >> Myoungkyu >> >> >> >> >> >> >> >> Les Hazlewood-2 wrote: >> >>> >> >>> Hiya, >> >>> >> >>> The project (now named Shiro) does not perform bytecode manipulation >> of >> >>> any >> >>> sort. >> >>> >> >>> Regards, >> >>> >> >>> Les >> >>> >> >>> On Sat, Jun 27, 2009 at 11:26 PM, mksong <[email protected]> wrote: >> >>> >> >>>> >> >>>> Hello, All >> >>>> >> >>>> I am carring out an experiment on JSecurity's bytecode engineering. >> >>>> >> >>>> I tested JSecurity to see if the framework would generate any >> >>>> >> >>>> bytecode related to security or add anything to the existing ones. >> >>>> >> >>>> With the attached log file, I am not sure if JSecurity does bytecode >> >>>> engineering or not. >> >>>> (Here are the log file at loading time and the slide file explaing >> what >> >>>> I >> >>>> did: >> >>>> >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/> >> >>>> >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/>) >> >>>> >> >>>> Is it true? >> >>>> >> >>>> -- >> >>>> View this message in context: >> >>>> >> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3168851.html >> >>>> Sent from the Shiro User mailing list archive at Nabble.com. >> >>>> >> >>>> >> >>> >> >>> >> >> >> >> -- >> >> View this message in context: >> >> >> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3170891.html >> >> Sent from the Shiro User mailing list archive at Nabble.com. >> >> >> >> >> > >> > >> >> -- >> View this message in context: >> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3171896.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3175117.html Sent from the Shiro User mailing list archive at Nabble.com.
