I thought JSecurity can support the application using @RequiresRole and @RequiresAuthentication annotations.
Myoungkyu Les Hazlewood-2 wrote: > > Hi Myoungkyu, > > We don't have any AspectJ-specific code in place to support our code > annotations. You would have to write that yourself. > > The best advice I have is to look at the AOP base support classes: > > http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/ > > and the Spring AOPAlliance implementations: > > http://svn.apache.org/viewvc/incubator/shiro/trunk/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/ > > and see if they give you any ideas as you try to write AspectJ-specific > versions. > > Regards, > > Les > > On Mon, Jun 29, 2009 at 11:27 AM, mksong <[email protected]> wrote: > >> >> Hello, Les >> >> I think it looks like you’re saying that JSecurity can do >> bytecode engineering by means of AspectJ. >> Is it right? If it is true, that is what I try to search. >> If you could send me a small example using annotation for >> adding the security functionality, I’d very appreciate it. >> >> Thank you so much for your reply. >> Myoungkyu >> >> >> >> >> Les Hazlewood-2 wrote: >> > >> > The closest thing Shiro might get to bytecode enhancement might be due >> to >> > an >> > AOP framework that you use that modifies bytecode - but this is a >> choice >> > you >> > make and is not a requirement of the framework. >> > >> > For example, Shiro has code annotations @RequiresRole, >> > @RequiresAuthentication, etc, with which you can annotate code. If the >> > AOP >> > framework configured to support Shiro uses bytecode manipulation, then >> > obviously bytecode changes could enforce the annotations. >> > >> > But this is a factor of the AOP mechanisms you use and is not >> controlled >> > by >> > Shiro directly. AspectJ for example can perform build time or runtime >> > bytecode manipulation to support Shiro annotations, but AOPAlliance >> might >> > use JDK-provided Proxying mechanisms at runtime and no bytecode >> > manipulation. >> > >> > Ultimately though you need to specify somehow how the security >> framework >> > is >> > supposed to execute - either via a Servlet Filter or code @Annotations >> or >> > text-based configuration, or some other mechanism. The developer needs >> to >> > direct the way the security framework behaves. >> > >> > So if you desire bytecode enhancement, then yes, you can have it as >> long >> > as >> > you use something like, say, AspectJ to perform the bytecode >> manipulation >> > which would disover and enforce the Shiro annotations. This is done by >> > writing Advice that calls the Subject API to perform security checks, >> and >> > that Advice is 'weaved' by AspectJ. Shiro does not currently have any >> > AspectJ-specific Advice written - you'd have to do it yourself, but you >> > could look at the classes in org.apache.shiro.aop.* for ideas. >> > >> > Regards, >> > >> > Les >> > >> > On Sun, Jun 28, 2009 at 8:50 PM, mksong <[email protected]> wrote: >> > >> >> >> >> Hello, Manoj >> >> >> >> I am searching a framework which changes the bytecode directly, >> >> without modifying source code. As you knew, this is bytecode >> >> engineering or enhancement. Based on this idea, I thought JSecurity >> >> modified bytecode in order to support a security functionality >> >> relieving a programmer from the burden of having to implement >> >> important security concerns by hand. >> >> >> >> So, is the method of supporting the security functionality a type >> >> of API at JSecurity (or Apache Ki)? >> >> >> >> Myoungkyu >> >> >> >> >> >> >> >> >> >> Manoj Khangaonkar wrote: >> >> > >> >> > Hi Myoungkyu, >> >> > >> >> > Just curious, what kind of security policies are you interested in ? >> >> > Can you give an example. >> >> > >> >> > Authorization policies ( role based or other ) that shiro supports >> >> > does not necessarily require any byte code manipulation. >> >> > >> >> > thanks >> >> > >> >> > Manoj >> >> > >> >> > On 6/28/09, mksong <[email protected]> wrote: >> >> >> >> >> >> Thanks for your reply. >> >> >> >> >> >> For example, Hibernate does not perform any bytecode >> >> >> manipulation on its own, but it uses a proxying library that >> >> >> creates proxies at the bytecode level. >> >> >> >> >> >> If you do not manipulate bytecode, >> >> >> how do you enforce security policies then? >> >> >> >> >> >> Regards, >> >> >> Myoungkyu >> >> >> >> >> >> >> >> >> >> >> >> Les Hazlewood-2 wrote: >> >> >>> >> >> >>> Hiya, >> >> >>> >> >> >>> The project (now named Shiro) does not perform bytecode >> manipulation >> >> of >> >> >>> any >> >> >>> sort. >> >> >>> >> >> >>> Regards, >> >> >>> >> >> >>> Les >> >> >>> >> >> >>> On Sat, Jun 27, 2009 at 11:26 PM, mksong <[email protected]> >> wrote: >> >> >>> >> >> >>>> >> >> >>>> Hello, All >> >> >>>> >> >> >>>> I am carring out an experiment on JSecurity's bytecode >> engineering. >> >> >>>> >> >> >>>> I tested JSecurity to see if the framework would generate any >> >> >>>> >> >> >>>> bytecode related to security or add anything to the existing >> ones. >> >> >>>> >> >> >>>> With the attached log file, I am not sure if JSecurity does >> bytecode >> >> >>>> engineering or not. >> >> >>>> (Here are the log file at loading time and the slide file >> explaing >> >> what >> >> >>>> I >> >> >>>> did: >> >> >>>> >> >> >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/> >> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/> >> >> >>>> >> >> >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/> >> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/>) >> >> >>>> >> >> >>>> Is it true? >> >> >>>> >> >> >>>> -- >> >> >>>> View this message in context: >> >> >>>> >> >> >> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3168851.html >> >> >>>> Sent from the Shiro User mailing list archive at Nabble.com. >> >> >>>> >> >> >>>> >> >> >>> >> >> >>> >> >> >> >> >> >> -- >> >> >> View this message in context: >> >> >> >> >> >> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3170891.html >> >> >> Sent from the Shiro User mailing list archive at Nabble.com. >> >> >> >> >> >> >> >> > >> >> > >> >> >> >> -- >> >> View this message in context: >> >> >> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3171896.html >> >> Sent from the Shiro User mailing list archive at Nabble.com. >> >> >> >> >> > >> > >> >> -- >> View this message in context: >> http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3175117.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3175832.html Sent from the Shiro User mailing list archive at Nabble.com.
