It can, but you need an AOP framework to enable them. We have default support for Spring/AOP Alliance environments. We don't have support at this time for AspectJ environments.
On Mon, Jun 29, 2009 at 1:28 PM, mksong <[email protected]> wrote: > > I thought JSecurity can support the application using @RequiresRole and > @RequiresAuthentication annotations. > > Myoungkyu > > > > Les Hazlewood-2 wrote: > > > > Hi Myoungkyu, > > > > We don't have any AspectJ-specific code in place to support our code > > annotations. You would have to write that yourself. > > > > The best advice I have is to look at the AOP base support classes: > > > > > http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/ > > > > and the Spring AOPAlliance implementations: > > > > > http://svn.apache.org/viewvc/incubator/shiro/trunk/support/spring/src/main/java/org/apache/shiro/spring/security/interceptor/ > > > > and see if they give you any ideas as you try to write AspectJ-specific > > versions. > > > > Regards, > > > > Les > > > > On Mon, Jun 29, 2009 at 11:27 AM, mksong <[email protected]> wrote: > > > >> > >> Hello, Les > >> > >> I think it looks like you’re saying that JSecurity can do > >> bytecode engineering by means of AspectJ. > >> Is it right? If it is true, that is what I try to search. > >> If you could send me a small example using annotation for > >> adding the security functionality, I’d very appreciate it. > >> > >> Thank you so much for your reply. > >> Myoungkyu > >> > >> > >> > >> > >> Les Hazlewood-2 wrote: > >> > > >> > The closest thing Shiro might get to bytecode enhancement might be due > >> to > >> > an > >> > AOP framework that you use that modifies bytecode - but this is a > >> choice > >> > you > >> > make and is not a requirement of the framework. > >> > > >> > For example, Shiro has code annotations @RequiresRole, > >> > @RequiresAuthentication, etc, with which you can annotate code. If > the > >> > AOP > >> > framework configured to support Shiro uses bytecode manipulation, then > >> > obviously bytecode changes could enforce the annotations. > >> > > >> > But this is a factor of the AOP mechanisms you use and is not > >> controlled > >> > by > >> > Shiro directly. AspectJ for example can perform build time or runtime > >> > bytecode manipulation to support Shiro annotations, but AOPAlliance > >> might > >> > use JDK-provided Proxying mechanisms at runtime and no bytecode > >> > manipulation. > >> > > >> > Ultimately though you need to specify somehow how the security > >> framework > >> > is > >> > supposed to execute - either via a Servlet Filter or code @Annotations > >> or > >> > text-based configuration, or some other mechanism. The developer > needs > >> to > >> > direct the way the security framework behaves. > >> > > >> > So if you desire bytecode enhancement, then yes, you can have it as > >> long > >> > as > >> > you use something like, say, AspectJ to perform the bytecode > >> manipulation > >> > which would disover and enforce the Shiro annotations. This is done > by > >> > writing Advice that calls the Subject API to perform security checks, > >> and > >> > that Advice is 'weaved' by AspectJ. Shiro does not currently have any > >> > AspectJ-specific Advice written - you'd have to do it yourself, but > you > >> > could look at the classes in org.apache.shiro.aop.* for ideas. > >> > > >> > Regards, > >> > > >> > Les > >> > > >> > On Sun, Jun 28, 2009 at 8:50 PM, mksong <[email protected]> wrote: > >> > > >> >> > >> >> Hello, Manoj > >> >> > >> >> I am searching a framework which changes the bytecode directly, > >> >> without modifying source code. As you knew, this is bytecode > >> >> engineering or enhancement. Based on this idea, I thought JSecurity > >> >> modified bytecode in order to support a security functionality > >> >> relieving a programmer from the burden of having to implement > >> >> important security concerns by hand. > >> >> > >> >> So, is the method of supporting the security functionality a type > >> >> of API at JSecurity (or Apache Ki)? > >> >> > >> >> Myoungkyu > >> >> > >> >> > >> >> > >> >> > >> >> Manoj Khangaonkar wrote: > >> >> > > >> >> > Hi Myoungkyu, > >> >> > > >> >> > Just curious, what kind of security policies are you interested in > ? > >> >> > Can you give an example. > >> >> > > >> >> > Authorization policies ( role based or other ) that shiro supports > >> >> > does not necessarily require any byte code manipulation. > >> >> > > >> >> > thanks > >> >> > > >> >> > Manoj > >> >> > > >> >> > On 6/28/09, mksong <[email protected]> wrote: > >> >> >> > >> >> >> Thanks for your reply. > >> >> >> > >> >> >> For example, Hibernate does not perform any bytecode > >> >> >> manipulation on its own, but it uses a proxying library that > >> >> >> creates proxies at the bytecode level. > >> >> >> > >> >> >> If you do not manipulate bytecode, > >> >> >> how do you enforce security policies then? > >> >> >> > >> >> >> Regards, > >> >> >> Myoungkyu > >> >> >> > >> >> >> > >> >> >> > >> >> >> Les Hazlewood-2 wrote: > >> >> >>> > >> >> >>> Hiya, > >> >> >>> > >> >> >>> The project (now named Shiro) does not perform bytecode > >> manipulation > >> >> of > >> >> >>> any > >> >> >>> sort. > >> >> >>> > >> >> >>> Regards, > >> >> >>> > >> >> >>> Les > >> >> >>> > >> >> >>> On Sat, Jun 27, 2009 at 11:26 PM, mksong <[email protected]> > >> wrote: > >> >> >>> > >> >> >>>> > >> >> >>>> Hello, All > >> >> >>>> > >> >> >>>> I am carring out an experiment on JSecurity's bytecode > >> engineering. > >> >> >>>> > >> >> >>>> I tested JSecurity to see if the framework would generate any > >> >> >>>> > >> >> >>>> bytecode related to security or add anything to the existing > >> ones. > >> >> >>>> > >> >> >>>> With the attached log file, I am not sure if JSecurity does > >> bytecode > >> >> >>>> engineering or not. > >> >> >>>> (Here are the log file at loading time and the slide file > >> explaing > >> >> what > >> >> >>>> I > >> >> >>>> did: > >> >> >>>> > >> >> > >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> > <http://people.cs.vt.edu/%7Emksong/jsecurity/> > >> <http://people.cs.vt.edu/%7Emksong/jsecurity/> > >> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/> > >> >> >>>> > >> >> > >> http://people.cs.vt.edu/~mksong/jsecurity/<http://people.cs.vt.edu/%7Emksong/jsecurity/> > <http://people.cs.vt.edu/%7Emksong/jsecurity/> > >> <http://people.cs.vt.edu/%7Emksong/jsecurity/> > >> >> <http://people.cs.vt.edu/%7Emksong/jsecurity/>) > >> >> >>>> > >> >> >>>> Is it true? > >> >> >>>> > >> >> >>>> -- > >> >> >>>> View this message in context: > >> >> >>>> > >> >> > >> > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3168851.html > >> >> >>>> Sent from the Shiro User mailing list archive at Nabble.com. > >> >> >>>> > >> >> >>>> > >> >> >>> > >> >> >>> > >> >> >> > >> >> >> -- > >> >> >> View this message in context: > >> >> >> > >> >> > >> > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3170891.html > >> >> >> Sent from the Shiro User mailing list archive at Nabble.com. > >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3171896.html > >> >> Sent from the Shiro User mailing list archive at Nabble.com. > >> >> > >> >> > >> > > >> > > >> > >> -- > >> View this message in context: > >> > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3175117.html > >> Sent from the Shiro User mailing list archive at Nabble.com. > >> > >> > > > > > > -- > View this message in context: > http://n2.nabble.com/About-JSecurity%27s-bytecode-engineering-tp3168851p3175832.html > Sent from the Shiro User mailing list archive at Nabble.com. > >
