Hello,
I am using an advice to add a method based security. While implementing
it, I were missing access to the advised classes.
The MethodAdviceReceiver interface has no notion about the advised
class. As a consequence, I can only check the interface not the
implementation for
the annotation @Procteded
See my sample to get an idea, why I would like to read the advised class.
@Match("*Service")
public static void adviseNonNull(MethodAdviceReceiver receiver) {
final Logger logger = LoggerFactory.getLogger(AppModule.class);
SecurityServiceImpl service = new SecurityServiceImpl();
for (Method m : receiver.getInterface().getMethods()) {
Protected annotation = m.getAnnotation(Protected.class);
if (annotation != null && annotation.rights() != null) {
MethodSecurityAdvice advice = new
MethodSecurityAdvice(service, annotation.rights());
receiver.adviseMethod(m, advice);
logger.debug("Protecting method {} with rights {}",
m.getName(), annotation.rights());
}
}
}
The same information is missing in the advise itself. The interface Invocation
provides no access to the delegate. As a consequence, I cannot log which
service class blocked the access.
Once again the code
public void advise(Invocation invocation) {
ApplicationUser user = securityService.getUser();
boolean hasRight = false;
if (user != null) {
for (String right : rights) {
if (user.hasRight(right)) {
hasRight = true;
break;
}
}
}
if (hasRight)
invocation.proceed();
else
throw new NotAuthorizedException("You are not allowed to
access " + invocation.getMethodName());
}
--
Best Regards / Viele Grüße
Sebastian Hennebrueder
-----
Software Developer and Trainer for Hibernate / Java Persistence
http://www.laliluna.de
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
