It might be possible to advise the interface. When advising, you may
be layering advice upon a proxy to the service, in which case the
service interface is the best that is known.

The latter case applies to advising a service that has a different
scope than the default, singleton.

On Wed, Aug 5, 2009 at 1:59 PM, Sebastian
Hennebrueder<use...@laliluna.de> wrote:
> Hello,
>
> I am using an advice to add a method based security. While implementing it,
> I were missing access to the advised classes.
>
> The MethodAdviceReceiver interface has no notion about the advised class. As
> a consequence, I can only check the interface not the implementation for
> the annotation @Procteded
>
> See my sample to get an idea, why I would like to read the advised class.
>
> @Match("*Service")
>   public static void adviseNonNull(MethodAdviceReceiver receiver) {
>       final Logger logger = LoggerFactory.getLogger(AppModule.class);
>
>       SecurityServiceImpl service = new SecurityServiceImpl();
>
>       for (Method m : receiver.getInterface().getMethods()) {
>           Protected annotation = m.getAnnotation(Protected.class);
>           if (annotation != null && annotation.rights() != null) {
>               MethodSecurityAdvice advice = new
> MethodSecurityAdvice(service, annotation.rights());
>               receiver.adviseMethod(m, advice);
>               logger.debug("Protecting method {} with rights {}",
> m.getName(), annotation.rights());
>           }
>       }
>   }
>
> The same information is missing in the advise itself. The interface
> Invocation provides no access to the delegate. As a consequence, I cannot
> log which service class blocked the access.
> Once again the code
>
> public void advise(Invocation invocation) {
>                ApplicationUser user = securityService.getUser();
>
>                boolean hasRight = false;
>                if (user != null) {
>                        for (String right : rights) {
>                                if (user.hasRight(right)) {
>                                        hasRight = true;
>                                        break;
>                                }
>                        }
>                }
>                if (hasRight)
>                        invocation.proceed();
>                else
>                        throw new NotAuthorizedException("You are not allowed
> to access " + invocation.getMethodName());
>
>        }
>
>
> --
> Best Regards / Viele Grüße
>
> Sebastian Hennebrueder
> -----
> Software Developer and Trainer for Hibernate / Java Persistence
> http://www.laliluna.de
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>



-- 
Howard M. Lewis Ship

Creator of Apache Tapestry
Director of Open Source Technology at Formos

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to