It might be possible to advise the interface. When advising, you may
be layering advice upon a proxy to the service, in which case the
service interface is the best that is known.
The latter case applies to advising a service that has a different
scope than the default, singleton.
On Wed, Aug 5, 2009 at 1:59 PM, Sebastian
Hennebrueder<use...@laliluna.de> wrote:
> Hello,
>
> I am using an advice to add a method based security. While implementing it,
> I were missing access to the advised classes.
>
> The MethodAdviceReceiver interface has no notion about the advised class. As
> a consequence, I can only check the interface not the implementation for
> the annotation @Procteded
>
> See my sample to get an idea, why I would like to read the advised class.
>
> @Match("*Service")
> public static void adviseNonNull(MethodAdviceReceiver receiver) {
> final Logger logger = LoggerFactory.getLogger(AppModule.class);
>
> SecurityServiceImpl service = new SecurityServiceImpl();
>
> for (Method m : receiver.getInterface().getMethods()) {
> Protected annotation = m.getAnnotation(Protected.class);
> if (annotation != null && annotation.rights() != null) {
> MethodSecurityAdvice advice = new
> MethodSecurityAdvice(service, annotation.rights());
> receiver.adviseMethod(m, advice);
> logger.debug("Protecting method {} with rights {}",
> m.getName(), annotation.rights());
> }
> }
> }
>
> The same information is missing in the advise itself. The interface
> Invocation provides no access to the delegate. As a consequence, I cannot
> log which service class blocked the access.
> Once again the code
>
> public void advise(Invocation invocation) {
> ApplicationUser user = securityService.getUser();
>
> boolean hasRight = false;
> if (user != null) {
> for (String right : rights) {
> if (user.hasRight(right)) {
> hasRight = true;
> break;
> }
> }
> }
> if (hasRight)
> invocation.proceed();
> else
> throw new NotAuthorizedException("You are not allowed
> to access " + invocation.getMethodName());
>
> }
>
>
> --
> Best Regards / Viele Grüße
>
> Sebastian Hennebrueder
> -----
> Software Developer and Trainer for Hibernate / Java Persistence
> http://www.laliluna.de
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
Howard M. Lewis Ship
Creator of Apache Tapestry
Director of Open Source Technology at Formos
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
