Announcement Announcement Module
Collapse
No announcement yet.
Using @annotation with Spring Security Annotations Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using @annotation with Spring Security Annotations

    I have a service interface that has a method that looks like the following:

    Code:
    package com.foo.svcs;
    
    public interface FooService {
       @PreAuthorize("ROLE_USER")
       @com.foo.svcs.CustomAnnotation
       public void doSomething();
    }
    My Spring application context xml configuration file looks partially like:

    HTML Code:
    <bean id="foo" class="com.foo.svcs.FooServiceImpl" />
    
    <sec:global-method-security pre-post-annotations="enabled" access-decision-manager-ref="serviceAccessDecisionManager">
       <sec:expression-handler ref="expressionHandler"/>
    </sec:global-method-security>
    
    <aop:config>
       <aop:advisor pointcut="execution(* com.foo.svcs.*.*(..)) and @annotation(com.foo.svcs.CustomAnnotation)" advice-ref="aceCreator" />
    </aop:config>
    I've found that when using the @annotation pointcut, my advice is not executed (even when removing the execution clause). However, if I do pointcut="bean(foo)" then my advice is executed. I am wondering if the proxies that are being created for the PrePost Spring Security annotation support are "hiding" my custom annotation on the service. Is that what's happening here, or is something else wrong?

  • #2
    If you put your annotation on your FooServiceImpl class, your advice will most likely fire (unless something else is wrong). I had that same problem, since good programing practice says that the interface should have that information, not to mention that I would forget to put it on a MockFooService. I don't understand the logic for that decision, perhaps someone with a better understanding of the internals could explain.

    Comment


    • #3
      Thanks, that does indeed work. However, if I do that, then I cannot get to the annotation which is present on the class from my interceptor (which implements org.aopalliance.intercept.MethodInterceptor):

      Code:
      // invocation is instanceof org.aopalliance.intercept.MethodInvocation
      com.foo.svcs.CustomAnnotation anno = invocation.getMethod().getAnnotation(com.foo.svcs.CustomAnnotation.class);
      Assert.assertNotNull(anno); //this fails, as the annotation is not present on the method invocation
      Would switching to AspectJ aspects and advice allow me to capture that annotation when it is on the class?

      Comment

      Working...
      X